| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EasyScan - Malwarebytes findet nichts - was mach' ich falsch?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.12.2010, 00:01
| #1 |
 |  EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Hallo, hab' mir gestern 'easyscan' eingefangen und bin auf der Suche nach Hilfe auf dieses Forum gestoßen. Befallen ist mein Benutzerkonto (kein Admin) in Vista Home. Bisher versucht: Als Admin Scan mit malwarebytes - nichts gefunden; Scan mit avira - 1 Fund Java/open... - laut avira 'in Quarantäne verschoben' Nach Neustart ist das Problem im Benutzerkonto unverändert vorhanden Wieder als Admin: rkill laufen lassen - es scheint zu laufen, nennt aber keine entfernten Schädlinge Nach Neustart im Benutzerkonto immer noch dasselbe Problem. Ihr erkennt an meiner Beschreibung sicherlich, dass ich Computer-Analphabet bin - ich bitte um Gnade, und ein bisschen Hilfe... |
|
31.12.2010, 00:16
| #2 |
| /// Helfer-Team  | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Hallo dmw und willkommen am Trojaner Board!
__________________Vorweg ein paar Hinweise (Bitte beachten!):
Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung: Poste mir die Logs: Malwarebytes und von Avira. Und dann gehts so weiter: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ |
|
31.12.2010, 00:54
| #3 |
| | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Vielen Dank für die schnelle Antwort.
__________________Ich habe inzwischen (leider noch VOR dem Lesen Deiner Anleitung) über Euren Link Malwarebytes heruntergeladen und scan ausgeführt; das Protokoll hab' ich erst gespeichert und danach auf 'entfernen' geklckt, deshalb steht da 'no action taken': Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5426 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 31.12.2010 00:17:30 mbam-log-2010-12-31 (00-17-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 197673 Laufzeit: 7 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\1h4gdto4bpcl.exe (Rogue.FakeHDD) -> No action taken. c:\programdata\atwvdpkvgjt.exe (Spyware.Zbot) -> No action taken. c:\programdata\pvl0dqdwzyjkhamd.exe (Rogue.FakeHDD) -> No action taken. c:\programdata\HrpDyspw.exe (Rogue.FakeHDD) -> No action taken. c:\programdata\xegx9tirmjpg.exe (Rogue.FakeHDD) -> No action taken. c:\Users\d\AppData\Local\Temp\tmp2A49.tmp (Spyware.Zbot) -> No action taken. Danach hab' ich (wie gesagt, vor Deiner Anleitung) das Benutzerkonto neu gestartet - und jetzt funktioniert es wie vorher; keine komischen Windows-Warnungen, keine 'Festplattenscans') - es fühlt sich alles ganz normal an. Mit Avira Scan usw. kann ich erst morgen weiter machen (oder könnte es sein, dass malware hier schon gereicht hat?). Wenn ich nichts höre, mache ich morgen mit avira scan weiter. Ich hätte auch nichts gegen Neuinstallation - aber die Daten_Dateien müsste ich auf externer Platte sichern und dann wieder ins neue System bringen - ist das OK? Gruß und Danke! |
|
31.12.2010, 01:09
| #4 | ||
| /// Helfer-Team | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Sorry, du solltest die bereits erstellten Logfiles von Avira und Malwarebytes posten anstatt neue zu machen, davon hast du ja oben geschrieben  Zitat:
Zitat:
 Wir können auch versuchen zu bereinigen. Du solltest auf jeden Fall deine Passwörter ändern.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte!  |
|
31.12.2010, 01:53
| #5 |
| | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Die alten Logfiles hab' ich nicht gespeichert. OTL hab' ich grade gemacht: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.12.2010 01:24:52 - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\dw\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 288,09 Gb Total Space | 86,40 Gb Free Space | 29,99% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32 Computer Name: DW-PC | User Name: dw | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe PRC - [2010.12.09 22:51:27 | 005,781,848 | ---- | M] (PokerStars) -- C:\Programme\PokerStars\PokerStars.exe PRC - [2010.11.05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe PRC - [2010.11.05 17:53:52 | 004,098,904 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe PRC - [2010.01.06 19:46:34 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.12.08 14:41:34 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2009.11.21 02:31:27 | 000,466,689 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe PRC - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.07 01:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.29 23:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe PRC - [2008.05.08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2008.05.02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.04.04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2008.03.25 12:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_06\bin\jusched.exe PRC - [2008.03.03 14:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2008.01.21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.16 16:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe ========== Modules (SafeList) ========== MOD - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe MOD - [2008.05.21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll MOD - [2008.01.21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.11.05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay) DRV - [2010.12.21 21:10:32 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.01.27 17:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2009.12.08 14:42:42 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.25 12:44:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.07 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2008.05.08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.04.11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2008.04.10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.03.27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.01 10:41:58 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2008.02.01 10:41:58 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2008.02.01 10:41:58 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2008.01.21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2008.01.21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.01.21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008.01.17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll猀 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1 FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2 FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.4.15 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.2.13 FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 21:53:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.06 19:46:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.27 18:17:23 | 000,000,000 | ---D | M] [2009.09.14 15:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Extensions [2010.12.30 17:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions [2010.03.23 21:08:38 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.12.30 12:07:06 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.03.17 12:04:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.21 22:01:14 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2010.03.17 12:04:08 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\fastYoutubeDownloader@yevgenyandrov.net [2010.03.17 12:04:13 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\smarterwiki@wikiatic.com [2010.03.23 21:08:29 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de [2010.01.20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\dw\AppData\Roaming\Mozilla\FireFox\Profiles\r64qf5o8.default\searchplugins\conduit.xml [2010.12.09 14:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.28 21:53:02 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [FlashGet] C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.30 10:13:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.06.23 07:56:14 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell - "" = AutoRun O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\sh4ldr [2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.12.30 10:11:26 | 000,000,000 | ---D | C] -- C:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP [2010.12.30 10:11:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard [2010.12.30 10:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.12.30 09:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.12.29 23:17:47 | 000,428,544 | ---- | C] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll [2010.12.27 18:17:13 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.12.27 18:17:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.12.27 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\Programme\NOS [2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.12.27 16:35:24 | 000,273,256 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\System32\HPDiscoPM5312.dll [2010.12.27 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Local\HP [2010.12.26 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.12.24 17:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys [2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys [2010.12.24 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\Vso [2010.12.24 16:53:34 | 000,000,000 | ---D | C] -- C:\Programme\VSO [2010.12.23 22:50:50 | 000,000,000 | ---D | C] -- C:\aspi [2010.12.23 22:46:45 | 000,000,000 | ---D | C] -- C:\adaptec [2010.12.23 19:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\click2learn [2010.12.22 11:50:27 | 000,000,000 | ---D | C] -- C:\Programme\Messer [2010.12.21 22:09:18 | 000,000,000 | ---D | C] -- C:\Klett [2010.12.21 22:09:00 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe [2010.12.21 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\dw\Documents\Alcohol 120% [2010.12.21 22:01:16 | 000,000,000 | ---D | C] -- C:\Programme\free-downloads.net [2010.12.21 21:56:54 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft [2010.12.21 13:13:15 | 000,000,000 | ---D | C] -- C:\Programme\A-Ray Scanner [2010.12.09 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\HPAppData [2010.12.09 11:51:10 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft [2010.12.07 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\QuickStoresToolbar [2010.12.07 20:00:55 | 000,000,000 | ---D | C] -- C:\Programme\Audiograbber [2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\EAC [2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\AccurateRip [2010.12.07 19:25:11 | 000,000,000 | ---D | C] -- C:\Programme\Exact Audio Copy [2010.10.03 14:11:32 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Programme\Common Files\keyhelp.ocx [2009.08.25 08:34:45 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2009.08.25 08:34:44 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.31 01:22:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.31 01:22:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.31 01:03:15 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.31 00:34:11 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.31 00:30:23 | 000,681,402 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010.12.31 00:30:23 | 000,638,964 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010.12.31 00:30:23 | 000,148,846 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010.12.31 00:30:23 | 000,120,848 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010.12.31 00:22:56 | 000,352,615 | -H-- | M] () -- C:\windows\System32\drivers\vsconfig.xml [2010.12.31 00:22:50 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe [2010.12.31 00:22:47 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll [2010.12.31 00:22:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010.12.31 00:22:09 | 3216,261,120 | -HS- | M] () -- C:\hiberfil.sys [2010.12.31 00:20:59 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat [2010.12.31 00:20:34 | 000,027,648 | ---- | M] () -- C:\Users\dw\Documents\Malwarebytes.doc [2010.12.31 00:07:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 18:20:55 | 000,428,544 | ---- | M] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll [2010.12.30 10:13:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2010.12.30 10:13:03 | 000,002,071 | ---- | M] () -- C:\Users\dw\Desktop\SpyHunter.lnk [2010.12.30 09:41:47 | 000,000,336 | ---- | M] () -- C:\ProgramData\XeGX9TiRmJpg [2010.12.30 00:46:53 | 000,000,336 | ---- | M] () -- C:\ProgramData\HrpDyspw [2010.12.29 23:58:03 | 000,000,272 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd [2010.12.29 23:58:03 | 000,000,168 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr [2010.12.29 23:55:20 | 000,000,336 | ---- | M] () -- C:\ProgramData\pVl0dQDWZyJkhaMd [2010.12.29 23:49:23 | 000,000,432 | ---- | M] () -- C:\ProgramData\1H4GDTo4bpCl [2010.12.29 23:44:20 | 000,000,272 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpCl [2010.12.29 23:44:20 | 000,000,168 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpClr [2010.12.27 18:17:23 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.27 18:02:21 | 000,000,640 | ---- | M] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job [2010.12.27 16:35:23 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys [2010.12.24 16:59:00 | 000,087,608 | ---- | M] () -- C:\Users\dw\AppData\Roaming\inst.exe [2010.12.24 16:59:00 | 000,007,861 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.cat [2010.12.24 16:59:00 | 000,001,103 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.inf [2010.12.24 16:59:00 | 000,000,125 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.ini [2010.12.24 16:58:52 | 000,000,809 | ---- | M] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk [2010.12.23 23:29:08 | 000,000,124 | ---- | M] () -- C:\Users\dw\Documents\ax_files.xml [2010.12.21 22:01:29 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2010.12.21 21:10:32 | 000,436,792 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys [2010.12.21 13:15:36 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2010.12.21 13:13:15 | 000,000,820 | ---- | M] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010.12.18 07:31:56 | 348,027,293 | ---- | M] () -- C:\windows\MEMORY.DMP [2010.12.09 11:51:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010.12.07 20:00:58 | 000,000,183 | ---- | M] () -- C:\Users\dw\Desktop\QuickStores.url [2010.12.07 20:00:56 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2010.12.07 19:25:13 | 000,000,867 | ---- | M] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.31 00:20:32 | 000,027,648 | ---- | C] () -- C:\Users\dw\Documents\Malwarebytes.doc [2010.12.30 10:13:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2010.12.30 10:13:03 | 000,002,071 | ---- | C] () -- C:\Users\dw\Desktop\SpyHunter.lnk [2010.12.30 09:41:47 | 000,000,336 | ---- | C] () -- C:\ProgramData\XeGX9TiRmJpg [2010.12.30 00:46:53 | 000,000,336 | ---- | C] () -- C:\ProgramData\HrpDyspw [2010.12.29 23:58:03 | 000,000,272 | ---- | C] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd [2010.12.29 23:58:03 | 000,000,168 | ---- | C] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr [2010.12.29 23:55:16 | 000,000,336 | ---- | C] () -- C:\ProgramData\pVl0dQDWZyJkhaMd [2010.12.29 23:44:20 | 000,000,272 | ---- | C] () -- C:\ProgramData\~1H4GDTo4bpCl [2010.12.29 23:44:20 | 000,000,168 | ---- | C] () -- C:\ProgramData\~1H4GDTo4bpClr [2010.12.29 23:42:48 | 000,000,432 | ---- | C] () -- C:\ProgramData\1H4GDTo4bpCl [2010.12.27 18:17:23 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.27 17:34:05 | 000,000,640 | ---- | C] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job [2010.12.27 16:35:23 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2010.12.24 16:54:21 | 000,000,034 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.log [2010.12.24 16:54:04 | 000,087,608 | ---- | C] () -- C:\Users\dw\AppData\Roaming\inst.exe [2010.12.24 16:54:04 | 000,007,861 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.cat [2010.12.24 16:54:04 | 000,001,103 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.inf [2010.12.24 16:54:04 | 000,000,125 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.ini [2010.12.24 16:53:45 | 000,000,809 | ---- | C] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk [2010.12.21 22:07:53 | 000,000,124 | ---- | C] () -- C:\Users\dw\Documents\ax_files.xml [2010.12.21 21:57:02 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2010.12.21 21:10:32 | 000,436,792 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys [2010.12.21 13:13:15 | 000,000,820 | ---- | C] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk [2010.12.09 11:55:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.09 11:51:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010.12.07 20:00:58 | 000,000,183 | ---- | C] () -- C:\Users\dw\Desktop\QuickStores.url [2010.12.07 20:00:56 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2010.12.07 19:25:13 | 000,000,867 | ---- | C] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk [2010.04.03 15:21:47 | 000,000,001 | ---- | C] () -- C:\windows\System32\uuddc32.dll [2010.03.22 16:16:55 | 000,003,584 | ---- | C] () -- C:\Users\dw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.11 22:20:37 | 000,004,865 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2010.03.11 17:50:49 | 000,063,393 | ---- | C] () -- C:\Programme\hminstalllog.txt [2010.02.19 09:53:15 | 000,001,553 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.02.01 13:00:09 | 000,663,552 | ---- | C] () -- C:\windows\System32\Tx12.dll [2010.02.01 13:00:09 | 000,000,530 | ---- | C] () -- C:\windows\System32\tx12_ic.ini [2009.11.04 01:07:07 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Roaming\AVSDVDPlayer.m3u [2009.11.04 00:56:47 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009.11.04 00:56:47 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009.09.29 19:51:59 | 000,000,090 | ---- | C] () -- C:\Users\dw\AppData\Local\fusioncache.dat [2009.09.29 19:51:47 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2009.08.26 16:57:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\QSwitch.txt [2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\DSwitch.txt [2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\AtStart.txt [2009.08.25 08:34:45 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2009.08.25 08:34:45 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2009.08.25 08:34:45 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2008.06.17 05:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll [2008.06.17 05:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll [2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll [2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll [2008.06.17 05:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll [2008.06.17 05:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll [2008.06.17 04:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2008.05.14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2008.05.08 10:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll [2008.04.17 17:29:08 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini [2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll [2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll [1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll ========== LOP Check ========== [2009.10.18 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\BITS [2010.06.22 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\ChessBase [2009.09.26 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\DonationCoder [2010.12.07 19:25:24 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\EAC [2009.09.26 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Engelmann Media [2010.02.28 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\FreeFLVConverter [2009.09.16 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\InterVideo [2010.12.09 12:11:04 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\kikin [2010.01.08 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Notepad++ [2009.08.31 09:24:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Opera [2010.12.07 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\QuickStoresToolbar [2010.09.07 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\SparweltGutschein [2010.03.13 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\uTorrent [2010.12.24 17:00:09 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Vso [2010.12.31 00:21:00 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:2F274350E84658CA @Alternate Data Stream - 22528 bytes -> C:\windows\System32\AUTOCHK.EXE:BAK < End of report > Und: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.12.2010 01:24:52 - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 86,40 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39250603-7F04-4869-B336-04A9028DD866}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4EFD917D-0DE9-414E-9E28-630E83015E9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4163651-1E25-463F-A5AB-915674FACE0C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026BD00D-5936-4FE5-AA1E-CD8E0E54CBED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0AD7BC5C-352A-4557-983E-CE25B41FA3AB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{1BD01C0D-E278-4589-8EAA-770CB6837889}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{208FA400-BCF0-4C0A-83FE-78E748BF8950}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{27BC4B53-7FE7-4A95-B4D0-95C4C92B3214}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3A3155C4-8ED2-491E-99EB-CD8C6FFC6BE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3B20AF4D-AE4A-428E-BA5A-1B759CB19EB1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{43D1CA1E-2D72-4F36-9A17-BB55020AD8D4}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{4F47FC29-6D6C-4998-AC4E-72E79FE689B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{593BD3D2-D8DC-4E3E-A10A-ABBF0AC1E988}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6E7F7097-2856-4E21-AF90-B594D6DB539B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{73F81C72-4CBF-4674-B245-F6A8E9FD82B9}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{81A4233A-62DD-4BC5-A837-849F13AE08B2}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{89BFE268-0855-476F-B535-4FE0AA90DB0D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8AE44CE0-F2B3-4AF8-8274-809F92AC65DC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{AC48C4A1-AC1D-4DC4-AD1C-21AF4E6D3422}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{BC1BE14B-6C33-49F2-9CDE-4BBA10DCB4A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD6F265D-503B-430F-83B1-66E3FDB00D5D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{D03D9D54-599E-471B-87BE-E9053BE749E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D2632666-2A94-4AD4-8371-05E746B31648}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{DC320CD3-31E1-480A-8976-F3D268481192}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{DE890099-40D1-4531-83DC-AF5D2935C49D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EB22A9A0-7FEC-4C28-83E0-973ACF05E29C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe
"{140BAED1-23A8-401F-A722-8BFB0F0E0FAB}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{345D8E42-E1E4-4006-81EB-2C5C0C8F8608}" = SyberiaDemo
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{DEB23231-0851-4E3E-A2DB-EED8A40B0883}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.3
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.30
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Disc Creator_is1" = AVS Disc Creator version 4.1
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.3.0
"Betfair Poker_is1" = Betfair Poker
"Cavern Escape_is1" = Cavern Escape 1.001
"Clever & Smart - A Movie Adventure" = Clever & Smart - A Movie Adventure
"CloneCD" = CloneCD
"Découvertes 2 - SESAM" = Découvertes 2 - SESAM
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Google Chrome" = Google Chrome
"HoldemManager" = Holdem Manager
"hotpot_is1" = HotPotatoes v 6.3.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Notepad++" = Notepad++
"PDF Complete" = PDF Complete
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Projekt W_is1" = Projekt W - Phase 1 (1.2)
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.01
"Scid_is1" = Scid 4.2.2
"Sesam Découvertes 2" = Sesam Découvertes 2 deinstallieren
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.23
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Winload Toolbar" = Winload Toolbar
"WINZD_is1" = WINZD 2010-04
"XMedia Recode" = XMedia Recode 2.1.8.4
"YouTube FLV to AVI Converter Pro_is1" = YouTube FLV to AVI Converter Pro 2.3.0
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2010 18:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 30.12.2010 18:47:07 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 30.12.2010 19:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 30.12.2010 19:22:50 | Computer Name = dw-PC | Source = PostgreSQL | ID = 0
Description = 2010-12-31 00:22:50 CETFATAL: the database system is starting up
Error - 30.12.2010 19:23:19 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 30.12.2010 19:23:43 | Computer Name = dw-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.12.2010 19:30:26 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
0xc0000005, Fehleroffset 0x0001f29a, Prozess-ID 0x340, Anwendungsstartzeit 01cba878a146cb4c.
Error - 30.12.2010 19:37:13 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
0xc0000005, Fehleroffset 0x0001f29a, Prozess-ID 0x1054, Anwendungsstartzeit 01cba87a0e117b7c.
Error - 30.12.2010 19:39:18 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 30.12.2010 20:03:15 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
[ Credential Manager Events ]
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 22.11.2009 18:30:32 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:30:36 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:30:40 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:13 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:16 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:20 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:24 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 19:52:12 | Computer Name = dw-PC | Source = HTTP | ID = 15016
Description =
Error - 22.11.2009 19:52:37 | Computer Name = dw-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 22.11.2009 19:53:19 | Computer Name = dw-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
[/QUOTE] Ich hab' nur den Scan durchführen lassen - und der Versuchung widerstanden auf die verheißungsvollen Buttons 'Fix' und 'Bereinigen' zu klicken, ist das ok? Gruß, dmw |
|
31.12.2010, 16:07
| #6 | |
| /// Helfer-Team | EasyScan - Malwarebytes findet nichts - was mach' ich falsch?Zitat:
1.) Deinstallation von Software
Das Löschen der Toolbars ist optional, wenn du dich von einer ungern trennen möchtest, kannst du sie natürlich auch behalten. Ich persönlich finde Toolbars unnötig/grenzwertig und würde sie deinstallieren. 2.) Fixen mit OTL
3.) Erneuter Systemscan mit OTL
Bitte poste in deiner nächsten Antwort:
__________________ --> EasyScan - Malwarebytes findet nichts - was mach' ich falsch? |
|
31.12.2010, 18:02
| #7 | |
| | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Habe SpyHunter kikin plugin 2.3 AOL Toolbar 5.0 free-downloads.net Toolbar QuickStores-Toolbar 1.2.0 Winload Toolbar deinstalliert; während der Deinstallation haben SpyHunter und zwei oder drei der Toolbars versucht über Internet Explorer ins internet zu gehen, was nicht geklappt hat, weil der IE bei mir schon lange nicht mehr funktioniert - aus der Liste sind sie jedenfalls weg. Google Update Helper hab ich in der Liste der installierten Programme nicht gefunden. Das Log nach dem 'fix': Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.12.2010 17:42:01 - Run 2 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\dw\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 288,09 Gb Total Space | 88,14 Gb Free Space | 30,60% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32 Computer Name: DW-PC | User Name: dw | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe PRC - [2010.01.06 19:46:34 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe PRC - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.16 16:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (SafeList) ========== MOD - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe MOD - [2008.05.21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll MOD - [2008.01.21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay) DRV - [2010.12.21 21:10:32 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.08 14:42:42 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.25 12:44:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.07 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2008.05.08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.04.11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2008.04.10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.03.27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.01 10:41:58 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2008.02.01 10:41:58 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2008.02.01 10:41:58 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2008.01.21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2008.01.21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.01.21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008.01.17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1 FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2 FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.2.13 FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 21:53:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.06 19:46:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.27 18:17:23 | 000,000,000 | ---D | M] [2009.09.14 15:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Extensions [2010.12.31 17:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions [2010.03.23 21:08:38 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.12.31 02:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.03.17 12:04:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.21 22:01:14 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2010.03.17 12:04:08 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\fastYoutubeDownloader@yevgenyandrov.net [2010.03.17 12:04:13 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\smarterwiki@wikiatic.com [2010.03.23 21:08:29 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de [2010.01.20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\dw\AppData\Roaming\Mozilla\FireFox\Profiles\r64qf5o8.default\searchplugins\conduit.xml [2010.12.09 14:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.28 21:53:02 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.30 10:13:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.06.23 07:56:14 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.31 17:23:09 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\HPAppData [2010.12.31 17:12:09 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.12.30 10:11:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard [2010.12.30 10:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.12.30 09:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.12.27 18:17:13 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.12.27 18:17:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.12.27 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\Programme\NOS [2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.12.27 16:35:24 | 000,273,256 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\System32\HPDiscoPM5312.dll [2010.12.27 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Local\HP [2010.12.26 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.12.24 17:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys [2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys [2010.12.24 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\Vso [2010.12.24 16:53:34 | 000,000,000 | ---D | C] -- C:\Programme\VSO [2010.12.23 22:50:50 | 000,000,000 | ---D | C] -- C:\aspi [2010.12.23 22:46:45 | 000,000,000 | ---D | C] -- C:\adaptec [2010.12.23 19:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\click2learn [2010.12.22 11:50:27 | 000,000,000 | ---D | C] -- C:\Programme\Messer [2010.12.21 22:09:18 | 000,000,000 | ---D | C] -- C:\Klett [2010.12.21 22:09:00 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe [2010.12.21 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\dw\Documents\Alcohol 120% [2010.12.21 21:56:54 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft [2010.12.21 13:13:15 | 000,000,000 | ---D | C] -- C:\Programme\A-Ray Scanner [2010.12.09 11:51:10 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft [2010.12.07 20:00:55 | 000,000,000 | ---D | C] -- C:\Programme\Audiograbber [2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\EAC [2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\AccurateRip [2010.12.07 19:25:11 | 000,000,000 | ---D | C] -- C:\Programme\Exact Audio Copy [2010.10.03 14:11:32 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Programme\Common Files\keyhelp.ocx [2009.08.25 08:34:45 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2009.08.25 08:34:44 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2010.12.31 17:25:57 | 000,640,404 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010.12.31 17:25:56 | 000,681,402 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010.12.31 17:25:56 | 000,148,846 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010.12.31 17:25:56 | 000,122,288 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010.12.31 17:21:50 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.31 17:20:31 | 000,352,615 | -H-- | M] () -- C:\windows\System32\drivers\vsconfig.xml [2010.12.31 17:20:20 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe [2010.12.31 17:20:18 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll [2010.12.31 17:19:50 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.31 17:19:50 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.31 17:19:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010.12.31 17:19:41 | 3216,261,120 | -HS- | M] () -- C:\hiberfil.sys [2010.12.31 17:18:22 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat [2010.12.31 17:03:14 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.31 00:20:34 | 000,027,648 | ---- | M] () -- C:\Users\dw\Documents\Malwarebytes.doc [2010.12.31 00:07:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 10:13:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2010.12.27 18:17:23 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.27 18:02:21 | 000,000,640 | ---- | M] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job [2010.12.27 16:35:23 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys [2010.12.24 16:59:00 | 000,007,861 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.cat [2010.12.24 16:59:00 | 000,001,103 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.inf [2010.12.24 16:59:00 | 000,000,125 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.ini [2010.12.24 16:58:52 | 000,000,809 | ---- | M] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk [2010.12.23 23:29:08 | 000,000,124 | ---- | M] () -- C:\Users\dw\Documents\ax_files.xml [2010.12.21 22:01:29 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2010.12.21 21:10:32 | 000,436,792 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys [2010.12.21 13:15:36 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2010.12.21 13:13:15 | 000,000,820 | ---- | M] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010.12.18 07:31:56 | 348,027,293 | ---- | M] () -- C:\windows\MEMORY.DMP [2010.12.09 11:51:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010.12.07 20:00:56 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2010.12.07 19:25:13 | 000,000,867 | ---- | M] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk ========== Files Created - No Company Name ========== [2010.12.31 00:20:32 | 000,027,648 | ---- | C] () -- C:\Users\dw\Documents\Malwarebytes.doc [2010.12.30 10:13:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2010.12.27 18:17:23 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.27 17:34:05 | 000,000,640 | ---- | C] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job [2010.12.27 16:35:23 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2010.12.27 16:35:23 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2010.12.24 16:54:21 | 000,000,034 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.log [2010.12.24 16:54:04 | 000,007,861 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.cat [2010.12.24 16:54:04 | 000,001,103 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.inf [2010.12.24 16:54:04 | 000,000,125 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.ini [2010.12.24 16:53:45 | 000,000,809 | ---- | C] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk [2010.12.21 22:07:53 | 000,000,124 | ---- | C] () -- C:\Users\dw\Documents\ax_files.xml [2010.12.21 21:57:02 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2010.12.21 21:10:32 | 000,436,792 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys [2010.12.21 13:13:15 | 000,000,820 | ---- | C] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk [2010.12.09 11:55:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.09 11:51:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010.12.07 20:00:56 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2010.12.07 19:25:13 | 000,000,867 | ---- | C] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk [2010.04.03 15:21:47 | 000,000,001 | ---- | C] () -- C:\windows\System32\uuddc32.dll [2010.03.22 16:16:55 | 000,003,584 | ---- | C] () -- C:\Users\dw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.11 22:20:37 | 000,004,865 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2010.03.11 17:50:49 | 000,063,393 | ---- | C] () -- C:\Programme\hminstalllog.txt [2010.02.19 09:53:15 | 000,001,553 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.02.01 13:00:09 | 000,663,552 | ---- | C] () -- C:\windows\System32\Tx12.dll [2010.02.01 13:00:09 | 000,000,530 | ---- | C] () -- C:\windows\System32\tx12_ic.ini [2009.11.04 01:07:07 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Roaming\AVSDVDPlayer.m3u [2009.11.04 00:56:47 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009.11.04 00:56:47 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009.09.29 19:51:59 | 000,000,090 | ---- | C] () -- C:\Users\dw\AppData\Local\fusioncache.dat [2009.09.29 19:51:47 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2009.08.26 16:57:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\QSwitch.txt [2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\DSwitch.txt [2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\AtStart.txt [2009.08.25 08:34:45 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2009.08.25 08:34:45 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2009.08.25 08:34:45 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2008.06.17 05:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll [2008.06.17 05:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll [2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll [2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll [2008.06.17 05:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll [2008.06.17 05:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll [2008.06.17 04:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2008.05.14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2008.05.08 10:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll [2008.04.17 17:29:08 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini [2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll [2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll [1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll ========== LOP Check ========== [2009.10.18 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\BITS [2010.06.22 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\ChessBase [2009.09.26 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\DonationCoder [2010.12.07 19:25:24 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\EAC [2009.09.26 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Engelmann Media [2010.02.28 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\FreeFLVConverter [2009.09.16 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\InterVideo [2010.01.08 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Notepad++ [2009.08.31 09:24:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Opera [2010.09.07 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\SparweltGutschein [2010.03.13 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\uTorrent [2010.12.24 17:00:09 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Vso [2010.12.31 17:18:23 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.12.2010 17:42:01 - Run 2
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 88,14 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39250603-7F04-4869-B336-04A9028DD866}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4EFD917D-0DE9-414E-9E28-630E83015E9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4163651-1E25-463F-A5AB-915674FACE0C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026BD00D-5936-4FE5-AA1E-CD8E0E54CBED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0AD7BC5C-352A-4557-983E-CE25B41FA3AB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{1BD01C0D-E278-4589-8EAA-770CB6837889}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{208FA400-BCF0-4C0A-83FE-78E748BF8950}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{27BC4B53-7FE7-4A95-B4D0-95C4C92B3214}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3A3155C4-8ED2-491E-99EB-CD8C6FFC6BE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3B20AF4D-AE4A-428E-BA5A-1B759CB19EB1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{43D1CA1E-2D72-4F36-9A17-BB55020AD8D4}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{4F47FC29-6D6C-4998-AC4E-72E79FE689B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{593BD3D2-D8DC-4E3E-A10A-ABBF0AC1E988}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6E7F7097-2856-4E21-AF90-B594D6DB539B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{73F81C72-4CBF-4674-B245-F6A8E9FD82B9}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{81A4233A-62DD-4BC5-A837-849F13AE08B2}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{89BFE268-0855-476F-B535-4FE0AA90DB0D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8AE44CE0-F2B3-4AF8-8274-809F92AC65DC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{AC48C4A1-AC1D-4DC4-AD1C-21AF4E6D3422}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{BC1BE14B-6C33-49F2-9CDE-4BBA10DCB4A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD6F265D-503B-430F-83B1-66E3FDB00D5D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{D03D9D54-599E-471B-87BE-E9053BE749E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D2632666-2A94-4AD4-8371-05E746B31648}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{DC320CD3-31E1-480A-8976-F3D268481192}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{DE890099-40D1-4531-83DC-AF5D2935C49D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EB22A9A0-7FEC-4C28-83E0-973ACF05E29C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe
"{140BAED1-23A8-401F-A722-8BFB0F0E0FAB}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{345D8E42-E1E4-4006-81EB-2C5C0C8F8608}" = SyberiaDemo
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{DEB23231-0851-4E3E-A2DB-EED8A40B0883}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.30
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Disc Creator_is1" = AVS Disc Creator version 4.1
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.3.0
"Betfair Poker_is1" = Betfair Poker
"Cavern Escape_is1" = Cavern Escape 1.001
"Clever & Smart - A Movie Adventure" = Clever & Smart - A Movie Adventure
"CloneCD" = CloneCD
"Découvertes 2 - SESAM" = Découvertes 2 - SESAM
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Google Chrome" = Google Chrome
"HoldemManager" = Holdem Manager
"hotpot_is1" = HotPotatoes v 6.3.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Notepad++" = Notepad++
"PDF Complete" = PDF Complete
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Projekt W_is1" = Projekt W - Phase 1 (1.2)
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.01
"Scid_is1" = Scid 4.2.2
"Sesam Découvertes 2" = Sesam Découvertes 2 deinstallieren
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.23
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WINZD_is1" = WINZD 2010-04
"XMedia Recode" = XMedia Recode 2.1.8.4
"YouTube FLV to AVI Converter Pro_is1" = YouTube FLV to AVI Converter Pro 2.3.0
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.12.2010 08:51:36 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 31.12.2010 09:00:59 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
0xc0000005, Fehleroffset 0x0001f29a, Prozess-ID 0x1b34, Anwendungsstartzeit 01cba88b5c0114bc.
Error - 31.12.2010 09:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 31.12.2010 10:22:45 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 31.12.2010 11:54:10 | Computer Name = dw-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18000 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 3498 Anfangszeit: 01cba902e18dea50 Zeitpunkt
der Beendigung: 16
Error - 31.12.2010 12:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 31.12.2010 12:20:20 | Computer Name = dw-PC | Source = PostgreSQL | ID = 0
Description = 2010-12-31 17:20:20 CETFATAL: the database system is starting up
Error - 31.12.2010 12:20:49 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
Error - 31.12.2010 12:21:02 | Computer Name = dw-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.12.2010 12:34:06 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description =
[ Credential Manager Events ]
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
d@dw-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: d@dw-PC Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 22.11.2009 18:30:32 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:30:36 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:30:40 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:13 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:16 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:20 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 18:35:24 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 22.11.2009 19:52:12 | Computer Name = dw-PC | Source = HTTP | ID = 15016
Description =
Error - 22.11.2009 19:52:37 | Computer Name = dw-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 22.11.2009 19:53:19 | Computer Name = dw-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Seit ich heute nachmittag den Computer eingeschaltet habe, hat Avira einige Male Alarm geschlagen und meldet 'TR/FakeSysdef.A.53' [trojan], hab' die ersten Male das voreingestellte 'Zugriff verweigern' gelassen, beim letzten Mal dann 'in Quarantäne verschieben angeklickt, seitdem scheint Ruhe zu sein. |
|
31.12.2010, 18:55
| #8 | |
| /// Helfer-Team | EasyScan - Malwarebytes findet nichts - was mach' ich falsch?Zitat:
Avira Antivir - Was wurde gefunden? Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
Im neuen Jahr gehts weiter
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
31.12.2010, 19:04
| #9 | |
| | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Hier noch Avira: Zitat:
|
|
01.01.2011, 14:43
| #10 |
| /// Helfer-Team | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Okay, die Funde hat OTL schon erledigt 1.) Fixen mit OTL
2.) Einstellungen prüfen Stelle sicher, dass bei dir alle Ordner und Dateien angezeigt werden:
3.) Dateiüberprüfung auf Virustotal Besuche Virustotal Suche dort folgende Datei und lade sie über den Button "Send file" hoch. Code:
ATTFilter C:\ProgramData\bltofzsb.qlf
Wenn eine Datei nicht zu finden ist, sag mir bitte Bescheid. Hast du everestpoker.com in die vertrauenswürdigen Sites eingetragen? O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites) Bitte poste in deiner nächsten Antwort:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
01.01.2011, 15:31
| #11 | ||
| | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Schritt 1: Zitat:
Schritt 3: Zitat:
Gruß, dmw |
|
01.01.2011, 15:46
| #12 |
| /// Helfer-Team | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Kleiner Hinweis: Du setzt die Logfiles oft in Zitattags und nicht in Codetags. Am übersichtlichsten ist es, wenn du sie alle in Codetags setzt: Vor das Log schreibst du [Code] und hinter das Log dann [/Code]. Das ganze sieht dann so aus: Code:
ATTFilter Text des Logfiles
1.) Vertrauenswürdige Zone zurücksetzen Lade Trusted_Zonefix.zip herunter.
2.) Malwarebytes Antimalware
3.) Eset Online Scan ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Poste bitte in deiner nächsten Antwort:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
01.01.2011, 16:58
| #13 |
| | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Sorry, ich komme mit diesem trusted zone... nicht zurecht. Ich lade es herunter, entpacke, habe trusted..bat auf dem desktop: doppelklick auf die bat öffnet ein Fenster gebe wie verlangt '1' und 'enter' ein, dann rauscht Text durchs Fenster, zu schnell um etwas zu lesen, dann erfolgt ein Neustart, danach rührt sich 'trusted' nicht mehr, bei erneutem Doppelklick auf die .bat dasselbe Spiel; bekomme (außer am Anfang, 1 eingeben) keinerlei Anweisungen, es ist nach dem Neustart auch kein log zu sehen. |
|
01.01.2011, 22:24
| #14 |
| /// Helfer-Team | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Klingt so, als wäre es ganz normal gelaufen Ich prüfe später noch ob es Erfolg hatte, mach dann mit Malwarebytes weiter.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
01.01.2011, 22:58
| #15 |
| | EasyScan - Malwarebytes findet nichts - was mach' ich falsch? Ich will bestimmt nicht nerven, aber ich hab jetzt auch ein Problem mit malwarebyte: Rel. frischer download vom 30.12., Datenbankversion 5426; wenn ich über Registerkarte 'aktualisierung' nach Aktualisierungen suche, kommt die Fehlermeldung: PROGRAM_ERROR_UPDATING (12029, 0, WinHttpSendRequest) Wenn ich auf den Link 'Click...to download latest version' klicke, kommt die Fehlermeldung: 'Bei der Weitergabe des Befehls an das Programm ist ein Fehler aufgetreten' Ich habe inzwischen auch Probleme mit dem touchpad, das plötzlich leichtes Antippen als Mausclick interpretiert, obwohl ich das (mit synaptech) längst abgestellt hatte. Ich konnte das Programm (synaptech) nicht mehr finden, hab' es deshalb erneut heruntergeladen (über HP support/drivers). Bei der Installation wurde ich aufgefordert, das alte programm erst zu deinstallieren. Ich hab es dann in Einstellungen/Systemsteuerung/Programm deinstallieren auch gefunden: Beim Versuch, es zu deinstallieren, fordert mich windows auf, mich als Admin anzumelden - aber ich bin als admin angemeldet! Ich versteh gar nichts mehr, - soll ich das Notebook gleich wegschmeißen? |
|
| Themen zu EasyScan - Malwarebytes findet nichts - was mach' ich falsch? |
| admin, avira, benutzerkonto, dasselbe, easyscan, eingefangen, erkennt, falsch, forum, gefangen, gen, gestern, hddlow, kein admin, laufen, malwarebytes, nennt, neustart, nichts, problem, quarantäne, schei, suche, verschoben, versucht, verändert, vista |
Button.
Linear-Darstellung
