EasyScan - Malwarebytes findet nichts - was mach' ich falsch?

dmw · 31.12.2010, 00:01

Hallo, hab' mir gestern 'easyscan' eingefangen und bin auf der Suche nach Hilfe auf dieses Forum gestoßen.

Befallen ist mein Benutzerkonto (kein Admin) in Vista Home.
Bisher versucht:
Als Admin
Scan mit malwarebytes - nichts gefunden;
Scan mit avira - 1 Fund Java/open... - laut avira 'in Quarantäne verschoben'

Nach Neustart ist das Problem im Benutzerkonto unverändert vorhanden

Wieder als Admin:

rkill laufen lassen - es scheint zu laufen, nennt aber keine entfernten Schädlinge

Nach Neustart im Benutzerkonto immer noch dasselbe Problem.

Ihr erkennt an meiner Beschreibung sicherlich, dass ich Computer-Analphabet bin - ich bitte um Gnade, und ein bisschen Hilfe...

rea · 31.12.2010, 00:16

Hallo dmw und willkommen am Trojaner Board!

Vorweg ein paar Hinweise (Bitte beachten!):

Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.

Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst.

Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.

Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.

Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.

Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.

Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.

Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis

Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:

Poste mir die Logs: Malwarebytes und von Avira.

Und dann gehts so weiter:

Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

dmw · 31.12.2010, 00:54

Vielen Dank für die schnelle Antwort.
Ich habe inzwischen (leider noch VOR dem Lesen Deiner Anleitung) über Euren Link Malwarebytes heruntergeladen und scan ausgeführt; das Protokoll hab' ich erst gespeichert und danach auf 'entfernen' geklckt, deshalb steht da 'no action taken':
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5426

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

31.12.2010 00:17:30
mbam-log-2010-12-31 (00-17-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 197673
Laufzeit: 7 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\1h4gdto4bpcl.exe (Rogue.FakeHDD) -> No action taken.
c:\programdata\atwvdpkvgjt.exe (Spyware.Zbot) -> No action taken.
c:\programdata\pvl0dqdwzyjkhamd.exe (Rogue.FakeHDD) -> No action taken.
c:\programdata\HrpDyspw.exe (Rogue.FakeHDD) -> No action taken.
c:\programdata\xegx9tirmjpg.exe (Rogue.FakeHDD) -> No action taken.
c:\Users\d\AppData\Local\Temp\tmp2A49.tmp (Spyware.Zbot) -> No action taken.

Danach hab' ich (wie gesagt, vor Deiner Anleitung) das Benutzerkonto neu gestartet - und jetzt funktioniert es wie vorher; keine komischen Windows-Warnungen, keine 'Festplattenscans') - es fühlt sich alles ganz normal an.
Mit Avira Scan usw. kann ich erst morgen weiter machen (oder könnte es sein, dass malware hier schon gereicht hat?).
Wenn ich nichts höre, mache ich morgen mit avira scan weiter.
Ich hätte auch nichts gegen Neuinstallation - aber die Daten_Dateien müsste ich auf externer Platte sichern und dann wieder ins neue System bringen - ist das OK?
Gruß und Danke!

rea · 31.12.2010, 01:09

Sorry, du solltest die bereits erstellten Logfiles von Avira und Malwarebytes posten anstatt neue zu machen, davon hast du ja oben geschrieben

Zitat:

Bisher versucht:
Als Admin
Scan mit malwarebytes - nichts gefunden;
Scan mit avira - 1 Fund Java/open... - laut avira 'in Quarantäne verschoben'

Also ist ein weiterer Scan mit Avira nicht nötig, mach dann einfach mit OTL weiter.

Zitat:

Ich hätte auch nichts gegen Neuinstallation - aber die Daten_Dateien müsste ich auf externer Platte sichern und dann wieder ins neue System bringen - ist das OK?

Sofern du keine Malware mitnimmst und dann später dasselbe Problem wieder hast, ist das schon okay

Wir können auch versuchen zu bereinigen.
Du solltest auf jeden Fall deine Passwörter ändern.

dmw · 31.12.2010, 01:53

Die alten Logfiles hab' ich nicht gespeichert.
OTL hab' ich grade gemacht:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.12.2010 01:24:52 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 86,40 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe
PRC - [2010.12.09 22:51:27 | 005,781,848 | ---- | M] (PokerStars) -- C:\Programme\PokerStars\PokerStars.exe
PRC - [2010.11.05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010.11.05 17:53:52 | 004,098,904 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010.01.06 19:46:34 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.12.08 14:41:34 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009.11.21 02:31:27 | 000,466,689 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.07 01:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.29 23:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2008.05.08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008.05.02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008.03.25 12:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008.03.03 14:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008.01.21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 16:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe
MOD - [2008.05.21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008.01.21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.11.05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay)
DRV - [2010.12.21 21:10:32 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.01.27 17:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.12.08 14:42:42 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.25 12:44:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.07 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.05.08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008.04.10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.01 10:41:58 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008.02.01 10:41:58 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.02.01 10:41:58 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008.01.21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll猀 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.4.15
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.2.13
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 21:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.06 19:46:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.27 18:17:23 | 000,000,000 | ---D | M]
 
[2009.09.14 15:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Extensions
[2010.12.30 17:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions
[2010.03.23 21:08:38 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.12.30 12:07:06 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.03.17 12:04:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.21 22:01:14 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2010.03.17 12:04:08 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.03.17 12:04:13 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\smarterwiki@wikiatic.com
[2010.03.23 21:08:29 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de
[2010.01.20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\dw\AppData\Roaming\Mozilla\FireFox\Profiles\r64qf5o8.default\searchplugins\conduit.xml
[2010.12.09 14:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.28 21:53:02 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FlashGet] C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.30 10:13:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.06.23 07:56:14 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.12.30 10:11:26 | 000,000,000 | ---D | C] -- C:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010.12.30 10:11:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.12.30 10:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.30 09:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.12.29 23:17:47 | 000,428,544 | ---- | C] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll
[2010.12.27 18:17:13 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.12.27 18:17:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.12.27 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.12.27 16:35:24 | 000,273,256 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\System32\HPDiscoPM5312.dll
[2010.12.27 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Local\HP
[2010.12.26 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.12.24 17:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys
[2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys
[2010.12.24 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\Vso
[2010.12.24 16:53:34 | 000,000,000 | ---D | C] -- C:\Programme\VSO
[2010.12.23 22:50:50 | 000,000,000 | ---D | C] -- C:\aspi
[2010.12.23 22:46:45 | 000,000,000 | ---D | C] -- C:\adaptec
[2010.12.23 19:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\click2learn
[2010.12.22 11:50:27 | 000,000,000 | ---D | C] -- C:\Programme\Messer
[2010.12.21 22:09:18 | 000,000,000 | ---D | C] -- C:\Klett
[2010.12.21 22:09:00 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe
[2010.12.21 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\dw\Documents\Alcohol 120%
[2010.12.21 22:01:16 | 000,000,000 | ---D | C] -- C:\Programme\free-downloads.net
[2010.12.21 21:56:54 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft
[2010.12.21 13:13:15 | 000,000,000 | ---D | C] -- C:\Programme\A-Ray Scanner
[2010.12.09 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\HPAppData
[2010.12.09 11:51:10 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft
[2010.12.07 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\QuickStoresToolbar
[2010.12.07 20:00:55 | 000,000,000 | ---D | C] -- C:\Programme\Audiograbber
[2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\EAC
[2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\AccurateRip
[2010.12.07 19:25:11 | 000,000,000 | ---D | C] -- C:\Programme\Exact Audio Copy
[2010.10.03 14:11:32 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Programme\Common Files\keyhelp.ocx
[2009.08.25 08:34:45 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.08.25 08:34:44 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.31 01:22:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 01:22:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 01:03:15 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.31 00:34:11 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.31 00:30:23 | 000,681,402 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.12.31 00:30:23 | 000,638,964 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.12.31 00:30:23 | 000,148,846 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.12.31 00:30:23 | 000,120,848 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.12.31 00:22:56 | 000,352,615 | -H-- | M] () -- C:\windows\System32\drivers\vsconfig.xml
[2010.12.31 00:22:50 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.12.31 00:22:47 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.12.31 00:22:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.12.31 00:22:09 | 3216,261,120 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.31 00:20:59 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.12.31 00:20:34 | 000,027,648 | ---- | M] () -- C:\Users\dw\Documents\Malwarebytes.doc
[2010.12.31 00:07:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 18:20:55 | 000,428,544 | ---- | M] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll
[2010.12.30 10:13:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.12.30 10:13:03 | 000,002,071 | ---- | M] () -- C:\Users\dw\Desktop\SpyHunter.lnk
[2010.12.30 09:41:47 | 000,000,336 | ---- | M] () -- C:\ProgramData\XeGX9TiRmJpg
[2010.12.30 00:46:53 | 000,000,336 | ---- | M] () -- C:\ProgramData\HrpDyspw
[2010.12.29 23:58:03 | 000,000,272 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd
[2010.12.29 23:58:03 | 000,000,168 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr
[2010.12.29 23:55:20 | 000,000,336 | ---- | M] () -- C:\ProgramData\pVl0dQDWZyJkhaMd
[2010.12.29 23:49:23 | 000,000,432 | ---- | M] () -- C:\ProgramData\1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,272 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,168 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpClr
[2010.12.27 18:17:23 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.27 18:02:21 | 000,000,640 | ---- | M] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job
[2010.12.27 16:35:23 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys
[2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys
[2010.12.24 16:59:00 | 000,087,608 | ---- | M] () -- C:\Users\dw\AppData\Roaming\inst.exe
[2010.12.24 16:59:00 | 000,007,861 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.cat
[2010.12.24 16:59:00 | 000,001,103 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.inf
[2010.12.24 16:59:00 | 000,000,125 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.ini
[2010.12.24 16:58:52 | 000,000,809 | ---- | M] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk
[2010.12.23 23:29:08 | 000,000,124 | ---- | M] () -- C:\Users\dw\Documents\ax_files.xml
[2010.12.21 22:01:29 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.12.21 21:10:32 | 000,436,792 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys
[2010.12.21 13:15:36 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.12.21 13:13:15 | 000,000,820 | ---- | M] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.18 07:31:56 | 348,027,293 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010.12.09 11:51:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.12.07 20:00:58 | 000,000,183 | ---- | M] () -- C:\Users\dw\Desktop\QuickStores.url
[2010.12.07 20:00:56 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2010.12.07 19:25:13 | 000,000,867 | ---- | M] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.31 00:20:32 | 000,027,648 | ---- | C] () -- C:\Users\dw\Documents\Malwarebytes.doc
[2010.12.30 10:13:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.12.30 10:13:03 | 000,002,071 | ---- | C] () -- C:\Users\dw\Desktop\SpyHunter.lnk
[2010.12.30 09:41:47 | 000,000,336 | ---- | C] () -- C:\ProgramData\XeGX9TiRmJpg
[2010.12.30 00:46:53 | 000,000,336 | ---- | C] () -- C:\ProgramData\HrpDyspw
[2010.12.29 23:58:03 | 000,000,272 | ---- | C] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd
[2010.12.29 23:58:03 | 000,000,168 | ---- | C] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr
[2010.12.29 23:55:16 | 000,000,336 | ---- | C] () -- C:\ProgramData\pVl0dQDWZyJkhaMd
[2010.12.29 23:44:20 | 000,000,272 | ---- | C] () -- C:\ProgramData\~1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,168 | ---- | C] () -- C:\ProgramData\~1H4GDTo4bpClr
[2010.12.29 23:42:48 | 000,000,432 | ---- | C] () -- C:\ProgramData\1H4GDTo4bpCl
[2010.12.27 18:17:23 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.27 17:34:05 | 000,000,640 | ---- | C] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job
[2010.12.27 16:35:23 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2010.12.24 16:54:21 | 000,000,034 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.log
[2010.12.24 16:54:04 | 000,087,608 | ---- | C] () -- C:\Users\dw\AppData\Roaming\inst.exe
[2010.12.24 16:54:04 | 000,007,861 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.cat
[2010.12.24 16:54:04 | 000,001,103 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.inf
[2010.12.24 16:54:04 | 000,000,125 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.ini
[2010.12.24 16:53:45 | 000,000,809 | ---- | C] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk
[2010.12.21 22:07:53 | 000,000,124 | ---- | C] () -- C:\Users\dw\Documents\ax_files.xml
[2010.12.21 21:57:02 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.12.21 21:10:32 | 000,436,792 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010.12.21 13:13:15 | 000,000,820 | ---- | C] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk
[2010.12.09 11:55:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.09 11:51:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.12.07 20:00:58 | 000,000,183 | ---- | C] () -- C:\Users\dw\Desktop\QuickStores.url
[2010.12.07 20:00:56 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2010.12.07 19:25:13 | 000,000,867 | ---- | C] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk
[2010.04.03 15:21:47 | 000,000,001 | ---- | C] () -- C:\windows\System32\uuddc32.dll
[2010.03.22 16:16:55 | 000,003,584 | ---- | C] () -- C:\Users\dw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.11 22:20:37 | 000,004,865 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010.03.11 17:50:49 | 000,063,393 | ---- | C] () -- C:\Programme\hminstalllog.txt
[2010.02.19 09:53:15 | 000,001,553 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.02.01 13:00:09 | 000,663,552 | ---- | C] () -- C:\windows\System32\Tx12.dll
[2010.02.01 13:00:09 | 000,000,530 | ---- | C] () -- C:\windows\System32\tx12_ic.ini
[2009.11.04 01:07:07 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Roaming\AVSDVDPlayer.m3u
[2009.11.04 00:56:47 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009.11.04 00:56:47 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009.09.29 19:51:59 | 000,000,090 | ---- | C] () -- C:\Users\dw\AppData\Local\fusioncache.dat
[2009.09.29 19:51:47 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2009.08.26 16:57:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\QSwitch.txt
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\DSwitch.txt
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\AtStart.txt
[2009.08.25 08:34:45 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.08.25 08:34:45 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.08.25 08:34:45 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008.06.17 05:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.06.17 05:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.06.17 05:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.06.17 05:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.06.17 04:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.08 10:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008.04.17 17:29:08 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2009.10.18 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\BITS
[2010.06.22 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\ChessBase
[2009.09.26 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\DonationCoder
[2010.12.07 19:25:24 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\EAC
[2009.09.26 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Engelmann Media
[2010.02.28 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\FreeFLVConverter
[2009.09.16 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\InterVideo
[2010.12.09 12:11:04 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\kikin
[2010.01.08 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Notepad++
[2009.08.31 09:24:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Opera
[2010.12.07 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\QuickStoresToolbar
[2010.09.07 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\SparweltGutschein
[2010.03.13 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\uTorrent
[2010.12.24 17:00:09 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Vso
[2010.12.31 00:21:00 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:2F274350E84658CA
@Alternate Data Stream - 22528 bytes -> C:\windows\System32\AUTOCHK.EXE:BAK

< End of report >

--- --- ---

Und:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 31.12.2010 01:24:52 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 86,40 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39250603-7F04-4869-B336-04A9028DD866}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4EFD917D-0DE9-414E-9E28-630E83015E9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4163651-1E25-463F-A5AB-915674FACE0C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026BD00D-5936-4FE5-AA1E-CD8E0E54CBED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0AD7BC5C-352A-4557-983E-CE25B41FA3AB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{1BD01C0D-E278-4589-8EAA-770CB6837889}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{208FA400-BCF0-4C0A-83FE-78E748BF8950}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{27BC4B53-7FE7-4A95-B4D0-95C4C92B3214}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3A3155C4-8ED2-491E-99EB-CD8C6FFC6BE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{3B20AF4D-AE4A-428E-BA5A-1B759CB19EB1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{43D1CA1E-2D72-4F36-9A17-BB55020AD8D4}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{4F47FC29-6D6C-4998-AC4E-72E79FE689B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{593BD3D2-D8DC-4E3E-A10A-ABBF0AC1E988}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{6E7F7097-2856-4E21-AF90-B594D6DB539B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{73F81C72-4CBF-4674-B245-F6A8E9FD82B9}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{81A4233A-62DD-4BC5-A837-849F13AE08B2}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{89BFE268-0855-476F-B535-4FE0AA90DB0D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{8AE44CE0-F2B3-4AF8-8274-809F92AC65DC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{AC48C4A1-AC1D-4DC4-AD1C-21AF4E6D3422}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{BC1BE14B-6C33-49F2-9CDE-4BBA10DCB4A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BD6F265D-503B-430F-83B1-66E3FDB00D5D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{D03D9D54-599E-471B-87BE-E9053BE749E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D2632666-2A94-4AD4-8371-05E746B31648}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{DC320CD3-31E1-480A-8976-F3D268481192}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{DE890099-40D1-4531-83DC-AF5D2935C49D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EB22A9A0-7FEC-4C28-83E0-973ACF05E29C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe
"{140BAED1-23A8-401F-A722-8BFB0F0E0FAB}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{345D8E42-E1E4-4006-81EB-2C5C0C8F8608}" = SyberiaDemo
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{DEB23231-0851-4E3E-A2DB-EED8A40B0883}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.3
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.30
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Disc Creator_is1" = AVS Disc Creator version 4.1
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.3.0
"Betfair Poker_is1" = Betfair Poker
"Cavern Escape_is1" = Cavern Escape 1.001
"Clever & Smart - A Movie Adventure" = Clever & Smart - A Movie Adventure
"CloneCD" = CloneCD
"Découvertes 2 - SESAM" = Découvertes 2 - SESAM
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Google Chrome" = Google Chrome
"HoldemManager" = Holdem Manager
"hotpot_is1" = HotPotatoes v 6.3.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Notepad++" = Notepad++
"PDF Complete" = PDF Complete
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Projekt W_is1" = Projekt W - Phase 1 (1.2)
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.01
"Scid_is1" = Scid 4.2.2
"Sesam Découvertes 2" = Sesam Découvertes 2 deinstallieren
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.23
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Winload Toolbar" = Winload Toolbar
"WINZD_is1" = WINZD 2010-04
"XMedia Recode" = XMedia Recode 2.1.8.4
"YouTube FLV to AVI Converter Pro_is1" = YouTube FLV to AVI Converter Pro 2.3.0
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2010 18:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 18:47:07 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 19:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 19:22:50 | Computer Name = dw-PC | Source = PostgreSQL | ID = 0
Description = 2010-12-31 00:22:50 CETFATAL:  the database system is starting up 
 
Error - 30.12.2010 19:23:19 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 19:23:43 | Computer Name = dw-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.12.2010 19:30:26 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
 fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001f29a,  Prozess-ID 0x340, Anwendungsstartzeit 01cba878a146cb4c.
 
Error - 30.12.2010 19:37:13 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
 fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001f29a,  Prozess-ID 0x1054, Anwendungsstartzeit 01cba87a0e117b7c.
 
Error - 30.12.2010 19:39:18 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 20:03:15 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
[ Credential Manager Events ]
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 22.11.2009 18:30:32 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:30:36 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:30:40 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:13 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:16 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:20 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:24 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 19:52:12 | Computer Name = dw-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.11.2009 19:52:37 | Computer Name = dw-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 22.11.2009 19:53:19 | Computer Name = dw-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---
[/QUOTE]

Ich hab' nur den Scan durchführen lassen - und der Versuchung widerstanden auf die verheißungsvollen Buttons 'Fix' und 'Bereinigen' zu klicken, ist das ok?
Gruß,
dmw

rea · 31.12.2010, 16:07

Zitat:

Ich hab' nur den Scan durchführen lassen - und der Versuchung widerstanden auf die verheißungsvollen Buttons 'Fix' und 'Bereinigen' zu klicken, ist das ok?

Wenn du gern allein weitermachen möchtest, kannst du natürlich rumklicken wie du magst. Ansonsten fänd ich es toll, wenn du die Anleitungen liest und dich auch daran hältst

1.) Deinstallation von Software

-> Start
-> Systemsteuerung
-> Programme und Funktionen
-> Programm deinstallieren

Wähle nun jeweils eine Software aus:

Code:

ATTFilter

SpyHunter
Google Update Helper
kikin plugin 2.3
AOL Toolbar 5.0
free-downloads.net Toolbar
QuickStores-Toolbar 1.2.0
Winload Toolbar

-> ändern/entfernen und deinstallieren.

Das Löschen der Toolbars ist optional, wenn du dich von einer ungern trennen möchtest, kannst du sie natürlich auch behalten. Ich persönlich finde Toolbars unnötig/grenzwertig und würde sie deinstallieren.

2.) Fixen mit OTL

Starte bitte die OTL.exe.
Vista-&Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [FlashGet] C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O32 - AutoRun File - [2005.06.23 07:56:14 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[2010.12.29 23:17:47 | 000,428,544 | ---- | C] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll
[2010.12.30 09:41:47 | 000,000,336 | ---- | M] () -- C:\ProgramData\XeGX9TiRmJpg
[2010.12.30 00:46:53 | 000,000,336 | ---- | M] () -- C:\ProgramData\HrpDyspw
[2010.12.29 23:58:03 | 000,000,272 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd
[2010.12.29 23:58:03 | 000,000,168 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr
[2010.12.29 23:55:20 | 000,000,336 | ---- | M] () -- C:\ProgramData\pVl0dQDWZyJkhaMd
[2010.12.29 23:49:23 | 000,000,432 | ---- | M] () -- C:\ProgramData\1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,272 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,168 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpClr
[2010.12.24 16:59:00 | 000,087,608 | ---- | M] () -- C:\Users\dw\AppData\Roaming\inst.exe
@Alternate Data Stream - 24 bytes -> C:\Windows:2F274350E84658CA
@Alternate Data Stream - 22528 bytes -> C:\windows\System32\AUTOCHK.EXE:BAK
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" =-
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" =-
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" =-
:Commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf OK.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.) Erneuter Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Das Logfile vom OTL-Fix (Schritt 2)
Die beiden Logfiles vom neuen OTL-Scan (Schritt 3)

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?

Plagegeister aller Art und deren Bekämpfung: EasyScan - Malwarebytes findet nichts - was mach' ich falsch?