Kann die host datei nicht bereinigen und CWS.Therealsearch löschen

#1 Hallo Leute,

meine Frau hat sich auf dem rechner einen "Die Polizei hat ihren Computer gesperrt" virus/trojaner was auch immer eingefangen.

ich habe die kiste soweit wieder unter kontrolle. zwei punkte kann kriege ich nicht weg:
1. HijackThis zeigt mir einträge in der hosts an, die dort nicht existiren:
zuerst kommt eine Fehlermeldung, dass HijackThis zur hosts nicht schreiben kann, ich klicke auf OK und lass den scann weiterlaufen. im log sehe ich einträge, welche in der hosts nicht vorhanden sind.

2. wenn ich den cwshreddler.exe ausführe, dann sagt mir das ding, dass er "CWS.Therealsearch" entfernt, doch beim näcshten durchlauf passiert wieder das gleiche. hab auch schon rebootet.

bin für jede unterstützung dankbar

das log von HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:34, on 02.03.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\sysWow64\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/hpcon/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14145 bytes

#2 Hi

1. Poste bitte alle relevanten Logs von Malwarebytes, die bisher erstellt wurden.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

msconfig
safebootminimal
netsvcs

und klicke auf Scan. Poste bitte die OTL.txt und Extras.txt

#3 Hi,

Malwarebytes sagt, dass keine Infizierung festgestellt worden ist deswegen habe ich diese auch nicht gepostet.

Hab das Problem bei der Hosts Datei gefunden. es wurden einträge am ende der datei angehängt. vor den einträgen sind ca. 100 leerzeilen, somit habe ich diese nicht gesehen.

das editieren der hosts datei wird mir jedoch verweigert, da es eine systemdatei ist.

OLT.txt **********************************************************************
OTL logfile created on: 04.03.2012 11:47:38 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Anna\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 53,35% Memory free
7,60 Gb Paging File | 4,71 Gb Available in Paging File | 61,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273,93 Gb Total Space | 114,61 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
Drive D: | 23,86 Gb Total Space | 3,49 Gb Free Space | 14,61% Space Free | Partition Type: NTFS
Drive E: | 257,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANNA-HP | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Anna\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (DvmMDES) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (EgisTec Service) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2E11ECE0-23D4-47AB-9533-F063F15D7A7F}
IE:64bit: - HKLM\..\SearchScopes\{2E11ECE0-23D4-47AB-9533-F063F15D7A7F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{30383055-645F-4644-B43F-23C2AED210B7}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BCC597CF-043C-48FE-96DE-1CEAA8C924CE}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {2E11ECE0-23D4-47AB-9533-F063F15D7A7F}
IE - HKLM\..\SearchScopes\{2E11ECE0-23D4-47AB-9533-F063F15D7A7F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{30383055-645F-4644-B43F-23C2AED210B7}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{BCC597CF-043C-48FE-96DE-1CEAA8C924CE}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1948914649-1097278606-868803289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/1
IE - HKU\S-1-5-21-1948914649-1097278606-868803289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/hpcon/1
IE - HKU\..\SearchScopes,DefaultScope = {B076957C-F76F-4AD1-BC06-3193CDCBB266}
IE - HKU\..\SearchScopes\{2E11ECE0-23D4-47AB-9533-F063F15D7A7F}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\..\SearchScopes\{30383055-645F-4644-B43F-23C2AED210B7}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\..\SearchScopes\{B076957C-F76F-4AD1-BC06-3193CDCBB266}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\..\SearchScopes\{BCC597CF-043C-48FE-96DE-1CEAA8C924CE}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1948914649-1097278606-868803289-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2010.10.02 23:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.08 21:30:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.08 21:30:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012.02.25 17:56:10 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1948914649-1097278606-868803289-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1948914649-1097278606-868803289-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1948914649-1097278606-868803289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1948914649-1097278606-868803289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2C88C-A3A4-4B91-A7EB-271D0A851986}: DhcpNameServer = 195.34.133.21 195.34.133.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{29f101a2-4c06-11e1-94df-82bd3968db88}\Shell - "" = AutoRun
O33 - MountPoints2\{29f101a2-4c06-11e1-94df-82bd3968db88}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\Shell - "" = AutoRun
O33 - MountPoints2\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\Shell - "" = AutoRun
O33 - MountPoints2\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\Shell - "" = AutoRun
O33 - MountPoints2\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\Shell - "" = AutoRun
O33 - MountPoints2\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell - "" = AutoRun
O33 - MountPoints2\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell - "" = AutoRun
O33 - MountPoints2\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.03.04 10:48:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{A73BA2B0-ABA9-450F-B165-EF75D740FC25}
[2012.03.04 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EF60E9F2-11FC-47D3-A479-399ACFFBA36B}
[2012.03.03 22:22:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4DF25E3D-6B62-4D96-BB3B-EAD21F4550FD}
[2012.03.03 22:22:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9B465012-F7F5-4345-A82E-264CC1D2FA43}
[2012.03.03 10:21:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{8C63602A-14D0-432F-BFE4-6D65945E7F8E}
[2012.03.03 10:21:43 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7DC6B2B2-E2D6-4574-9DFB-D0C82806611D}
[2012.03.02 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DD5B45E5-6A9A-44D4-93F4-9B3B37F1378D}
[2012.03.02 22:21:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1A1D3EF2-C663-4EBE-BCE3-08090BAD70C4}
[2012.03.02 10:20:52 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C32997ED-E257-4433-860A-A699FEC606E3}
[2012.03.02 10:20:41 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1FA72D94-1EBE-4F1C-8561-6F6DDFF9EB1B}
[2012.03.01 22:20:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{24B7C526-D8D9-4764-9A60-9343675C6D39}
[2012.03.01 22:20:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C14B4485-38A7-4A0B-9C1F-76D075224F7B}
[2012.03.01 10:20:04 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{0F6B3D6A-A2CB-4FB1-8B94-8D6962E0C2BD}
[2012.03.01 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EA4EC20B-B27F-45CA-BEEA-B902BCD740DB}
[2012.02.29 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2012.02.29 23:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.29 23:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.29 23:21:47 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.29 23:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.29 22:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.02.29 22:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.29 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{D173D6FD-6482-44CC-8667-D18AE12C59EF}
[2012.02.29 22:19:16 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C02CFA78-0D5E-423F-BEDC-F703C6B07C53}
[2012.02.29 21:58:56 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.02.29 21:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.02.29 10:18:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BE584FA0-C8D6-4DB1-B4E8-4824DE858ABB}
[2012.02.29 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E0A5013C-8C21-4A51-9452-45FC5CFD4FDD}
[2012.02.28 22:18:27 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{16A8422F-E7C8-4C40-AD8D-4B996CEB4BB8}
[2012.02.28 22:18:16 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BA982899-E0AA-45BC-A918-DC0CB97B9766}
[2012.02.28 09:54:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{A80C80B7-B08A-4FC8-B097-57E1B8931E55}
[2012.02.28 09:54:11 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{89D4EB76-23F3-42CF-85D5-D4509FA3DED1}
[2012.02.27 21:53:58 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BC7D01F2-4D59-429D-A56E-63C985139C75}
[2012.02.27 21:53:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{534B8760-AD4C-4C81-8489-F727F81A92C7}
[2012.02.27 09:53:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FEB5134D-7474-4824-A180-F2CA492BDC90}
[2012.02.27 09:53:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{3B30DD44-35F8-43CE-979C-81803129E04E}
[2012.02.26 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9927ACDA-C4FD-4EAA-BE4A-A48E892025F3}
[2012.02.26 21:52:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{634216C3-0C4A-4362-A694-5DF932A5EAB2}
[2012.02.26 09:52:34 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7FF8D88A-1BD9-4499-AFFC-2A09AC9F8A3A}
[2012.02.26 09:52:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C17132B3-C64E-451B-8670-C7FA0864582D}
[2012.02.25 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1152E14A-4B24-4358-B8B2-CC0B819CFEDA}
[2012.02.25 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DD6BCB96-E967-4031-A8AB-B4BC78370C1F}
[2012.02.25 17:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\e3d492ef
[2012.02.25 08:34:19 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{19D3FF4F-0A4C-4D1C-B8C2-81FB4E7D154F}
[2012.02.25 08:34:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F488C899-CCE5-499C-B94C-BA3B7F076F62}
[2012.02.24 19:25:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{2661F9F8-5CCC-4D17-842B-3D0BCA43566B}
[2012.02.24 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{68DD9E2C-2E46-4040-8A8A-7EFCB4AF13EC}
[2012.02.24 07:25:05 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4FA9CF74-4E58-4F63-89E2-7E07217C2D7D}
[2012.02.24 07:24:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{52ED9E40-4118-4A4F-966D-ACC0F12D4A68}
[2012.02.23 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{B9C3C171-9083-4FB8-A050-FFCA742305F7}
[2012.02.23 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E751A813-5650-45A8-88FD-8D19A8DFD2FB}
[2012.02.22 22:12:28 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{2C1719F6-CEAF-43C9-A101-3FAB00571D51}
[2012.02.22 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{6653D508-CAD0-4E6E-87F7-58ADA28FDF10}
[2012.02.22 10:12:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{22F2D399-5CC4-4A0E-9FA3-CDA1980ED354}
[2012.02.22 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{35F9BB64-4230-49DC-9C86-E1D2EA08988F}
[2012.02.21 22:11:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7FE8C6B9-4ED1-489F-AB41-81C7EA0FB34F}
[2012.02.21 22:11:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DDD9F03A-D935-4181-8820-2315512C2014}
[2012.02.21 10:11:10 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{6D8D3820-2914-4275-A720-F440055F250A}
[2012.02.21 10:10:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EB55DCD7-E78B-4735-81CE-AE61EA397477}
[2012.02.20 22:10:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{16334399-4C73-488B-BDD2-E0AD493B9F3B}
[2012.02.20 22:10:36 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F1F32399-BC58-411A-AD8B-2E7E64AC9AE4}
[2012.02.20 10:10:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{566C591A-DAB0-4E8F-8F14-04311508AC3D}
[2012.02.20 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{489D1396-83F8-4C19-8237-9930D85C6EA4}
[2012.02.19 22:09:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{97DA1685-DC55-45E6-997A-5CB2FA580924}
[2012.02.19 22:09:48 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FC0FD34E-37C1-4A1B-8EC0-76075034FAB4}
[2012.02.19 10:09:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1B44E1D2-D5BC-415F-9DEF-8677B4D594C7}
[2012.02.19 10:09:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{97F1F25B-3A05-4255-A204-5541352E69F2}
[2012.02.18 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{CEA1BEA3-DEF8-46BA-ACDA-2EC751ED54F2}
[2012.02.18 21:42:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{192A8039-E992-4A8F-80CF-E2C663E5BE1D}
[2012.02.18 09:42:12 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FED7937B-AE26-4BF5-81AE-0D0E9B73BB24}
[2012.02.18 09:42:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F374AC9B-B39B-4C1F-9C15-74188DDCC315}
[2012.02.17 21:41:49 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FE468E00-0C49-4F78-97D1-CFEE6BE5B824}
[2012.02.17 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{228C4743-2C4F-4184-9798-6FF8E3D92D51}
[2012.02.17 06:49:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{CFAEB718-4404-4956-937A-A35B327DD827}
[2012.02.17 06:48:50 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4D8ED500-DDC6-4C34-9221-ADBBF20224A8}
[2012.02.16 13:04:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FC33E124-63C5-40BE-9DC3-4BA9BFD76559}
[2012.02.16 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{8B123ADD-D7C3-4474-9160-10EE2D27BC86}
[2012.02.15 21:43:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{A29E6159-3C16-493D-81CC-6AB9DE231CF6}
[2012.02.15 21:43:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{49275BF6-7704-42BB-A08D-8FA4D549EE78}
[2012.02.15 09:43:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{D8BABF2A-7BA5-4083-B5BD-F5BC0B368B75}
[2012.02.15 06:58:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 06:58:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 06:58:51 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.15 06:58:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 06:58:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 06:58:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 06:58:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.15 06:58:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.15 06:58:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 06:58:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 06:58:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.14 23:41:43 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.14 23:41:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.14 23:41:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.14 23:41:26 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.11 07:04:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BAF23869-2756-46B1-A874-41F072F83648}
[2012.02.11 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{B1D5C69B-3AA3-4BF0-8FA5-15F86091CEBD}
[2012.02.10 18:37:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7E4DA34A-876F-4401-866E-10E231DA043F}
[2012.02.10 18:37:48 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9FE4C9AE-9018-457F-8952-0AD11C0CF9F3}
[2012.02.05 21:01:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F018C9A1-2B24-4970-B14A-4719D69DF492}
[2012.02.05 20:59:28 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1A0469D9-A198-436A-AC9F-80F2016CD427}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.03.04 11:48:55 | 000,000,129 | ---- | M] () -- C:\Users\Anna\AppData\Local\mv_music.xml
[2012.03.04 11:42:09 | 000,000,781 | ---- | M] () -- C:\Users\Anna\Documents\hosts
[2012.03.04 11:37:35 | 000,000,056 | ---- | M] () -- C:\Users\Anna\AppData\Local\mv_Photo.xml
[2012.03.04 10:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.02 21:11:24 | 000,028,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 21:11:24 | 000,028,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 21:03:46 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.02 20:45:40 | 000,162,422 | ---- | M] () -- C:\Users\Anna\Documents\cc_20120302_204518.reg
[2012.03.01 07:05:48 | 001,527,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.01 07:05:48 | 000,656,500 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.01 07:05:48 | 000,618,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.01 07:05:48 | 000,131,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.01 07:05:48 | 000,107,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.29 23:21:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.29 22:54:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.29 21:58:56 | 000,002,971 | ---- | M] () -- C:\Users\Anna\Desktop\HiJackThis.lnk
[2012.02.29 21:39:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAnna.job
[2012.02.25 17:56:10 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.02.15 09:42:44 | 000,428,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.03.04 11:42:09 | 000,000,781 | ---- | C] () -- C:\Users\Anna\Documents\hosts
[2012.03.02 20:45:24 | 000,162,422 | ---- | C] () -- C:\Users\Anna\Documents\cc_20120302_204518.reg
[2012.02.29 23:21:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.29 22:54:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.29 21:58:56 | 000,002,971 | ---- | C] () -- C:\Users\Anna\Desktop\HiJackThis.lnk
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.01.30 22:28:15 | 000,001,854 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\GhostObjGAFix.xml
[2011.01.27 19:36:58 | 000,005,632 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.08 21:28:00 | 000,223,322 | ---- | C] () -- C:\Windows\hpoins31.dat
[2011.01.08 21:28:00 | 000,000,873 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2011.01.08 19:15:28 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.08 19:05:12 | 000,000,129 | ---- | C] () -- C:\Users\Anna\AppData\Local\mv_music.xml
[2011.01.08 19:05:12 | 000,000,056 | ---- | C] () -- C:\Users\Anna\AppData\Local\mv_Photo.xml
[2010.10.02 23:04:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.02 22:58:31 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.10.02 22:57:32 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.10.02 22:57:32 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.10.02 22:57:32 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.10.02 22:57:32 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.10.02 22:57:31 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.10.02 22:57:30 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.02 22:55:43 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.10.02 22:55:43 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.10.02 22:53:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.21 17:57:41 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.07.21 17:07:00 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.07.21 15:26:14 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

[color=#E56717]========== LOP Check ==========[/color]

[2012.02.29 23:00:31 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DAEMON Tools Lite
[2011.01.09 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\PMS
[2012.03.03 23:13:47 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\uTorrent
[2011.07.24 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\_MDLogs
[2011.01.10 16:13:29 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Îòåëü Äæåéí Ñåìåéíûå öåííîñòè
[2009.07.14 06:08:49 | 000,028,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT


< End of report >



Extras.txt ********************************************************************
OTL Extras logfile created on: 04.03.2012 11:47:38 - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Anna\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 53,35% Memory free
7,60 Gb Paging File | 4,71 Gb Available in Paging File | 61,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273,93 Gb Total Space | 114,61 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
Drive D: | 23,86 Gb Total Space | 3,49 Gb Free Space | 14,61% Space Free | Partition Type: NTFS
Drive E: | 257,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANNA-HP | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B601929F-3A47-4F37-8D1E-EAD1481BE5EA}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant
"{E5A24F8D-40E1-45CB-B509-81186D795735}" = HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{02FC8489-58FB-2628-768A-2CE172A37D7D}" = Catalyst Control Center Graphics Previews Common
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08F1513E-2113-06C5-583A-FB1DE0E64AE6}" = CCC Help Chinese Standard
"{0AB910A1-042A-D781-3779-2A4DC383BF0F}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2F1E68-5AB5-4AB3-8476-08E7A0472B35}" = HP Documentation
"{0D619D56-854C-F5D1-A134-4EB72974E09E}" = CCC Help Thai
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{144AAC2E-410C-6F23-5EC4-CB96049DD1D4}" = CCC Help Finnish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AF5A6D6-266D-9A24-D13A-5A50B2182645}" = CCC Help Norwegian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A54B824-C32C-A931-17CB-A74B54E28AAE}" = CCC Help Spanish
"{2BED1172-6F40-1090-C681-26FEEF383E14}" = ccc-core-static
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F1E1F4D-B5CC-CA5D-2035-3A464BB053C3}" = CCC Help English
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3234355B-963B-99FE-EECA-8A034781AF15}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}" = Alcor Micro USB Card Reader
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3A0FD0E8-7825-468D-8808-A5D63B11777B}" = HP Software Framework
"{3C302D80-4540-BA36-7167-8B59EC0BB9F4}" = CCC Help Korean
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41136F4A-3C71-7F9F-7ECA-4E2C2D6C216F}" = CCC Help Dutch
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4D66BBCA-8E0A-5FF3-4206-3BEA432FB1E9}" = CCC Help Turkish
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{543BDDCD-E230-4F37-881B-4900B833BBD7}" = C6300
"{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66E2396F-1392-BECA-37D7-6C4AECED9668}" = CCC Help Russian
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E918D75-2600-0674-ADC2-4722D7F37018}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE9B20A-6C15-48A3-99A5-02C9A3E389EF}" = PS_AIO_04_C6300_Software_Min
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C632E6D-C984-75B8-DE46-8E495E179314}" = CCC Help Portuguese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A1A5DA17-C6A6-897E-2EBB-8BACE074FA10}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5EFB5BD-5B8C-813B-711E-4C068721281F}" = CCC Help Danish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{B0B3A2CE-C337-E33B-F24E-A8BDCA644D03}" = Catalyst Control Center Localization All
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B635B0A0-8C8B-4492-E54A-85CA5DC5CAC2}" = CCC Help Japanese
"{BAB3C6F6-8C54-BFE0-A570-1E471ACE00B5}" = Catalyst Control Center Graphics Previews Vista
"{BB9344E4-C629-7E36-6248-EAF3F7AFCB95}" = CCC Help Chinese Traditional
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45DB0E4-E813-1584-9670-ADF85214596E}" = CCC Help French
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB15EA7D-B263-1B9B-0C3E-25BE7D15C551}" = PX Profile Update
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE07C46F-278A-412C-4687-54963CBC5862}" = CCC Help Hungarian
"{EFD35B3A-0296-864F-C78F-910CD41B1C32}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8504F00-2C61-0FA1-8E17-AADA786A164F}" = CCC Help German
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe AIR" = Adobe AIR
"DAEMON Tools Lite" = DAEMON Tools Lite
"eMule" = eMule
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = HP SimplePass Identity Protection
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"My HP Game Console" = HP Game Console
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 03.02.2012 02:44:53 | Computer Name = Anna-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 05.02.2012 15:11:36 | Computer Name = Anna-HP | Source = Windows Backup | ID = 4103
Description =

Error - 07.02.2012 12:26:38 | Computer Name = Anna-HP | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 07.02.2012 12:26:42 | Computer Name = Anna-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 08.02.2012 11:00:28 | Computer Name = Anna-HP | Source = RasClient | ID = 20227
Description =

Error - 08.02.2012 11:00:40 | Computer Name = Anna-HP | Source = RasClient | ID = 20227
Description =

Error - 10.02.2012 15:12:28 | Computer Name = Anna-HP | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 10.02.2012 15:12:44 | Computer Name = Anna-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 11.02.2012 04:18:58 | Computer Name = Anna-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3538.513,
Zeitstempel: 0x4dcdb2b3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0xbf8 Startzeit der fehlerhaften Anwendung: 0x01cce81aa6392d8d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0b6edeca-5489-11e1-900b-edbba928c2bc

Error - 12.02.2012 15:09:55 | Computer Name = Anna-HP | Source = Windows Backup | ID = 4103
Description =

[ Hewlett-Packard Events ]
Error - 27.03.2011 11:57:17 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031127055708.xml
File not created by asset agent

Error - 17.04.2011 12:29:37 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041117062928.xml
File not created by asset agent

Error - 24.04.2011 11:47:39 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041124054723.xml
File not created by asset agent

Error - 15.05.2011 16:03:56 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = de-AT Ausnahme von HRESULT: 0x88980406 PresentationCore bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel) bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
enableRenderTarget, Nullable`1 channelSet) bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
enableRenderTarget) bei System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
lParam) bei System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
wparam, IntPtr lparam) bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 26.06.2011 03:59:51 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061126095948.xml
File not created by asset agent

Error - 03.07.2011 03:19:32 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071103091929.xml
File not created by asset agent

Error - 17.07.2011 04:58:30 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071117105827.xml
File not created by asset agent

Error - 24.07.2011 04:30:03 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071124103000.xml
File not created by asset agent

Error - 14.08.2011 03:08:17 | Computer Name = Anna-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081114090809.xml
File not created by asset agent

Error - 25.09.2011 03:19:40 | Computer Name = Anna-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 08.01.2011 14:03:39 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 08.01.2011 14:03:52 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 08.01.2011 14:04:05 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 08.01.2011 14:05:12 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 08.01.2011 14:06:12 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 08.01.2011 14:07:12 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 16.03.2011 17:05:16 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 22.03.2011 21:54:34 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 25.04.2011 03:21:57 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 23.02.2012 03:20:16 | Computer Name = Anna-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 02.03.2012 16:04:11 | Computer Name = Anna-HP | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.

Error - 02.03.2012 16:04:24 | Computer Name = Anna-HP | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842

Error - 02.03.2012 16:04:25 | Computer Name = Anna-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.

Error - 02.03.2012 16:04:25 | Computer Name = Anna-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 02.03.2012 16:04:34 | Computer Name = Anna-HP | Source = DCOM | ID = 10005
Description =

Error - 02.03.2012 16:04:34 | Computer Name = Anna-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.

Error - 02.03.2012 16:04:34 | Computer Name = Anna-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 02.03.2012 16:04:57 | Computer Name = Anna-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 02.03.2012 16:15:41 | Computer Name = Anna-HP | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%858

Error - 03.03.2012 20:56:30 | Computer Name = Anna-HP | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%858


< End of report >

#4 Ok

1. Starte OTL, kopiere unten in das Skript-Feld rein:

Zitat

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1948914649-1097278606-868803289-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O33 - MountPoints2\{29f101a2-4c06-11e1-94df-82bd3968db88}\Shell - "" = AutoRun
O33 - MountPoints2\{29f101a2-4c06-11e1-94df-82bd3968db88}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\Shell - "" = AutoRun
O33 - MountPoints2\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\Shell - "" = AutoRun
O33 - MountPoints2\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\Shell - "" = AutoRun
O33 - MountPoints2\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\Shell - "" = AutoRun
O33 - MountPoints2\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell - "" = AutoRun
O33 - MountPoints2\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell - "" = AutoRun
O33 - MountPoints2\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012.03.04 10:48:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{A73BA2B0-ABA9-450F-B165-EF75D740FC25}
[2012.03.04 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EF60E9F2-11FC-47D3-A479-399ACFFBA36B}
[2012.03.03 22:22:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4DF25E3D-6B62-4D96-BB3B-EAD21F4550FD}
[2012.03.03 22:22:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9B465012-F7F5-4345-A82E-264CC1D2FA43}
[2012.03.03 10:21:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{8C63602A-14D0-432F-BFE4-6D65945E7F8E}
[2012.03.03 10:21:43 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7DC6B2B2-E2D6-4574-9DFB-D0C82806611D}
[2012.03.02 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DD5B45E5-6A9A-44D4-93F4-9B3B37F1378D}
[2012.03.02 22:21:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1A1D3EF2-C663-4EBE-BCE3-08090BAD70C4}
[2012.03.02 10:20:52 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C32997ED-E257-4433-860A-A699FEC606E3}
[2012.03.02 10:20:41 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1FA72D94-1EBE-4F1C-8561-6F6DDFF9EB1B}
[2012.03.01 22:20:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{24B7C526-D8D9-4764-9A60-9343675C6D39}
[2012.03.01 22:20:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C14B4485-38A7-4A0B-9C1F-76D075224F7B}
[2012.03.01 10:20:04 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{0F6B3D6A-A2CB-4FB1-8B94-8D6962E0C2BD}
[2012.03.01 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EA4EC20B-B27F-45CA-BEEA-B902BCD740DB}
[2012.02.29 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{D173D6FD-6482-44CC-8667-D18AE12C59EF}
[2012.02.29 22:19:16 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C02CFA78-0D5E-423F-BEDC-F703C6B07C53}
[2012.02.29 10:18:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BE584FA0-C8D6-4DB1-B4E8-4824DE858ABB}
[2012.02.29 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E0A5013C-8C21-4A51-9452-45FC5CFD4FDD}
[2012.02.28 22:18:27 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{16A8422F-E7C8-4C40-AD8D-4B996CEB4BB8}
[2012.02.28 22:18:16 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BA982899-E0AA-45BC-A918-DC0CB97B9766}
[2012.02.28 09:54:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{A80C80B7-B08A-4FC8-B097-57E1B8931E55}
[2012.02.28 09:54:11 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{89D4EB76-23F3-42CF-85D5-D4509FA3DED1}
[2012.02.27 21:53:58 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BC7D01F2-4D59-429D-A56E-63C985139C75}
[2012.02.27 21:53:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{534B8760-AD4C-4C81-8489-F727F81A92C7}
[2012.02.27 09:53:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FEB5134D-7474-4824-A180-F2CA492BDC90}
[2012.02.27 09:53:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{3B30DD44-35F8-43CE-979C-81803129E04E}
[2012.02.26 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9927ACDA-C4FD-4EAA-BE4A-A48E892025F3}
[2012.02.26 21:52:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{634216C3-0C4A-4362-A694-5DF932A5EAB2}
[2012.02.26 09:52:34 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7FF8D88A-1BD9-4499-AFFC-2A09AC9F8A3A}
[2012.02.26 09:52:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C17132B3-C64E-451B-8670-C7FA0864582D}
[2012.02.25 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1152E14A-4B24-4358-B8B2-CC0B819CFEDA}
[2012.02.25 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DD6BCB96-E967-4031-A8AB-B4BC78370C1F}
[2012.02.25 17:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Anna\AppData\Local\e3d492ef
[2012.02.25 08:34:19 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{19D3FF4F-0A4C-4D1C-B8C2-81FB4E7D154F}
[2012.02.25 08:34:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F488C899-CCE5-499C-B94C-BA3B7F076F62}
[2012.02.24 19:25:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{2661F9F8-5CCC-4D17-842B-3D0BCA43566B}
[2012.02.24 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{68DD9E2C-2E46-4040-8A8A-7EFCB4AF13EC}
[2012.02.24 07:25:05 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4FA9CF74-4E58-4F63-89E2-7E07217C2D7D}
[2012.02.24 07:24:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{52ED9E40-4118-4A4F-966D-ACC0F12D4A68}
[2012.02.23 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{B9C3C171-9083-4FB8-A050-FFCA742305F7}
[2012.02.23 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E751A813-5650-45A8-88FD-8D19A8DFD2FB}
[2012.02.22 22:12:28 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{2C1719F6-CEAF-43C9-A101-3FAB00571D51}
[2012.02.22 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{6653D508-CAD0-4E6E-87F7-58ADA28FDF10}
[2012.02.22 10:12:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{22F2D399-5CC4-4A0E-9FA3-CDA1980ED354}
[2012.02.22 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{35F9BB64-4230-49DC-9C86-E1D2EA08988F}
[2012.02.21 22:11:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7FE8C6B9-4ED1-489F-AB41-81C7EA0FB34F}
[2012.02.21 22:11:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DDD9F03A-D935-4181-8820-2315512C2014}
[2012.02.21 10:11:10 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{6D8D3820-2914-4275-A720-F440055F250A}
[2012.02.21 10:10:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EB55DCD7-E78B-4735-81CE-AE61EA397477}
[2012.02.20 22:10:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{16334399-4C73-488B-BDD2-E0AD493B9F3B}
[2012.02.20 22:10:36 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F1F32399-BC58-411A-AD8B-2E7E64AC9AE4}
[2012.02.20 10:10:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{566C591A-DAB0-4E8F-8F14-04311508AC3D}
[2012.02.20 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{489D1396-83F8-4C19-8237-9930D85C6EA4}
[2012.02.19 22:09:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{97DA1685-DC55-45E6-997A-5CB2FA580924}
[2012.02.19 22:09:48 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FC0FD34E-37C1-4A1B-8EC0-76075034FAB4}
[2012.02.19 10:09:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1B44E1D2-D5BC-415F-9DEF-8677B4D594C7}
[2012.02.19 10:09:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{97F1F25B-3A05-4255-A204-5541352E69F2}
[2012.02.18 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{CEA1BEA3-DEF8-46BA-ACDA-2EC751ED54F2}
[2012.02.18 21:42:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{192A8039-E992-4A8F-80CF-E2C663E5BE1D}
[2012.02.18 09:42:12 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FED7937B-AE26-4BF5-81AE-0D0E9B73BB24}
[2012.02.18 09:42:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F374AC9B-B39B-4C1F-9C15-74188DDCC315}
[2012.02.17 21:41:49 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FE468E00-0C49-4F78-97D1-CFEE6BE5B824}
[2012.02.17 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{228C4743-2C4F-4184-9798-6FF8E3D92D51}
[2012.02.17 06:49:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{CFAEB718-4404-4956-937A-A35B327DD827}
[2012.02.17 06:48:50 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4D8ED500-DDC6-4C34-9221-ADBBF20224A8}
[2012.02.16 13:04:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FC33E124-63C5-40BE-9DC3-4BA9BFD76559}
[2012.02.16 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{8B123ADD-D7C3-4474-9160-10EE2D27BC86}
[2012.02.15 21:43:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{A29E6159-3C16-493D-81CC-6AB9DE231CF6}
[2012.02.15 21:43:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{49275BF6-7704-42BB-A08D-8FA4D549EE78}
[2012.02.15 09:43:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{D8BABF2A-7BA5-4083-B5BD-F5BC0B368B75}
[2012.02.11 07:04:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{BAF23869-2756-46B1-A874-41F072F83648}
[2012.02.11 07:04:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{B1D5C69B-3AA3-4BF0-8FA5-15F86091CEBD}
[2012.02.10 18:37:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{7E4DA34A-876F-4401-866E-10E231DA043F}
[2012.02.10 18:37:48 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9FE4C9AE-9018-457F-8952-0AD11C0CF9F3}
[2012.02.05 21:01:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F018C9A1-2B24-4970-B14A-4719D69DF492}
[2012.02.05 20:59:28 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{1A0469D9-A198-436A-AC9F-80F2016CD427}
[2011.01.10 16:13:29 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Îòåëü Äæåéí Ñåìåéíûå öåííîñòè

:Commands
[resethosts]
[emptytemp]
[emptyflash]

und klicke auf Fix. Poste bitte das Fix-Log.

2. DeFogger http://www.jpshortstuff.247fixes.com/Defogger.exe
Starte das Programm und klicke auf "Disable"
Bestätige mit "Yes"
Nach der "Finished!" Nachricht klicke auf "OK"
Es wird nach einem Neustartt gefragt, bestätige mit "OK"

3. Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
wähle "Ja" bei der Frage nach avast-Engine.
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (nichts "Fixen" bitte)

#5 Hi,

hier ist das Log vom OTL:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1948914649-1097278606-868803289-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29f101a2-4c06-11e1-94df-82bd3968db88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29f101a2-4c06-11e1-94df-82bd3968db88}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29f101a2-4c06-11e1-94df-82bd3968db88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29f101a2-4c06-11e1-94df-82bd3968db88}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a625779-1b58-11e0-81c0-ba4bb3d01385}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a195a0dc-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a195a0e4-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a195a0e6-808e-11e0-bf38-4c0f6e2f5b40}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafed2da-2f3b-11e0-b5d8-d45d9f5d7dbb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cafed2e6-2f3b-11e0-b5d8-d45d9f5d7dbb}\ not found.
File F:\AutoRun.exe not found.
C:\Users\Anna\AppData\Local\{A73BA2B0-ABA9-450F-B165-EF75D740FC25} folder moved successfully.
C:\Users\Anna\AppData\Local\{EF60E9F2-11FC-47D3-A479-399ACFFBA36B} folder moved successfully.
C:\Users\Anna\AppData\Local\{4DF25E3D-6B62-4D96-BB3B-EAD21F4550FD} folder moved successfully.
C:\Users\Anna\AppData\Local\{9B465012-F7F5-4345-A82E-264CC1D2FA43} folder moved successfully.
C:\Users\Anna\AppData\Local\{8C63602A-14D0-432F-BFE4-6D65945E7F8E} folder moved successfully.
C:\Users\Anna\AppData\Local\{7DC6B2B2-E2D6-4574-9DFB-D0C82806611D} folder moved successfully.
C:\Users\Anna\AppData\Local\{DD5B45E5-6A9A-44D4-93F4-9B3B37F1378D} folder moved successfully.
C:\Users\Anna\AppData\Local\{1A1D3EF2-C663-4EBE-BCE3-08090BAD70C4} folder moved successfully.
C:\Users\Anna\AppData\Local\{C32997ED-E257-4433-860A-A699FEC606E3} folder moved successfully.
C:\Users\Anna\AppData\Local\{1FA72D94-1EBE-4F1C-8561-6F6DDFF9EB1B} folder moved successfully.
C:\Users\Anna\AppData\Local\{24B7C526-D8D9-4764-9A60-9343675C6D39} folder moved successfully.
C:\Users\Anna\AppData\Local\{C14B4485-38A7-4A0B-9C1F-76D075224F7B} folder moved successfully.
C:\Users\Anna\AppData\Local\{0F6B3D6A-A2CB-4FB1-8B94-8D6962E0C2BD} folder moved successfully.
C:\Users\Anna\AppData\Local\{EA4EC20B-B27F-45CA-BEEA-B902BCD740DB} folder moved successfully.
C:\Users\Anna\AppData\Local\{D173D6FD-6482-44CC-8667-D18AE12C59EF} folder moved successfully.
C:\Users\Anna\AppData\Local\{C02CFA78-0D5E-423F-BEDC-F703C6B07C53} folder moved successfully.
C:\Users\Anna\AppData\Local\{BE584FA0-C8D6-4DB1-B4E8-4824DE858ABB} folder moved successfully.
C:\Users\Anna\AppData\Local\{E0A5013C-8C21-4A51-9452-45FC5CFD4FDD} folder moved successfully.
C:\Users\Anna\AppData\Local\{16A8422F-E7C8-4C40-AD8D-4B996CEB4BB8} folder moved successfully.
C:\Users\Anna\AppData\Local\{BA982899-E0AA-45BC-A918-DC0CB97B9766} folder moved successfully.
C:\Users\Anna\AppData\Local\{A80C80B7-B08A-4FC8-B097-57E1B8931E55} folder moved successfully.
C:\Users\Anna\AppData\Local\{89D4EB76-23F3-42CF-85D5-D4509FA3DED1} folder moved successfully.
C:\Users\Anna\AppData\Local\{BC7D01F2-4D59-429D-A56E-63C985139C75} folder moved successfully.
C:\Users\Anna\AppData\Local\{534B8760-AD4C-4C81-8489-F727F81A92C7} folder moved successfully.
C:\Users\Anna\AppData\Local\{FEB5134D-7474-4824-A180-F2CA492BDC90} folder moved successfully.
C:\Users\Anna\AppData\Local\{3B30DD44-35F8-43CE-979C-81803129E04E} folder moved successfully.
C:\Users\Anna\AppData\Local\{9927ACDA-C4FD-4EAA-BE4A-A48E892025F3} folder moved successfully.
C:\Users\Anna\AppData\Local\{634216C3-0C4A-4362-A694-5DF932A5EAB2} folder moved successfully.
C:\Users\Anna\AppData\Local\{7FF8D88A-1BD9-4499-AFFC-2A09AC9F8A3A} folder moved successfully.
C:\Users\Anna\AppData\Local\{C17132B3-C64E-451B-8670-C7FA0864582D} folder moved successfully.
C:\Users\Anna\AppData\Local\{1152E14A-4B24-4358-B8B2-CC0B819CFEDA} folder moved successfully.
C:\Users\Anna\AppData\Local\{DD6BCB96-E967-4031-A8AB-B4BC78370C1F} folder moved successfully.
C:\Users\Anna\AppData\Local\e3d492ef\U folder moved successfully.
C:\Users\Anna\AppData\Local\e3d492ef folder moved successfully.
C:\Users\Anna\AppData\Local\{19D3FF4F-0A4C-4D1C-B8C2-81FB4E7D154F} folder moved successfully.
C:\Users\Anna\AppData\Local\{F488C899-CCE5-499C-B94C-BA3B7F076F62} folder moved successfully.
C:\Users\Anna\AppData\Local\{2661F9F8-5CCC-4D17-842B-3D0BCA43566B} folder moved successfully.
C:\Users\Anna\AppData\Local\{68DD9E2C-2E46-4040-8A8A-7EFCB4AF13EC} folder moved successfully.
C:\Users\Anna\AppData\Local\{4FA9CF74-4E58-4F63-89E2-7E07217C2D7D} folder moved successfully.
C:\Users\Anna\AppData\Local\{52ED9E40-4118-4A4F-966D-ACC0F12D4A68} folder moved successfully.
C:\Users\Anna\AppData\Local\{B9C3C171-9083-4FB8-A050-FFCA742305F7} folder moved successfully.
C:\Users\Anna\AppData\Local\{E751A813-5650-45A8-88FD-8D19A8DFD2FB} folder moved successfully.
C:\Users\Anna\AppData\Local\{2C1719F6-CEAF-43C9-A101-3FAB00571D51} folder moved successfully.
C:\Users\Anna\AppData\Local\{6653D508-CAD0-4E6E-87F7-58ADA28FDF10} folder moved successfully.
C:\Users\Anna\AppData\Local\{22F2D399-5CC4-4A0E-9FA3-CDA1980ED354} folder moved successfully.
C:\Users\Anna\AppData\Local\{35F9BB64-4230-49DC-9C86-E1D2EA08988F} folder moved successfully.
C:\Users\Anna\AppData\Local\{7FE8C6B9-4ED1-489F-AB41-81C7EA0FB34F} folder moved successfully.
C:\Users\Anna\AppData\Local\{DDD9F03A-D935-4181-8820-2315512C2014} folder moved successfully.
C:\Users\Anna\AppData\Local\{6D8D3820-2914-4275-A720-F440055F250A} folder moved successfully.
C:\Users\Anna\AppData\Local\{EB55DCD7-E78B-4735-81CE-AE61EA397477} folder moved successfully.
C:\Users\Anna\AppData\Local\{16334399-4C73-488B-BDD2-E0AD493B9F3B} folder moved successfully.
C:\Users\Anna\AppData\Local\{F1F32399-BC58-411A-AD8B-2E7E64AC9AE4} folder moved successfully.
C:\Users\Anna\AppData\Local\{566C591A-DAB0-4E8F-8F14-04311508AC3D} folder moved successfully.
C:\Users\Anna\AppData\Local\{489D1396-83F8-4C19-8237-9930D85C6EA4} folder moved successfully.
C:\Users\Anna\AppData\Local\{97DA1685-DC55-45E6-997A-5CB2FA580924} folder moved successfully.
C:\Users\Anna\AppData\Local\{FC0FD34E-37C1-4A1B-8EC0-76075034FAB4} folder moved successfully.
C:\Users\Anna\AppData\Local\{1B44E1D2-D5BC-415F-9DEF-8677B4D594C7} folder moved successfully.
C:\Users\Anna\AppData\Local\{97F1F25B-3A05-4255-A204-5541352E69F2} folder moved successfully.
C:\Users\Anna\AppData\Local\{CEA1BEA3-DEF8-46BA-ACDA-2EC751ED54F2} folder moved successfully.
C:\Users\Anna\AppData\Local\{192A8039-E992-4A8F-80CF-E2C663E5BE1D} folder moved successfully.
C:\Users\Anna\AppData\Local\{FED7937B-AE26-4BF5-81AE-0D0E9B73BB24} folder moved successfully.
C:\Users\Anna\AppData\Local\{F374AC9B-B39B-4C1F-9C15-74188DDCC315} folder moved successfully.
C:\Users\Anna\AppData\Local\{FE468E00-0C49-4F78-97D1-CFEE6BE5B824} folder moved successfully.
C:\Users\Anna\AppData\Local\{228C4743-2C4F-4184-9798-6FF8E3D92D51} folder moved successfully.
C:\Users\Anna\AppData\Local\{CFAEB718-4404-4956-937A-A35B327DD827} folder moved successfully.
C:\Users\Anna\AppData\Local\{4D8ED500-DDC6-4C34-9221-ADBBF20224A8} folder moved successfully.
C:\Users\Anna\AppData\Local\{FC33E124-63C5-40BE-9DC3-4BA9BFD76559} folder moved successfully.
C:\Users\Anna\AppData\Local\{8B123ADD-D7C3-4474-9160-10EE2D27BC86} folder moved successfully.
C:\Users\Anna\AppData\Local\{A29E6159-3C16-493D-81CC-6AB9DE231CF6} folder moved successfully.
C:\Users\Anna\AppData\Local\{49275BF6-7704-42BB-A08D-8FA4D549EE78} folder moved successfully.
C:\Users\Anna\AppData\Local\{D8BABF2A-7BA5-4083-B5BD-F5BC0B368B75} folder moved successfully.
C:\Users\Anna\AppData\Local\{BAF23869-2756-46B1-A874-41F072F83648} folder moved successfully.
C:\Users\Anna\AppData\Local\{B1D5C69B-3AA3-4BF0-8FA5-15F86091CEBD} folder moved successfully.
C:\Users\Anna\AppData\Local\{7E4DA34A-876F-4401-866E-10E231DA043F} folder moved successfully.
C:\Users\Anna\AppData\Local\{9FE4C9AE-9018-457F-8952-0AD11C0CF9F3} folder moved successfully.
C:\Users\Anna\AppData\Local\{F018C9A1-2B24-4970-B14A-4719D69DF492} folder moved successfully.
C:\Users\Anna\AppData\Local\{1A0469D9-A198-436A-AC9F-80F2016CD427} folder moved successfully.
Folder C:\Users\Anna\AppData\Roaming\Îòåëü Äæåéí Ñåìåéíûå öåííîñòè\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Anna
->Temp folder emptied: 20421186 bytes
->Temporary Internet Files folder emptied: 180756278 bytes
->Java cache emptied: 395155 bytes
->Flash cache emptied: 6056 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 343251 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 193,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Anna
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.35.0 log created on 03062012_211801

Files\Folders moved on Reboot...
File\Folder C:\Users\Anna\AppData\Local\Temp\fla1163.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\fla1508.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\fla3402.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\fla605C.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\flaA435.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\flaD11C.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\flaDE6F.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\flaE5DC.tmp not found!
C:\Users\Anna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Anna\AppData\Local\Temp\tmp495A.tmp not found!
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{025608E3-212C-427D-AA4C-7F5F38C3A6F6}.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{74B1E64B-5839-4D34-8958-E00EA6CF4C4A}.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9938A1BF-1548-493A-AB3B-F599F0AB613D}.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A3680699-7659-4724-A495-48F3D802BD8C}.tmp not found!
File\Folder C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ECDB4321-5E5B-4B0A-98F7-53B7F010609B}.tmp not found!
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCA323X90.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCA6O12WE.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCA7563PR.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCACGWWFF.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCADXUHXP.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCAFJN6R9.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCAKC2BKU.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCALJ1C8F.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCAOQ8PEQ.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZSKTPZ7\video_extCAWX3STK.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6HGMN4C\video_ext[1].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6HGMN4C\video_ext[2].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6HGMN4C\video_ext[3].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6HGMN4C\_ad[3].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5G7T8C2\random[1].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5G7T8C2\t42060[1].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5G7T8C2\video_extCA1Z1F01.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5G7T8C2\video_extCAB216YH.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5G7T8C2\video_extCAMAVJWJ.htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5G7T8C2\video_extCAY1AQOO.htm moved successfully.
File\Folder C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54MFERX3\01[1].htm not found!
File\Folder C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54MFERX3\ADSAdClient31[2].htm not found!
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54MFERX3\video_ext[5].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54MFERX3\video_ext[6].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54MFERX3\video_ext[7].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54MFERX3\video_ext[8].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ITUYNYW\ads[2].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ITUYNYW\c1a87cbf[1].htm moved successfully.
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ITUYNYW\search[1].htm moved successfully.

Registry entries deleted on Reboot...

#6 DeFogger ausgeführt und rebooted.

Avast hängt sich beim scannen auf.
die letzte meldung die ich sehe ist:
Scanning: C:\windows\assembly\Gac_MSIL\microsoft.visualstudio.tools.applications.

#7

Zitat

Avast hängt sich beim scannen auf

Mh, das ist jetzt entweder ein schlechtes Zeichen oder einfach nur Zufall. Wir versuchen zunächst ein weiteres Programm, das den MBR mitüberprüft.

1. Hol Dir bitte den RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Starte das Programm mit Rechtsklick "Als Administrator".
Stelle sicher, dass das Häckchen bei "MBR Scan" gesetzt ist.
Klicke auf "Scan"
Warte, bis der Scan beendet ist, klicke dann auf "Report" und poste bitte das Log.

#8 RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Anna [Admin rights]
Mode: Scan -- Date: 03/09/2012 15:04:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-60V5T1 +++++
--- User ---
[MBR] 759ca7bcf60e94fbea27b36f3409aaec
[BSP] fed97a47433c2ee853388e396f0fa468 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 280507 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 574887936 | Size: 24434 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#9 Ok, MBR ist in Ordnung.

1. Folge bitte nun dieser Anleitung
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
und poste das Log.

#10 ComboFix 12-03-09.05 - Anna 09.03.2012 15:45:49.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.43.1031.18.3894.2468 [GMT 1:00]
ausgeführt von:: c:\users\Anna\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-09 bis 2012-03-09 ))))))))))))))))))))))))))))))
.
.
2012-03-09 14:50 . 2012-03-09 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 14:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{521E280D-5C80-46BC-8868-5676D3923453}\mpengine.dll
2012-03-06 20:18 . 2012-03-06 20:18 -------- d-----w- C:\_OTL
2012-02-29 22:21 . 2012-02-29 22:21 -------- d-----w- c:\users\Anna\AppData\Roaming\Malwarebytes
2012-02-29 22:21 . 2012-02-29 22:21 -------- d-----w- c:\programdata\Malwarebytes
2012-02-29 22:21 . 2012-02-29 22:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-29 22:21 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 21:54 . 2012-02-29 21:54 -------- d-----w- c:\program files\CCleaner
2012-02-29 20:58 . 2012-02-29 20:58 388096 ----a-r- c:\users\Anna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-29 20:58 . 2012-02-29 20:58 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-14 22:41 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 22:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 22:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 22:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 22:41 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 22:41 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 22:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 22:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 17:48 . 2012-02-10 17:48 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B1B5868-E9BA-41EA-8DD4-49E55DB1DD7E}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 20:24 . 2011-05-23 06:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 07:13 . 2011-01-09 00:41 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-01-08 18:18 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-24 401192]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-24 201512]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-08 380272]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-29 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-06-08 697712]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-06-08 646000]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-29 27192]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\HPCeeScheduleForAnna.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-26 324096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF17523.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 195.34.133.22
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-09 15:57:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-09 14:57
.
Vor Suchlauf: 11 Verzeichnis(se), 126.853.218.304 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 127.184.707.584 Bytes frei
.
- - End Of File - - F435284581F49FA0718DF0B8FEDDE127

#11 1. Eset Online Scanner
http://www.eset.de/onlinescanner
(hier sollte der Browser mit Rechtsklick als Administrator gestartet werden)
Poste bitte nach Ende des Scans das Log, normalerweise zu finden unter C:\Programme\Eset\EsetOnlineScanner\log.txt

2. Poste bitte eine frische OTL.txt

3. Wie geht es dem Rechner? Auffälligkeiten (abgesehen von der hosts-Datei)?

#12 der rechner verhält sich gut, keine überraschungen, seit den begin des säuberns.

hier das log vom ESET
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ac941f24ee68942af792cd2bb963219
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-09 05:28:01
# local_time=2012-03-09 06:28:01 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 765051 765051 0 0
# compatibility_mode=5893 16776574 66 85 32510449 82940436 0 0
# compatibility_mode=8192 67108863 100 0 3689 3689 0 0
# scanned=190283
# found=0
# cleaned=0
# scan_time=3494

#13 hier das aktuelle OTL Log

OTL logfile created on: 09.03.2012 18:35:54 - Run 2
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Anna\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 32,18% Memory free
7,60 Gb Paging File | 4,53 Gb Available in Paging File | 59,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273,93 Gb Total Space | 117,82 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 23,86 Gb Total Space | 3,49 Gb Free Space | 14,61% Space Free | Partition Type: NTFS
Drive E: | 257,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ANNA-HP | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.03.04 11:27:51 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Downloads\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.06.29 17:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.06.25 04:15:46 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010.06.24 21:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010.06.08 19:06:12 | 000,697,712 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
PRC - [2010.06.08 19:05:16 | 000,646,000 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2010.06.08 19:05:04 | 000,380,272 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.15 17:45:42 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.04.15 17:44:48 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.12.24 17:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.12.24 17:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.02.15 09:54:56 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012.02.15 09:47:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.15 09:47:28 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.15 09:47:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.15 09:47:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.15 09:47:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.15 09:47:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.15 09:47:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.13 06:55:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.12.21 00:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.22 00:24:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.05.19 09:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.05.19 09:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.05.19 09:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011.05.13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010.06.22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.02.23 06:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.06.25 04:15:46 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010.06.18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.06.08 19:06:12 | 000,697,712 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe -- (EgisTec Service)
SRV - [2010.06.08 19:05:16 | 000,646,000 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010.04.15 17:45:42 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.04.15 17:44:48 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.23 06:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.10.01 01:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.05.13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.26 04:01:04 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.06.24 21:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.06.22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.03.05 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.11 12:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.08 12:10:24 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2E11ECE0-23D4-47AB-9533-F063F15D7A7F}
IE:64bit: - HKLM\..\SearchScopes\{2E11ECE0-23D4-47AB-9533-F063F15D7A7F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{30383055-645F-4644-B43F-23C2AED210B7}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BCC597CF-043C-48FE-96DE-1CEAA8C924CE}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {2E11ECE0-23D4-47AB-9533-F063F15D7A7F}
IE - HKLM\..\SearchScopes\{2E11ECE0-23D4-47AB-9533-F063F15D7A7F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{30383055-645F-4644-B43F-23C2AED210B7}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{BCC597CF-043C-48FE-96DE-1CEAA8C924CE}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/hpcon/1
IE - HKCU\..\SearchScopes,DefaultScope = {B076957C-F76F-4AD1-BC06-3193CDCBB266}
IE - HKCU\..\SearchScopes\{2E11ECE0-23D4-47AB-9533-F063F15D7A7F}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{30383055-645F-4644-B43F-23C2AED210B7}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{B076957C-F76F-4AD1-BC06-3193CDCBB266}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{BCC597CF-043C-48FE-96DE-1CEAA8C924CE}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2010.10.02 23:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.08 21:30:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.08 21:30:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012.03.09 15:53:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE2C88C-A3A4-4B91-A7EB-271D0A851986}: DhcpNameServer = 195.34.133.21 195.34.133.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.03.09 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.09 15:53:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.09 15:44:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.09 15:44:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.09 15:44:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.09 15:44:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.09 15:42:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.09 15:33:43 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{0850D3F1-09D6-42F7-836A-F4F0C56D4001}
[2012.03.09 15:33:31 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{0A5185B5-D80F-4716-9E92-972FC6067400}
[2012.03.09 15:02:45 | 000,000,000 | ---D | C] -- C:\Users\Anna\Desktop\RK_Quarantine
[2012.03.07 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FEEE8737-4AA3-411F-BC30-2ABE9A4D19CE}
[2012.03.07 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{82B53A9B-EECC-499B-A11C-FE6EBAFAD96D}
[2012.03.07 07:32:19 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F89CD021-155A-4D8C-B972-D1E13787EB9A}
[2012.03.07 07:32:04 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E6911306-F935-4F29-9459-5DC799F8CC22}
[2012.03.06 21:18:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.06 12:20:09 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C0247330-1CEF-4C9C-BE72-306C3DDEA08C}
[2012.03.06 12:19:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{5BA20085-B6C5-43A0-921E-B73725411B0A}
[2012.03.05 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{62E75366-7CB9-4A9C-ADAF-51977AEF0B56}
[2012.03.05 22:49:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{13952F3C-BC67-44EB-938D-C218533F2CE5}
[2012.03.05 10:49:39 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{8A4AE92A-91F4-42E5-A499-6185F0439E68}
[2012.03.05 10:49:28 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{752E4545-FBEA-415D-B31B-B82DD56BC9DE}
[2012.03.04 22:49:16 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{B576FCFC-D438-40AA-9C30-E2955CE1E47A}
[2012.03.04 22:49:05 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{AB30E8FC-E561-48BB-AD43-8DEAEA7EE445}
[2012.02.29 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2012.02.29 23:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.29 23:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.29 23:21:47 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.29 23:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.29 22:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.02.29 22:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.29 21:58:56 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.02.29 21:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.02.15 06:58:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 06:58:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 06:58:51 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.15 06:58:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 06:58:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 06:58:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 06:58:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.15 06:58:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.15 06:58:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 06:58:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 06:58:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.14 23:41:43 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.14 23:41:36 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.14 23:41:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.14 23:41:26 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.03.09 16:09:20 | 000,028,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 16:09:20 | 000,028,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 16:01:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.09 16:00:50 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.09 15:53:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.09 15:32:28 | 000,000,138 | ---- | M] () -- C:\Users\Anna\AppData\Local\mv_Photo.xml
[2012.03.09 15:32:28 | 000,000,129 | ---- | M] () -- C:\Users\Anna\AppData\Local\mv_music.xml
[2012.03.09 15:32:05 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAnna.job
[2012.03.06 22:51:34 | 527,868,105 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.06 21:27:19 | 000,000,188 | ---- | M] () -- C:\Users\Anna\defogger_reenable
[2012.03.06 21:24:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.03.04 11:42:09 | 000,000,781 | ---- | M] () -- C:\Users\Anna\Documents\hosts
[2012.03.02 20:45:40 | 000,162,422 | ---- | M] () -- C:\Users\Anna\Documents\cc_20120302_204518.reg
[2012.03.01 07:05:48 | 001,527,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.01 07:05:48 | 000,656,500 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.01 07:05:48 | 000,618,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.01 07:05:48 | 000,131,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.01 07:05:48 | 000,107,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.29 23:21:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.29 22:54:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.29 21:58:56 | 000,002,971 | ---- | M] () -- C:\Users\Anna\Desktop\HiJackThis.lnk
[2012.02.15 09:42:44 | 000,428,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.03.09 15:44:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.09 15:44:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.09 15:44:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.09 15:44:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.09 15:44:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.06 22:51:34 | 527,868,105 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.06 21:27:18 | 000,000,188 | ---- | C] () -- C:\Users\Anna\defogger_reenable
[2012.03.04 11:42:09 | 000,000,781 | ---- | C] () -- C:\Users\Anna\Documents\hosts
[2012.03.02 20:45:24 | 000,162,422 | ---- | C] () -- C:\Users\Anna\Documents\cc_20120302_204518.reg
[2012.02.29 23:21:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.29 22:54:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.29 21:58:56 | 000,002,971 | ---- | C] () -- C:\Users\Anna\Desktop\HiJackThis.lnk
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.01.30 22:28:15 | 000,001,854 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\GhostObjGAFix.xml
[2011.01.27 19:36:58 | 000,005,632 | ---- | C] () -- C:\Users\Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.08 21:28:00 | 000,223,322 | ---- | C] () -- C:\Windows\hpoins31.dat
[2011.01.08 21:28:00 | 000,000,873 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2011.01.08 19:15:28 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.08 19:05:12 | 000,000,138 | ---- | C] () -- C:\Users\Anna\AppData\Local\mv_Photo.xml
[2011.01.08 19:05:12 | 000,000,129 | ---- | C] () -- C:\Users\Anna\AppData\Local\mv_music.xml
[2010.10.02 23:04:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.02 22:58:31 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.10.02 22:57:32 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.10.02 22:57:32 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.10.02 22:57:32 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.10.02 22:57:32 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.10.02 22:57:31 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.10.02 22:57:30 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.02 22:55:43 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.10.02 22:55:43 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.10.02 22:53:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.21 17:57:41 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.07.21 17:07:00 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.07.21 15:26:14 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2012.02.23 18:57:46 | 000,026,112 | ---- | M] ()(C:\Users\Anna\Documents\????????? ??? ???????.doc) -- C:\Users\Anna\Documents\Программа для Иваново.doc
[2012.02.23 18:57:45 | 000,026,112 | ---- | C] ()(C:\Users\Anna\Documents\????????? ??? ???????.doc) -- C:\Users\Anna\Documents\Программа для Иваново.doc
[2011.12.08 08:23:48 | 000,014,257 | ---- | M] ()(C:\Users\Anna\Documents\???????? ??? ??????.docx) -- C:\Users\Anna\Documents\ТАБЛИЧКА ДЛЯ ВСТРЕЧ.docx
[2011.12.08 08:23:47 | 000,014,257 | ---- | C] ()(C:\Users\Anna\Documents\???????? ??? ??????.docx) -- C:\Users\Anna\Documents\ТАБЛИЧКА ДЛЯ ВСТРЕЧ.docx
[2011.11.20 22:20:08 | 000,000,162 | -H-- | M] ()(C:\Users\Anna\Documents\~$?????????? ?????? ??????????.rtf) -- C:\Users\Anna\Documents\~$тировочная заявка исправлено.rtf
[2011.11.20 22:20:07 | 000,048,348 | ---- | M] ()(C:\Users\Anna\Documents\???????????? ?????? ??????????.rtf) -- C:\Users\Anna\Documents\котировочная заявка исправлено.rtf
[2011.11.20 22:20:07 | 000,048,348 | ---- | C] ()(C:\Users\Anna\Documents\???????????? ?????? ??????????.rtf) -- C:\Users\Anna\Documents\котировочная заявка исправлено.rtf
[2011.11.20 22:20:07 | 000,000,162 | -H-- | C] ()(C:\Users\Anna\Documents\~$?????????? ?????? ??????????.rtf) -- C:\Users\Anna\Documents\~$тировочная заявка исправлено.rtf
[2011.11.20 22:04:06 | 000,049,747 | ---- | M] ()(C:\Users\Anna\Documents\???????????? ??????.rtf) -- C:\Users\Anna\Documents\котировочная заявка.rtf
[2011.11.20 22:02:55 | 000,049,747 | ---- | C] ()(C:\Users\Anna\Documents\???????????? ??????.rtf) -- C:\Users\Anna\Documents\котировочная заявка.rtf
[2011.09.10 07:19:56 | 000,015,724 | ---- | M] ()(C:\Users\Anna\Documents\?????? ??? ???????????.docx) -- C:\Users\Anna\Documents\список для Викторгассе.docx
[2011.09.10 07:19:43 | 000,015,724 | ---- | C] ()(C:\Users\Anna\Documents\?????? ??? ???????????.docx) -- C:\Users\Anna\Documents\список для Викторгассе.docx
[2011.09.06 12:15:51 | 000,014,594 | ---- | M] ()(C:\Users\Anna\Documents\????????? ??? ?????? ?????????.docx) -- C:\Users\Anna\Documents\программа для группы Трейдомед.docx
[2011.09.06 11:46:40 | 000,014,594 | ---- | C] ()(C:\Users\Anna\Documents\????????? ??? ?????? ?????????.docx) -- C:\Users\Anna\Documents\программа для группы Трейдомед.docx
[2011.08.31 20:08:41 | 000,052,736 | ---- | M] ()(C:\Users\Anna\Documents\?????????? ??????? (2).doc) -- C:\Users\Anna\Documents\Соглашение Сальник (2).doc
[2011.08.31 20:06:23 | 000,052,736 | ---- | C] ()(C:\Users\Anna\Documents\?????????? ??????? (2).doc) -- C:\Users\Anna\Documents\Соглашение Сальник (2).doc
[2011.08.29 09:55:05 | 000,015,827 | ---- | M] ()(C:\Users\Anna\Documents\??????????.docx) -- C:\Users\Anna\Documents\СОГЛАШЕНИЕ.docx
[2011.08.29 09:55:05 | 000,015,827 | ---- | C] ()(C:\Users\Anna\Documents\??????????.docx) -- C:\Users\Anna\Documents\СОГЛАШЕНИЕ.docx
[2011.08.05 21:53:05 | 000,013,552 | ---- | M] ()(C:\Users\Anna\Documents\????????? ??? ?????? ??????.docx) -- C:\Users\Anna\Documents\Программа для группы Черней.docx
[2011.08.05 21:53:04 | 000,013,552 | ---- | C] ()(C:\Users\Anna\Documents\????????? ??? ?????? ??????.docx) -- C:\Users\Anna\Documents\Программа для группы Черней.docx
[2011.07.20 06:35:05 | 000,015,903 | ---- | M] ()(C:\Users\Anna\Documents\??????????? ????????????.docx) -- C:\Users\Anna\Documents\Генеральная доверенность.docx
[2011.07.20 06:35:05 | 000,015,903 | ---- | C] ()(C:\Users\Anna\Documents\??????????? ????????????.docx) -- C:\Users\Anna\Documents\Генеральная доверенность.docx
[2011.04.08 20:18:37 | 000,117,248 | ---- | M] ()(C:\Users\Anna\Documents\??????????????? ?????????_v6.doc) -- C:\Users\Anna\Documents\Предварительная программа_v6.doc
[2011.04.08 20:18:37 | 000,117,248 | ---- | C] ()(C:\Users\Anna\Documents\??????????????? ?????????_v6.doc) -- C:\Users\Anna\Documents\Предварительная программа_v6.doc
[2011.04.06 09:23:46 | 000,089,088 | ---- | M] ()(C:\Users\Anna\Documents\??????????????? ?????????_v5.doc) -- C:\Users\Anna\Documents\Предварительная программа_v5.doc
[2011.04.06 09:23:45 | 000,089,088 | ---- | C] ()(C:\Users\Anna\Documents\??????????????? ?????????_v5.doc) -- C:\Users\Anna\Documents\Предварительная программа_v5.doc
[2011.04.02 18:56:45 | 000,059,392 | ---- | M] ()(C:\Users\Anna\Documents\??????????????? ?????????_v4.doc) -- C:\Users\Anna\Documents\Предварительная программа_v4.doc
[2011.04.02 18:56:44 | 000,059,392 | ---- | C] ()(C:\Users\Anna\Documents\??????????????? ?????????_v4.doc) -- C:\Users\Anna\Documents\Предварительная программа_v4.doc
[2011.04.01 13:26:26 | 000,052,736 | ---- | M] ()(C:\Users\Anna\Documents\??????????????? ?????????_v3.doc) -- C:\Users\Anna\Documents\Предварительная программа_v3.doc
[2011.04.01 13:15:05 | 000,052,736 | ---- | C] ()(C:\Users\Anna\Documents\??????????????? ?????????_v3.doc) -- C:\Users\Anna\Documents\Предварительная программа_v3.doc
[2011.03.30 20:19:54 | 000,055,808 | ---- | M] ()(C:\Users\Anna\Documents\??????????????? ?????????.doc) -- C:\Users\Anna\Documents\Предварительная программа.doc
[2011.03.30 20:18:35 | 000,055,808 | ---- | C] ()(C:\Users\Anna\Documents\??????????????? ?????????.doc) -- C:\Users\Anna\Documents\Предварительная программа.doc
[2011.01.20 16:51:53 | 001,411,246 | ---- | M] ()(C:\Users\Anna\Desktop\IMG_0120_????? ??????.jpg) -- C:\Users\Anna\Desktop\IMG_0120_новый размер.jpg
[2011.01.20 16:50:31 | 001,411,246 | ---- | C] ()(C:\Users\Anna\Desktop\IMG_0120_????? ??????.jpg) -- C:\Users\Anna\Desktop\IMG_0120_новый размер.jpg
[2011.01.20 16:44:55 | 001,895,506 | ---- | M] ()(C:\Users\Anna\Desktop\IMG_0082_????? ??????.jpg) -- C:\Users\Anna\Desktop\IMG_0082_новый размер.jpg
[2011.01.20 16:44:45 | 001,895,506 | ---- | C] ()(C:\Users\Anna\Desktop\IMG_0082_????? ??????.jpg) -- C:\Users\Anna\Desktop\IMG_0082_новый размер.jpg
[2011.01.09 13:32:25 | 000,044,544 | ---- | C] ()(C:\Users\Anna\Documents\?????? ??? ???????????1.doc) -- C:\Users\Anna\Documents\письмо для константина1.doc
[2011.01.09 13:32:25 | 000,044,032 | ---- | C] ()(C:\Users\Anna\Documents\?????? ??? ???????????4.doc) -- C:\Users\Anna\Documents\письмо для константина4.doc
[2011.01.09 13:32:25 | 000,044,032 | ---- | C] ()(C:\Users\Anna\Documents\?????? ??? ???????????3.doc) -- C:\Users\Anna\Documents\письмо для константина3.doc
[2011.01.09 13:32:25 | 000,044,032 | ---- | C] ()(C:\Users\Anna\Documents\?????? ??? ???????????2.doc) -- C:\Users\Anna\Documents\письмо для константина2.doc
[2011.01.09 13:32:25 | 000,036,352 | ---- | C] ()(C:\Users\Anna\Documents\???????????? way2austria.doc) -- C:\Users\Anna\Documents\Рекомендации way2austria.doc
[2011.01.09 13:32:25 | 000,028,672 | ---- | C] ()(C:\Users\Anna\Documents\?????? ? ????(??????).doc) -- C:\Users\Anna\Documents\Письмо о Вене(правки.doc
[2011.01.09 13:32:25 | 000,004,734 | ---- | C] ()(C:\Users\Anna\Documents\?????? ??? ???????????4.doc.odt) -- C:\Users\Anna\Documents\письмо для константина4.doc.odt
[2010.11.06 20:09:17 | 000,028,672 | ---- | M] ()(C:\Users\Anna\Documents\?????? ? ????(??????).doc) -- C:\Users\Anna\Documents\Письмо о Вене(правки.doc
[2010.11.02 19:14:55 | 000,036,352 | ---- | M] ()(C:\Users\Anna\Documents\???????????? way2austria.doc) -- C:\Users\Anna\Documents\Рекомендации way2austria.doc
[2010.10.28 15:25:58 | 000,044,032 | ---- | M] ()(C:\Users\Anna\Documents\?????? ??? ???????????4.doc) -- C:\Users\Anna\Documents\письмо для константина4.doc
[2010.10.28 15:07:22 | 000,004,734 | ---- | M] ()(C:\Users\Anna\Documents\?????? ??? ???????????4.doc.odt) -- C:\Users\Anna\Documents\письмо для константина4.doc.odt
[2010.10.28 11:36:02 | 000,044,032 | ---- | M] ()(C:\Users\Anna\Documents\?????? ??? ???????????3.doc) -- C:\Users\Anna\Documents\письмо для константина3.doc
[2010.10.27 17:56:42 | 000,044,032 | ---- | M] ()(C:\Users\Anna\Documents\?????? ??? ???????????2.doc) -- C:\Users\Anna\Documents\письмо для константина2.doc
[2010.10.27 16:01:35 | 000,044,544 | ---- | M] ()(C:\Users\Anna\Documents\?????? ??? ???????????1.doc) -- C:\Users\Anna\Documents\письмо для константина1.doc

< End of report >

#14 Dann denke ich sind wir durch, die hosts-Datei ist auch wieder so wie sie sein sollte.

1. Starte OTL und klicke bitte auf Bereinigung. OTL entfernt sich daraufhin selbst.

2. Halte Dein System auf dem neuesten Stand. http://secunia.com/vulnerability_scanning/personal/ kann dabei helfen (kostenlos).

3. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

Fertig

Gruß,
gangren

#15 Hallo Gangren,

vielen Dank für die Unterstützung und die Zeit.
hast mir sehr geholfen.

VIELEN DANK