Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.07.2012, 11:26   #1
UweP
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Hallo,

Ich habe mir einen Trojaner eingefangen, der den kompletten Bildschirm verdeckt (mit der o.g. Überschrift) und per Ukash auffordert 100€ zu zahlen.

Nach einigem suchen hier im Forum habe ich jetzt den Rechner im abgesicherten Modus gestartet, Malwarebytes Anti-Malware installiert und gestartet. Meldung nach Durchsuchung:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.24.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
pulsfort :: W7-PULSFORT-NB [Administrator]

Schutz: Deaktiviert

24.07.2012 10:35:44
mbam-log-2012-07-24 (10-35-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 412095
Laufzeit: 51 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wdscore (Trojan.Agent.3D) -> Daten: C:\Users\pulsfort.MUNICH0\AppData\Local\Microsoft\Windows\3936\wdscore.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\pulsfort.MUNICH0\AppData\Local\Microsoft\Windows\3936\wdscore.exe (Trojan.Agent.3D) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Anschließend habe ich OTL gestartet und folgende Log Files erhalten:

OTL LogFile:
Code:
ATTFilter
OTL logfile created on: 7/24/2012 11:56:12 AM - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\pulsfort.MUNICH0\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.87 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 81.83% Memory free
7.73 Gb Paging File | 7.07 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.40 Gb Total Space | 128.55 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
Drive D: | 1.99 Gb Total Space | 1.90 Gb Free Space | 95.50% Space Free | Partition Type: FAT32
Drive F: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive K: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
 
Computer Name: W7-PULSFORT-NB | User Name: pulsfort | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\pulsfort.MUNICH0\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SaperaCameraLinkServer) -- C:\Program Files\Teledyne DALSA\Sapera\CamExpert\CameraLinkServer.exe ()
SRV:64bit: - (CorLogServer) -- C:\Program Files\Teledyne DALSA\Sapera\Bin\CorLogServer.exe (Teledyne DALSA)
SRV:64bit: - (CorAppLauncher) -- C:\Program Files\Teledyne DALSA\Sapera\Bin\CorAppLauncher.exe (Teledyne DALSA)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (CrypKey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV:64bit: - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV:64bit: - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (buttonsvc64) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
SRV - (SONICWALL_NetExtender) -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe (SonicWALL Inc.)
SRV - (DvmMDES) -- D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (SFUpdater) -- C:\Program Files (x86)\ShareFile\Updater\UpdateService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (CorSerial) -- C:\Windows\SysNative\drivers\corserial.sys (Teledyne DALSA)
DRV:64bit: - (CorPci) -- C:\Windows\SysNative\drivers\CorPci.sys (Teledyne DALSA)
DRV:64bit: - (CorMem) -- C:\Windows\SysNative\drivers\cormem.sys (Teledyne DALSA)
DRV:64bit: - (CorLog) -- C:\Windows\SysNative\drivers\CorLog.sys (Teledyne DALSA)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdfltn.sys (ST Microelectronics)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshhl) -- C:\Windows\SysNative\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SSLDrv) -- C:\Windows\SysNative\drivers\SSLDrv.sys (SonicWALL Inc.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV - (DVMIO) -- D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys (DeviceVM, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{5425E8FF-6913-4D98-9B56-780BAA2DD69F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{FB97826F-D406-4CD5-B019-B38CE0266C54}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enDE466
IE - HKCU\..\SearchScopes\{CEC6A7FF-9086-4382-8DBA-46926F1B24F9}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&cof=&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/03 12:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 08:51:08 | 000,000,000 | ---D | M]
 
[2012/01/13 15:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\mozilla\Extensions
[2012/07/03 13:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\mozilla\Firefox\Profiles\utyu5uan.default\extensions
[2012/07/03 12:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/29 09:58:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/03 12:55:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012/04/10 10:17:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/05/12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/07/03 12:55:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/03 12:55:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/03 12:55:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/03 12:55:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/03 12:55:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/03 12:55:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Google Mail = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120210122206.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120210122207.dll (McAfee, Inc.)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CorGigeStatus] "C:\DALSA\Network Interface\Bin\CorGigeStatus.exe" /s File not found
O4:64bit: - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Teledyne DALSA X64 Xcelera-CL+ PX8 Device Manager] C:\Program Files\Teledyne DALSA\X64 Xcelera-CL+ PX8\Bin\CorAppLauncher.exe (Teledyne DALSA)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4:64bit: - HKLM..\RunOnce: [Teledyne DALSA Device Manager - CorX64XceleraCL+PX8x] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: dalsa.org ([ein-cas-01.netherlands] https in Trusted sites)
O15:64bit: - ..Trusted Domains: dalsa.org ([iron.waterloo] http in Trusted sites)
O15:64bit: - ..Trusted Domains: dalsa.org ([peach.waterloo] http in Trusted sites)
O15:64bit: - ..Trusted Domains: dalsa.org ([wat-cas-01.waterloo] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ein-cas-01 ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: iron ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: peach ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: wat-cas-01 ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: waterloomail ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.com ([sra] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.com ([sre] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.com ([srp] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([ein-cas-01.netherlands] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([iron.waterloo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([peach.waterloo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([wat-cas-01.waterloo] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ein-cas-01 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: iron ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: peach ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: wat-cas-01 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: waterloomail ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sre.dalsa.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://sre.dalsa.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A2CBD67A-F77D-45DF-9621-5F563DAE18FF} hxxp://lead:3333/SlxClient/SLXActiveMail.cab (SlxEmailNotifier Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/support/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MUNICH.DALSA.ORG
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CE8FE8-0767-47B9-A15E-34791A8EA847}: Domain = Waterloo.dalsa.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CE8FE8-0767-47B9-A15E-34791A8EA847}: NameServer = 10.1.0.11 10.1.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15330F3D-4683-41EA-BD89-4E5026833444}: DhcpNameServer = 192.168.99.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{626BC815-DA33-4DA9-A2DB-55D42EDFC446}: DhcpNameServer = 10.2.0.2 10.2.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7995E750-0381-49C9-9C16-DBCAD610BB84}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCF70D92-45E8-4CB8-A9C6-3539767E491D}: DhcpNameServer = 192.168.99.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qvp - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\Qvp.dll (QlikTech AB)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/24 11:53:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\pulsfort.MUNICH0\Desktop\OTL.exe
[2012/07/24 10:33:12 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\Malwarebytes
[2012/07/24 10:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/24 10:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/24 10:32:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/24 10:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/24 08:53:55 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\hellomoto
[2012/07/13 15:50:03 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\Desktop\Solystic
[2012/07/11 11:01:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 11:01:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 11:01:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 11:01:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 11:01:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 11:01:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 11:01:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 11:01:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 11:01:36 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 11:01:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 11:01:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 11:01:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 11:01:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 09:29:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 09:29:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 09:29:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 09:29:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 09:29:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/11 09:28:56 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 09:28:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 10:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2012/07/10 10:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
[2012/07/10 10:08:26 | 000,014,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys
[2012/07/10 10:07:56 | 001,293,824 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusb4.sys
[2012/07/10 10:07:56 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwlan4ci.dll
[2012/07/06 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\Desktop\ImageS China Issue
[2012/07/03 12:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/03 12:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/25 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\AppData\Local\Macromedia
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/24 11:54:30 | 000,907,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/24 11:54:30 | 000,745,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/24 11:54:30 | 000,154,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/24 11:53:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pulsfort.MUNICH0\Desktop\OTL.exe
[2012/07/24 11:50:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 11:50:02 | 3112,566,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 11:49:11 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 11:49:11 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 11:44:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 10:32:59 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/23 16:33:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/23 16:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 14:52:24 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job
[2012/07/14 09:59:08 | 000,113,245 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\www.munich-airport.de.pdf
[2012/07/12 13:21:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 13:21:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 20:06:31 | 000,002,416 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\Google Chrome.lnk
[2012/07/11 13:12:21 | 000,046,250 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\0910_Gomastit_2040_TDS.pdf
[2012/07/11 11:33:41 | 000,001,135 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/11 11:15:07 | 000,312,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/09 11:48:42 | 013,503,507 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\TD uncooled IR - AVT Meeting June 2012.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 08:58:23 | 000,000,488 | RHS- | M] () -- C:\Users\pulsfort.MUNICH0\ntuser.pol
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/24 10:32:59 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/14 14:52:24 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job
[2012/07/14 09:59:07 | 000,113,245 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\www.munich-airport.de.pdf
[2012/07/11 13:12:21 | 000,046,250 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\0910_Gomastit_2040_TDS.pdf
[2012/07/10 10:08:35 | 000,013,189 | R--- | C] () -- C:\Windows\instwcli.inf
[2012/07/10 10:07:56 | 000,049,792 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusb4.bin
[2012/07/09 12:24:27 | 013,503,507 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\TD uncooled IR - AVT Meeting June 2012.pdf
[2012/06/28 15:21:18 | 001,481,186 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\SaperaCameraSDK.pdf
[2012/05/22 10:06:11 | 000,001,552 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\.recently-used.xbel
[2012/01/18 18:03:47 | 000,004,063 | ---- | C] () -- C:\Windows\scad3.INI
[2012/01/10 15:49:43 | 000,007,600 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\AppData\Local\Resmon.ResmonCfg
[2011/04/13 09:36:25 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/04/13 09:36:25 | 000,000,219 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/03/01 12:24:37 | 000,072,080 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\g2mdlhlpx.exe
[2010/12/06 12:22:59 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234
[2010/10/11 11:10:31 | 000,003,584 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 15:55:25 | 000,000,488 | RHS- | C] () -- C:\Users\pulsfort.MUNICH0\ntuser.pol
[2010/06/18 15:55:00 | 000,005,268 | RHS- | C] () -- C:\ProgramData\ntuser.pol

< End of report >
         

Extras Log:
Code:
ATTFilter
OTL Extras logfile created on: 7/24/2012 11:56:12 AM - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\pulsfort.MUNICH0\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.87 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 81.83% Memory free
7.73 Gb Paging File | 7.07 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.40 Gb Total Space | 128.55 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
Drive D: | 1.99 Gb Total Space | 1.90 Gb Free Space | 95.50% Space Free | Partition Type: FAT32
Drive F: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive K: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
 
Computer Name: W7-PULSFORT-NB | User Name: pulsfort | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C42DB4B-1D35-426B-94A1-48D691CE5B77}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{0CAB6A3E-0111-4228-BF5D-358EA7EC3B1A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0DDEE67B-10EE-4A78-B7FA-EF3DCDE48CB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0EBE907A-E6CD-4A60-B762-2165AA1B675F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{10FB510C-1C84-46F3-9112-928AC5515003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{22A996AD-0BEA-4374-A5C8-7B5DD44EE2ED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2B501E0D-2904-4C49-A775-F03CB3E74B49}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2F8D085C-3FA0-4A44-93CB-CF0191C8862F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5C928DB0-D523-441B-BBE0-F99C24AFC0C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6AC45DD9-F70B-49A2-A81E-7E536208830E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{72CBDE1C-9DF9-4B5B-AEE6-5C2B1CFD6F31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7BE9F56C-846A-42F9-9747-808071C22A04}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8FEE05F3-FEDC-4410-A57C-7377B3165541}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A17C5371-DB6C-4B66-8CB0-AFA9FC5D5A4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A63BE148-7EF5-487E-BE19-CD37F68B757A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CC570A95-74B7-4684-86E8-44192C1D8B83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6D9762D-B0C7-4F86-857E-F2884D167AA2}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16225C20-A393-436B-A3BE-BDE4E72BC8FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1BC47899-29DA-47DA-8D04-88B846A3807D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1E557213-2693-4F08-B718-D41E089D94FC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"{1F519A71-F208-424B-9614-815732716B26}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{2A70A2D6-3BA5-46D0-8B59-0435A68CA153}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3BF980D8-C2EC-4144-B186-8CDF41ADC13E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5018C3AD-2612-4B1D-B65F-7EF74CC56264}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{65CDFAB3-39F3-41AB-8D1F-E5DFD12B5F29}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{680A34E3-62CA-4040-A006-7245249D5B28}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{7511F001-FB51-4DCB-8C7E-E7C76D0C9119}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7A408F6D-6385-4CB4-ABB9-D4C17E96186D}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{7B47DBB0-5E46-430F-BA7C-E429E442CB21}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{8022FC96-9A4A-4D39-8DE8-045F974C074F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{859099CB-9B5C-47E4-AED5-1CB0FD18C18E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9070B90C-D7C6-47A2-99AC-741DB8B70DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{90D9BB57-DED3-4A49-9B39-7949F3EDDA71}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A242F5DA-8892-4544-B461-91523E33AF62}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A34AF56A-82EE-4425-A92F-F67CD7484F59}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B1FF2B42-5B38-4BFD-B634-3F316320EEDA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C23CDB6C-578D-4595-9B1D-99041FC7C67A}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{C261493C-3D57-4181-B720-EC74CC0D1D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{C47E0A8C-FC83-4642-A3F6-5CAC5EA7423A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E50F18ED-3A8A-4450-8CB4-5BEC26AB1F50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E74182CF-FA68-482E-8568-DF17B643FE5C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F9481239-BE50-48A5-A58E-1A4B87E249FC}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{0592AC66-BE45-4EC3-8A45-DDE0E7CE1873}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - DEU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0D86482F-24B7-4DFA-A993-ACC2C9AD0031}" = Dell Control Point 64
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{258C1129-0FD3-4513-8F49-469524FF8B1A}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - DEU
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{38C75838-BEBC-41BB-9306-2BA3D4DC4E94}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87EBE6AA-E4AA-4F3B-975C-72575C660BE7}" = Dell ControlPoint System Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{A6DDE7CF-70DF-41BF-A648-A7160DD52215}" = SO64MMWrapper
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer
"{DB13A32E-D83A-491F-9529-224AA7A2BD38}" = Dell ControlVault Host Components Installer 64Bit
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EF7F706C-50C4-41D8-8600-4AF6B21F2D96}" = DCP64MMWrapper
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"Microsoft Visual Studio 2005 Remote Debugger (x64) - DEU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 14.8.43.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00610407-7C6C-486A-BB1D-80CEAC7E076B}" = Microsoft Visual Studio 2005 Professional Edition - DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03A1E44A-4B8B-4FEC-8368-B30F8FFDA0B6}" = Teledyne DALSA Sapera LT SDK 7.20.01.1115
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DA750F9-797D-469C-A45C-215E656D7307}" = MSDN Library for Visual Studio 2005 - German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29A608AC-5AC2-4E83-AD98-AB1D7C712550}" = Teledyne DALSA X64 Xcelera-CL+ PX8 Device Driver 1.10.01.0202
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{429DDF39-8056-4266-B8AC-F725E696AFFB}" = eBUS Driver Suite 1.1.1.921
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix Online Plug-in (USB)
"{5775936C-ABB9-4F49-B7BC-37A6DB001EFD}" = QlikView Plugin
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix Online Plug-in (PNA)
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D3BEF52-F71E-4CFD-B5D9-DE72F2CF54DC}" = Kubotek Spectrum 6.3
"{7E7A2DE4-BB59-478F-800B-86CD89325286}" = DALSA Sapera Processing 7.20.1.512
"{81ABC4A0-DE63-11DE-8A39-0800200C9A66}" = FreeCAD 0.10
"{844EFBA7-1C24-93B2-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86_x64) WinSXS MSM
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{88C10FAC-D997-4804-B1F1-B4BF493A61B6}" = eBUS Driver Suite 1.1.1.921
"{88F93A2E-A2F3-4C36-B3D3-EEB274AA2C1C}" = Microsoft Device Emulator Version 1.0 - DEU
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}" = Sentinel Protection Installer 7.6.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix Online Plug-in (Web)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix Online Plug-in (SSON)
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C291C2D5-8A9C-46BE-8A96-6A60DB4AC482}" = Reader 2.0
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix Online Plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix Online Plug-in (DV)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F7E2D757-1116-42CC-A6CA-04788EED5FED}" = WebEx Productivity Tools
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"CitrixOnlinePluginFull" = Citrix Online Plug-in
"Dell Webcam Central" = Dell Webcam Central
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.5.3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - DEU" = Microsoft Visual Studio 2005 Professional Edition - DEU
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSDN Library für Visual Studio 2005 - Deutsch" = MSDN Library für Visual Studio 2005 - Deutsch
"RarZilla Free Unrar" = RarZilla Free Unrar
"Reader2.0" = Reader 2.0
"SFOLP" = ShareFile Outlook 2007 Plug-in
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 7" = TeamViewer 7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.7.0.595
"IDA-STEP" = IDA-STEP
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/24/2012 4:10:39 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = SFUpdater | ID = 0
Description = 
 
Error - 7/24/2012 4:10:39 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = SFUpdater | ID = 0
Description = * Unhandled error in worker thread  System.NullReferenceException: Object
 reference not set to an instance of an object.     at ShareFile.UpdateServiceCore.MainService.BackgroundTask()

   at ShareFile.UpdateService.ServiceMain.BackgroundTask()     at ShareFile.ServiceBase.ServiceBaseClass.RunBackgroundTask()
 
Error - 7/24/2012 5:07:45 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error - 7/24/2012 5:07:45 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error - 7/24/2012 5:07:49 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error - 7/24/2012 5:07:49 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error - 7/24/2012 5:18:59 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error - 7/24/2012 5:18:59 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error - 7/24/2012 5:19:02 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error - 7/24/2012 5:19:02 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
[ Media Center Events ]
Error - 3/11/2011 7:53:27 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 12:53:27 - Error connecting to the internet.  12:53:27 -     Unable 
to contact server..  
 
Error - 5/5/2011 1:17:24 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 07:17:24 - Error connecting to the internet.  07:17:24 -     Unable 
to contact server..  
 
Error - 5/5/2011 1:17:38 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 07:17:29 - Error connecting to the internet.  07:17:29 -     Unable 
to contact server..  
 
Error - 5/20/2011 2:23:09 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 20:22:47 - Error connecting to the internet.  20:22:47 -     Unable 
to contact server..  
 
Error - 5/20/2011 3:23:16 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 21:23:13 - Error connecting to the internet.  21:23:13 -     Unable 
to contact server..  
 
Error - 5/20/2011 4:23:25 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 22:23:21 - Error connecting to the internet.  22:23:21 -     Unable 
to contact server..  
 
Error - 5/20/2011 5:23:33 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 23:23:30 - Error connecting to the internet.  23:23:30 -     Unable 
to contact server..  
 
[ OSession Events ]
Error - 6/30/2010 6:46:04 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2983
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 6/30/2010 7:07:53 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 183
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 12/9/2010 3:41:12 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/24/2011 8:09:46 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 1067 seconds with 1020 seconds of active time.  This session ended with a
 crash.
 
Error - 6/20/2011 7:24:05 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 6/20/2011 7:24:30 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/12/2011 3:49:40 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 227
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 7/24/2012 5:50:32 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 7/24/2012 5:50:32 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 7/24/2012 5:50:32 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 7/24/2012 5:50:33 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 7/24/2012 5:50:33 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 7/24/2012 5:50:34 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\System32\IWMSSvc.dll
Error
 Code: 21  
 
Error - 7/24/2012 5:51:02 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description = 
 
Error - 7/24/2012 5:51:07 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description = 
 
Error - 7/24/2012 5:51:08 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description = 
 
Error - 7/24/2012 5:51:09 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

Nach einem Neustart im Standard-Modus wird die Trojanermeldung nun nicht mehr angezeigt. Welche weiteren Schritte sollte ich noch unternehmen um das System vollständig sauber zu bekommen?

Vielen Dank im Voraus für eure Hilfe!

Gruß....Uwe

Alt 25.07.2012, 02:17   #2
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe () 
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () 
SRV - (SFUpdater) -- C:\Program Files (x86)\ShareFile\Updater\UpdateService.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{5425E8FF-6913-4D98-9B56-780BAA2DD69F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{FB97826F-D406-4CD5-B019-B38CE0266C54}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enDE466 
IE - HKCU\..\SearchScopes\{CEC6A7FF-9086-4382-8DBA-46926F1B24F9}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 
IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = http://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&cof=&q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O4:64bit: - HKLM..\Run: [CorGigeStatus] "C:\DALSA\Network Interface\Bin\CorGigeStatus.exe" /s File not found 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4:64bit: - HKLM..\RunOnce: [Teledyne DALSA Device Manager - CorX64XceleraCL+PX8x] Reg Error: Invalid data type. File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O30 - LSA: Authentication Packages - (wvauth) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] 
 

[2012/07/24 08:53:55 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\hellomoto 
[2012/07/24 11:44:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/23 16:33:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012/07/23 16:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/07/14 14:52:24 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job 
[2012/07/14 14:52:24 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job 

:Files
[2010/12/06 12:22:59 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234

C:\Users\pulsfort.MUNICH0\AppData\Local\Microsoft\Windows\3936\
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 25.07.2012, 08:29   #3
UweP
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Erstmal danke für die schnelle Hilfe. Hier ist der Log den ich in C:\_OTL\MovedFiles gefunden habe.

Während des fixen kam eine Meldung das Windows auf ein kritisches Problem gestoßen ist und in einer Minute runtergefahren wird.

Ich glaube Windows wurde dann runtergefahren während das fixen noch lief.


Code:
ATTFilter
Files\Folders moved on Reboot...
C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB.log moved successfully.
C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB_error.log moved successfully.
C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB.log not found!
File C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB_error.log not found!
File C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
__________________

Alt 25.07.2012, 16:18   #4
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Hast du den FIX richig in OTL eingefuegt?

Bitte wiederholen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 09:36   #5
UweP
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Jetzt hat es anscheinend geklappt. Hier der neue Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named InstallFilterService was found to stop!
Service\Driver key InstallFilterService not found.
File  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe  not found.
Error: No service named tcsd_win32.exe was found to stop!
Service\Driver key tcsd_win32.exe not found.
File  C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe  not found.
Error: No service named SFUpdater was found to stop!
Service\Driver key SFUpdater not found.
File  C:\Program Files (x86)\ShareFile\Updater\UpdateService.exe  not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5425E8FF-6913-4D98-9B56-780BAA2DD69F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5425E8FF-6913-4D98-9B56-780BAA2DD69F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB97826F-D406-4CD5-B019-B38CE0266C54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB97826F-D406-4CD5-B019-B38CE0266C54}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEC6A7FF-9086-4382-8DBA-46926F1B24F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEC6A7FF-9086-4382-8DBA-46926F1B24F9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CorGigeStatus not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Teledyne DALSA Device Manager - CorX64XceleraCL+PX8x not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:wvauth deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File/Folder C:\Windows\SysNative\*.tmp not found.
Folder C:\Users\pulsfort.MUNICH0\AppData\Roaming\hellomoto\ not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job not found.
========== FILES ==========
Invalid Switch: 06 12:22:59 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234
Folder C:\Users\pulsfort.MUNICH0\AppData\Local\Microsoft\Windows\3936 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\pulsfort.MUNICH0\Desktop\cmd.bat deleted successfully.
C:\Users\pulsfort.MUNICH0\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: pulsfort
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: pulsfort.MUNICH0
->Temp folder emptied: 3392921 bytes
->Temporary Internet Files folder emptied: 511146659 bytes
->Java cache emptied: 7973887 bytes
->FireFox cache emptied: 127061483 bytes
->Google Chrome cache emptied: 6948751 bytes
->Flash cache emptied: 523 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 277727206 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100800 bytes
RecycleBin emptied: 65886903 bytes
 
Total Files Cleaned = 954.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: DefaultAppPool
 
User: Public
 
User: pulsfort
->Flash cache emptied: 0 bytes
 
User: pulsfort.MUNICH0
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.54.1 log created on 07262012_102505

Files\Folders moved on Reboot...
C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB.log moved successfully.
C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB_error.log moved successfully.
C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
C:\Windows\temp\wbxtra_07262012_082402.wbt moved successfully.

PendingFileRenameOperations files...
File C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB.log not found!
File C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\McAfeeLogs\UpdaterUI_W7-PULSFORT-NB_error.log not found!
File C:\Users\pulsfort.MUNICH0\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/26 10:28:03 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5
File C:\Windows\temp\wbxtra_07262012_082402.wbt not found!

Registry entries deleted on Reboot...
         

Danke noch mal für die schnelle Hilfe....


Alt 26.07.2012, 10:21   #6
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"

Alt 26.07.2012, 12:27   #7
UweP
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Der Rechner läuft eigendlich ausgezeichnet (), aber der AdwCleaner gibt eine Fehlermeldung raus kurz nachdem ich den Search starte.


Vollscan mit Malwarebytes Anti-Malware war gut. Hier der Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pulsfort :: W7-PULSFORT-NB [Administrator]

Schutz: Aktiviert

26.07.2012 11:40:19
mbam-log-2012-07-26 (11-40-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407132
Laufzeit: 1 Stunde(n), 27 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Angehängt die Felhlermeldung die ich vom AdwCleaner bekomme.

Danke....Uwe
Angehängte Grafiken
Dateityp: jpg Fehlermeldung AdwCleaner.jpg (25,0 KB, 450x aufgerufen)

Alt 26.07.2012, 12:34   #8
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Bitte neu runterladen und nochmal probieren!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 13:19   #9
UweP
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Habe den Cleaner nochmal runtergeladen, bekomme aber weiterhin die gleiche Feldermeldung.

Danke,

Uwe

Alt 26.07.2012, 14:59   #10
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 13:27   #11
UweP
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Hallo,

hier der Bericht vom Scan mit Emsisoft Anti-Malware.
Sieht doch gut aus, oder?


Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.07.2012 12:58:18

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	31.07.2012 12:59:28


Gescannt	622057
Gefunden	0

Scan Ende:	31.07.2012 14:12:24
Scan Zeit:	1:12:56
         
Danke.....Uwe

Alt 31.07.2012, 13:30   #12
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 03:40   #13
t'john
/// Helfer-Team
 
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Standard

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
bho, bildschirm, bingbar, blockiert, bonjour, computer, der computer ist für die verletzung, device driver, document, error, excel, failed, firefox, flash player, format, google earth, helper, hijack, install.exe, logfile, microsoft office word, object, office 2007, plug-in, registry, rundll, scan, searchscopes, security, software, stick, svchost.exe, trojaner, verletzung der gesetze der bundesrepublik deutschland wurde blockiert, visual studio, windows xp




Ähnliche Themen: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"


  1. Trojaner "der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert "
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (17)
  2. "Der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert" Windows XP
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  3. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (3)
  4. Hab den Virus "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (11)
  5. "Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert "
    Log-Analyse und Auswertung - 09.09.2012 (2)
  6. UKASH-Trojaner "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 08.09.2012 (14)
  7. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (11)
  8. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (19)
  9. "Dieser Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (17)
  10. Mal wieder "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (7)
  11. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 14.08.2012 (22)
  12. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (14)
  13. "der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (2)
  14. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (38)
  15. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (8)
  16. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 08.08.2012 (5)
  17. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (16)

Zum Thema "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" - Hallo, Ich habe mir einen Trojaner eingefangen, der den kompletten Bildschirm verdeckt (mit der o.g. Überschrift) und per Ukash auffordert 100€ zu zahlen. Nach einigem suchen hier im Forum habe - "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"...
Archiv
Du betrachtest: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.