GVU Trojaner, Prüfung MBR (inkl. Log-Files)

Hagen Arne · 01.08.2012, 22:23

Hallo zusammen,

habe Probleme mit 2 Rechnern. Leider konnte ich gestern nur die Logfiles vom einen Rechner posten (siehe mein anderer threat), der andere Rechner ließ sich nicht im abgesicherten Modus starten. Heute habe ich dann einen erneuten Versuch mit der Kaspersky Rescue Disk unternommen und konnte damit immerhin Windows starten und die geforderten Log-Files erstellen (siehe unten). Ich hoffe, daß das jetzt nicht als crossposting gewertet wird, immerhin geht es ja um 2 Rechner und die Log-Dateien für den zweiten Rechner habe ich eben erst erhalten.

Würde das System am liebsten einfach nochmal neu (und diesmal richtig) aufzusetzen. Dazu müsste ich aber vorher wissen, ob mein MBR in Ordnung ist. Aus dem Log-File werde ich allerdings nicht schlau. Ehrlich gesagt verstehe ich auch nicht, wieso der GMER-Scan nur für 32bit-Versionen ausgeführt werden soll. Sind MBR von 64bit-Versionen resistent?

Vielen Dank für Eure Hilfe!

Hier die Log Files:

aswMBR:

Zitat:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 22:32:30
-----------------------------
22:32:30.715 OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:30.715 Number of processors: 8 586 0x1A05
22:32:30.715 ComputerName: HANS-DIETHER-PC UserName: Dietmar
22:32:31.386 Initialize success
22:34:23.024 AVAST engine defs: 12080100
22:34:30.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
22:34:30.075 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
22:34:30.075 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
22:34:30.075 Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
22:34:30.091 Disk 0 MBR read successfully
22:34:30.091 Disk 0 MBR scan
22:34:30.106 Disk 0 Windows 7 default MBR code
22:34:30.122 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:34:30.137 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238900 MB offset 206848
22:34:30.153 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237937 MB offset 489474048
22:34:30.184 Disk 0 scanning C:\Windows\system32\drivers
22:34:39.872 Service scanning
22:34:57.531 Modules scanning
22:34:57.531 Disk 0 trace - called modules:
22:34:57.547 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:34:57.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f77790]
22:34:57.562 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8005d4e860]
22:34:57.562 5 ACPI.sys[fffff88000ed87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8005d7a060]
22:34:57.984 AVAST engine scan C:\Windows
22:34:59.372 AVAST engine scan C:\Windows\system32
22:37:44.153 AVAST engine scan C:\Windows\system32\drivers
22:37:53.388 AVAST engine scan C:\Users\Dietmar
22:39:06.504 Disk 0 MBR has been saved successfully to "C:\Users\Dietmar\Desktop\MBR.dat"
22:39:06.504 The log file has been saved successfully to "C:\Users\Dietmar\Desktop\aswMBR.txt"

MBRCheck

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: X58A-UD3R
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 190):
0x02E16000 \SystemRoot\system32\ntoskrnl.exe
0x033FE000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00C08000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C57000 \SystemRoot\system32\PSHED.dll
0x00C6B000 \SystemRoot\system32\CLFS.SYS
0x00CC9000 \SystemRoot\system32\CI.dll
0x00E1A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EBE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ECD000 \SystemRoot\system32\drivers\ACPI.sys
0x00F24000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F2D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F37000 \SystemRoot\system32\drivers\pci.sys
0x00F6A000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F77000 \SystemRoot\System32\drivers\partmgr.sys
0x00F8C000 \SystemRoot\system32\drivers\volmgr.sys
0x00FA1000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\drivers\pciide.sys
0x00E07000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00D89000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00DA9000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00DD8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DF2000 \SystemRoot\system32\drivers\atapi.sys
0x01034000 \SystemRoot\system32\drivers\ataport.SYS
0x0105E000 \SystemRoot\system32\drivers\amdxata.sys
0x01069000 \SystemRoot\system32\drivers\fltmgr.sys
0x010B5000 \SystemRoot\system32\drivers\fileinfo.sys
0x01220000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010C9000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01127000 \SystemRoot\System32\Drivers\cng.sys
0x013DE000 \SystemRoot\System32\drivers\pcw.sys
0x013EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01477000 \SystemRoot\system32\drivers\ndis.sys
0x0156A000 \SystemRoot\system32\drivers\NETIO.SYS
0x015CA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016E3000 \SystemRoot\System32\drivers\tcpip.sys
0x018E6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01930000 \SystemRoot\system32\drivers\volsnap.sys
0x0197C000 \SystemRoot\System32\Drivers\spldr.sys
0x01984000 \SystemRoot\System32\drivers\rdyboost.sys
0x019BE000 \SystemRoot\System32\Drivers\mup.sys
0x019D0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x016B6000 \SystemRoot\system32\drivers\cdrom.sys
0x019D9000 \SystemRoot\System32\Drivers\Null.SYS
0x019E2000 \SystemRoot\System32\Drivers\Beep.SYS
0x019E9000 \SystemRoot\system32\drivers\MTiCtwl.sys
0x019F2000 \SystemRoot\System32\drivers\vga.sys
0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01425000 \SystemRoot\System32\drivers\watchdog.sys
0x01435000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0143E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01447000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01450000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0145B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01199000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CE9000 \SystemRoot\system32\drivers\afd.sys
0x02D72000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DB7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DC0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DE6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C1B000 \SystemRoot\system32\drivers\termdd.sys
0x02C2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C80000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C8C000 \SystemRoot\system32\drivers\mssmbios.sys
0x02C97000 \SystemRoot\System32\drivers\discache.sys
0x02CA6000 \SystemRoot\System32\Drivers\dfsc.sys
0x02CC4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011BB000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02CD5000 \SystemRoot\system32\DRIVERS\AppleCharger.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011DF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03E78000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x03EA8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0F017000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FCA9000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0FCAB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FD9F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FDE5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03EAA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0F000000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03F00000 \SystemRoot\system32\drivers\HDAudBus.sys
0x03F24000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03F63000 \SystemRoot\system32\drivers\1394ohci.sys
0x0FDF2000 \SystemRoot\system32\drivers\wmiacpi.sys
0x03FA1000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03FB1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04CB4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04CCE000 \SystemRoot\system32\drivers\kbdclass.sys
0x04CDD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04CEC000 \SystemRoot\system32\drivers\swenum.sys
0x04CEE000 \SystemRoot\system32\drivers\ks.sys
0x04D31000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04D43000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04D5A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04DB4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0641D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0663F000 \SystemRoot\system32\drivers\portcls.sys
0x0667C000 \SystemRoot\system32\drivers\drmk.sys
0x0669E000 \SystemRoot\system32\drivers\ksthunk.sys
0x066A4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x066B2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x066CB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x066D4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x066EF000 \SystemRoot\system32\drivers\kbdhid.sys
0x066FD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x0670A000 \SystemRoot\System32\drivers\Dxapi.sys
0x06716000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06733000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06741000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0674D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06756000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06769000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x06777000 \SystemRoot\system32\drivers\luafv.sys
0x0679A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x067B9000 \SystemRoot\system32\drivers\WudfPf.sys
0x067DA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06400000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0624F000 \SystemRoot\system32\drivers\HTTP.sys
0x06318000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06336000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0634E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0637B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x063C9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04C00000 \SystemRoot\system32\drivers\peauth.sys
0x063ED000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06200000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06231000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0B066000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0B0CF000 \SystemRoot\System32\DRIVERS\srv.sys
0x0B167000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0B198000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x0B1A3000 \SystemRoot\system32\DRIVERS\WSDScan.sys
0x0C938000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0C943000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0C979000 \??\C:\Users\Dietmar\AppData\Local\Temp\aswMBR.sys
0x0C988000 \??\C:\Windows\system32\drivers\mbam.sys
0x76EB0000 \Windows\System32\ntdll.dll
0x47E90000 \Windows\System32\smss.exe
0xFF1D0000 \Windows\System32\apisetschema.dll
0xFF980000 \Windows\System32\autochk.exe
0xFF0F0000 \Windows\System32\usp10.dll
0x77080000 \Windows\System32\psapi.dll
0xFF090000 \Windows\System32\Wldap32.dll
0xFEE80000 \Windows\System32\ole32.dll
0x76DB0000 \Windows\System32\user32.dll
0xFEE50000 \Windows\System32\imm32.dll
0xFED40000 \Windows\System32\msctf.dll
0xFEC60000 \Windows\System32\oleaut32.dll
0xFDED0000 \Windows\System32\shell32.dll
0x76C90000 \Windows\System32\kernel32.dll
0xFDDA0000 \Windows\System32\rpcrt4.dll
0xFDD50000 \Windows\System32\ws2_32.dll
0xFDD40000 \Windows\System32\lpk.dll
0xFDCD0000 \Windows\System32\gdi32.dll
0xFDC30000 \Windows\System32\clbcatq.dll
0xFDC10000 \Windows\System32\imagehlp.dll
0x77070000 \Windows\System32\normaliz.dll
0x76B30000 \Windows\System32\wininet.dll
0xFDA30000 \Windows\System32\setupapi.dll
0xFDA10000 \Windows\System32\sechost.dll
0xFD970000 \Windows\System32\comdlg32.dll
0xFD8F0000 \Windows\System32\difxapi.dll
0xFD870000 \Windows\System32\shlwapi.dll
0x769E0000 \Windows\System32\urlmon.dll
0x767D0000 \Windows\System32\iertutil.dll
0xFD860000 \Windows\System32\nsi.dll
0xFD7C0000 \Windows\System32\msvcrt.dll
0xFD6E0000 \Windows\System32\advapi32.dll
0xFD670000 \Windows\System32\KernelBase.dll
0xFD630000 \Windows\System32\wintrust.dll
0xFD610000 \Windows\System32\devobj.dll
0xFD570000 \Windows\System32\comctl32.dll
0xFD400000 \Windows\System32\crypt32.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD3B0000 \Windows\System32\msasn1.dll
0x74F50000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
460 csrss.exe
536 C:\Windows\System32\wininit.exe
560 csrss.exe
592 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\audiodg.exe
356 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\nvvsvc.exe
1144 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\spoolsv.exe
1376 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1396 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\taskhost.exe
1660 C:\Windows\System32\dwm.exe
1716 C:\Windows\explorer.exe
1756 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1776 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1844 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
1892 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
2036 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2044 C:\Windows\System32\conhost.exe
1996 C:\Program Files\Windows Home Server\esClient.exe
2024 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1684 C:\Windows\SysWOW64\XSrvSetup.exe
2012 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2080 C:\Program Files\Windows Home Server\LightsOutClientService.exe
2220 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2244 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2292 C:\Windows\System32\svchost.exe
2324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2392 C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
2460 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2524 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2532 C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
2608 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2636 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2656 C:\Program Files (x86)\EXPERTool\TBPANEL.exe
2664 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2684 C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
2720 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
2736 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2744 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2776 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
2792 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
2808 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
2936 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2960 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
2968 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
2976 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
3012 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3020 C:\Program Files (x86)\Ask.com\Updater\Updater.exe
3036 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
3380 C:\Program Files\Windows Home Server\WHSConnector.exe
3636 C:\Windows\System32\SearchIndexer.exe
3888 C:\Windows\System32\svchost.exe
4276 C:\Windows\System32\svchost.exe
4376 WUDFHost.exe
4548 C:\Program Files\Windows Media Player\wmpnetwk.exe
4736 C:\Windows\System32\svchost.exe
5080 WmiPrvSE.exe
3964 C:\Program Files (x86)\MagicTune Premium\MagicTune.exe
4100 dllhost.exe
4164 C:\Windows\System32\svchost.exe
2456 C:\Windows\System32\taskeng.exe
4424 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
5560 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
3096 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
5616 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
5236 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
5660 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
5416 C:\Windows\System32\taskhost.exe
5248 C:\Windows\System32\SearchFilterHost.exe
5312 C:\Windows\System32\SearchProtocolHost.exe
5136 C:\Users\Dietmar\Desktop\MBRCheck.exe
1604 C:\Windows\System32\conhost.exe
4072

Malwarebytes

Zitat:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dietmar :: HANS-DIETHER-PC [Administrator]

Schutz: Aktiviert

01.08.2012 22:44:03
mbam-log-2012-08-01 (22-47-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194294
Laufzeit: 3 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.08.2012 22:51:12 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Dietmar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 69,67% Memory free
12,00 Gb Paging File | 9,79 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233,30 Gb Total Space | 137,24 Gb Free Space | 58,82% Space Free | Partition Type: NTFS
Drive D: | 232,36 Gb Total Space | 200,69 Gb Free Space | 86,37% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 380,14 Gb Free Space | 81,62% Space Free | Partition Type: NTFS
Drive F: | 200,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 3,76 Gb Total Space | 1,50 Gb Free Space | 39,85% Space Free | Partition Type: FAT32
 
Computer Name: HANS-DIETHER-PC | User Name: Dietmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 11:57:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dietmar\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.03.06 11:03:14 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.01.28 16:29:16 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2012.01.18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.10.25 19:55:20 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.07.02 18:35:31 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 09:16:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.11.04 10:49:43 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.05 18:03:28 | 002,174,976 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.08.06 07:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.08.04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.06.03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.19 18:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.10.01 15:46:12 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
PRC - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
PRC - [2008.06.30 10:41:10 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\MultiScreen\MultiScreen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009.08.20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.08.20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009.07.30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.06.03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.10.01 15:46:12 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
MOD - [2008.06.30 10:41:10 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\MultiScreen\MultiScreen.exe
MOD - [2008.06.30 10:40:56 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\MultiScreen\MGResGer.dll
MOD - [2008.06.30 10:40:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\MultiScreen\ServiceHook.dll
MOD - [2008.06.30 10:40:46 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\MultiScreen\MultiMon.dll
MOD - [1998.10.31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.07.02 18:35:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 09:16:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.07 17:04:12 | 000,231,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2009.10.07 17:03:40 | 000,489,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2009.10.07 17:03:40 | 000,109,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\esClient.exe -- (esClient)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.08.06 07:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.03 16:43:51 | 000,036,864 | ---- | M] (AxoNet Software GmbH) [Auto | Running] -- C:\Programme\Windows Home Server\LightsOutClientService.exe -- (LoClntService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.14 20:12:22 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (SynUSB64)
DRV:64bit: - [2011.07.02 18:35:32 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 18:35:32 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.03.01 10:35:20 | 000,020,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.02.26 15:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 15:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 15:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 15:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2012.08.01 22:41:08 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Users\Dietmar\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 F2 36 E1 F3 69 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{10B8A711-AC43-49d3-9229-C833033D7901}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE401
IE - HKCU\..\SearchScopes\{8CD5FA7D-8334-4D6C-AB17-242F96A2B509}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A83C5F0A-0D4C-4CE5-9DCB-26D75867B8B2&apn_sauid=A359006D-B7E5-43F5-AD43-F3DEA86BC2AB
IE - HKCU\..\SearchScopes\{BDF33FD3-E1ED-4b4b-A7BD-AEF8C19A0D50}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{EF116B86-A9FD-46FC-ADA6-F715A6E5FAA9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{F2F70610-C10C-426e-970C-9188D8AB3C75}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.25 19:55:45 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Dietmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dietmar\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dietmar\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45F78FBB-B24A-4207-956E-C24B09246F13}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d653b767-d5f3-11df-b72d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d653b767-d5f3-11df-b72d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.01 22:43:25 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Roaming\Malwarebytes
[2012.08.01 22:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.01 22:43:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.01 22:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.01 22:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.01 22:42:45 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Dietmar\Desktop\OTL.exe
[2012.08.01 22:42:01 | 000,000,000 | ---D | C] -- C:\escan
[2012.08.01 22:41:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dietmar\Desktop\aswMBR.exe
[2012.07.30 22:29:07 | 000,000,000 | ---D | C] -- C:\.Trash-999
[2012.07.28 15:59:50 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{AFB7E2F5-CA7F-40CE-ACAB-F5ED6972F18E}
[2012.07.28 15:59:39 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{01E974E7-F472-4B94-B474-FF1A5AAE20BD}
[2012.07.25 21:13:10 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{55E7F4DC-4034-4744-AC43-57A9EB76C0CC}
[2012.07.25 21:12:58 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{51D39E4D-064F-48FE-B180-6B8AC2ADB432}
[2012.07.23 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{A41532AA-7533-4FD2-A194-EF9CF675FF24}
[2012.07.23 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{E1DE8469-18E8-48BB-B352-057583278E72}
[2012.07.22 17:10:16 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{DAA0A833-B160-4449-9AD4-E1E2691AFC74}
[2012.07.22 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{92EAC745-B45C-4E9F-9D12-711CA493C4C5}
[2012.07.21 14:39:32 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{2011CD53-222B-4BB1-A427-389CC21D2313}
[2012.07.21 14:39:20 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{0C3E5155-5538-498A-A2D2-467BBEEB9D80}
[2012.07.20 10:10:51 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{02E9378F-F2A0-423B-9126-C35BD23146C3}
[2012.07.20 10:10:39 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{E43883A4-7CB8-4BAE-9F56-80AC16D467C3}
[2012.07.18 19:19:49 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{43423F60-D5D6-4621-84DF-40804F61DCF7}
[2012.07.18 19:19:38 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{9F90A04F-C486-444F-B7D2-B0660B7CE7DE}
[2012.07.17 09:47:50 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{6A188040-56BE-4A8C-ACE9-A79D50B61165}
[2012.07.17 09:47:38 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{945BA4FA-5094-4AF4-831E-1559D9937F99}
[2012.07.15 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{3B091565-80EE-4275-B327-EF89D96E6BA2}
[2012.07.15 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{A7F5EFA6-80CE-455C-8400-ABD2550AA9D4}
[2012.07.14 21:56:46 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{875681B2-A1D1-4211-8C55-D82FCEBB6B8B}
[2012.07.14 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{D6594432-4930-4010-9AFC-49906F28A3FA}
[2012.07.14 15:20:38 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\Desktop\Urlaub Frankreich 2012
[2012.07.14 15:20:09 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\Desktop\Ostern 2012
[2012.07.14 09:55:58 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{2DA8000B-DD7B-47C1-996F-CACCEDC2CA5B}
[2012.07.14 09:55:46 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{A39982B7-BBB8-4AD7-954A-D17039D719A0}
[2012.07.12 20:49:17 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{E22CBE81-D773-4C3E-94F4-0A31B1A60478}
[2012.07.12 20:49:05 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{00507BF7-1FBB-4319-8F8C-0593658ADAF3}
[2012.07.11 21:24:12 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{A00618D2-45DF-4B60-9ECC-1D07B241C79A}
[2012.07.11 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{B5669D7F-11BA-4346-90D2-9F13B5DC011A}
[2012.07.10 21:59:23 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{266D43D3-8F8C-43E1-A085-AD2C5C379847}
[2012.07.10 21:59:00 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{CBC80304-006F-46DE-BB75-7299885172D8}
[2012.07.09 21:45:29 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{90F5E414-999D-47B9-A56C-62ED0D853362}
[2012.07.09 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{9F4A3411-926B-4D9C-8008-E618F00B686D}
[2012.07.08 23:57:36 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{CF2A9073-8195-4504-BF38-DD60EE7AEF17}
[2012.07.08 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{16650307-A499-48BE-A4F2-C7C83598824E}
[2012.07.07 11:05:33 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{B926059C-3122-432F-B106-AD591A973944}
[2012.07.07 11:05:09 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{65F738BA-8B40-4CAE-9501-2F0AC22C2E49}
[2012.07.06 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{60416221-0AEF-44B4-875B-249A3CDC700B}
[2012.07.05 18:38:41 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{2D49E1AD-955E-44F4-A91E-D0AD05DF91D6}
[2012.07.05 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{C8358940-8B9F-44C2-A0CD-64293D4F6BD1}
[2012.07.04 19:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.07.04 19:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.07.04 19:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.07.04 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{39AE4A60-8176-4BE5-950B-85D78681F6D3}
[2012.07.04 19:03:57 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{C745B271-322F-430F-80DF-2CFF8DED7863}
[2012.07.03 19:55:05 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{33E71B66-C6F7-49D4-B3AB-2490C9236025}
[2012.07.03 19:54:53 | 000,000,000 | ---D | C] -- C:\Users\Dietmar\AppData\Local\{116369A8-F27A-4681-AABB-6286DDC0D197}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 22:34:25 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.01 22:34:25 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.01 22:34:25 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.01 22:34:25 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.01 22:34:25 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.01 22:31:32 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 22:31:32 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 22:23:56 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.01 22:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.01 22:23:45 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 14:53:10 | 210,292,736 | ---- | M] () -- C:\Users\Dietmar\Desktop\KWU_1.0.3.upd.iso
[2012.08.01 10:00:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dietmar\Desktop\aswMBR.exe
[2012.08.01 09:56:12 | 000,080,384 | ---- | M] () -- C:\Users\Dietmar\Desktop\MBRCheck.exe
[2012.07.31 12:03:50 | 068,866,904 | ---- | M] () -- C:\Users\Dietmar\Desktop\mwav.exe
[2012.07.31 12:03:36 | 000,013,312 | ---- | M] () -- C:\Users\Dietmar\Desktop\find.bat
[2012.07.31 11:57:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dietmar\Desktop\OTL.exe
[2012.07.31 11:03:30 | 000,089,088 | ---- | M] () -- C:\Users\Dietmar\Desktop\mbr.exe
[2012.07.29 19:50:45 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.11 21:18:21 | 000,376,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.01 22:42:42 | 068,866,904 | ---- | C] () -- C:\Users\Dietmar\Desktop\mwav.exe
[2012.08.01 22:42:22 | 210,292,736 | ---- | C] () -- C:\Users\Dietmar\Desktop\KWU_1.0.3.upd.iso
[2012.08.01 22:42:22 | 000,013,312 | ---- | C] () -- C:\Users\Dietmar\Desktop\find.bat
[2012.08.01 22:41:38 | 000,089,088 | ---- | C] () -- C:\Users\Dietmar\Desktop\mbr.exe
[2012.08.01 22:41:38 | 000,080,384 | ---- | C] () -- C:\Users\Dietmar\Desktop\MBRCheck.exe
[2012.01.20 23:27:45 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012.01.20 23:19:43 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.09.01 10:29:57 | 000,000,000 | ---- | C] () -- C:\Users\Dietmar\AppData\Local\{B841DDF0-9689-4DA7-AC4D-6B943BB6276D}
[2011.01.22 14:38:35 | 000,029,203 | ---- | C] () -- C:\Users\Dietmar\AppData\Roaming\UserTile.png
[2010.12.16 21:51:40 | 000,000,267 | ---- | C] () -- C:\Users\Dietmar\AppData\Roaming\burnaware.ini
[2010.10.15 23:07:20 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC990W.DAT
[2010.10.12 14:01:36 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.12 13:17:02 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.10.11 15:46:57 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.10.11 15:44:27 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== LOP Check ==========
 
[2012.01.13 10:08:57 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\Audacity
[2011.04.27 21:42:56 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\Canneverbe Limited
[2010.10.24 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\Canon
[2011.03.27 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\Cocoon Software
[2012.02.11 15:34:39 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\DVDVideoSoft
[2011.03.27 12:48:27 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.27 13:07:55 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\FreeFLVConverter
[2010.10.12 20:47:10 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\GoPal Assistant
[2010.12.29 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\MAGIX
[2011.08.27 10:44:07 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\Nokia
[2011.01.22 14:55:33 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\PC Suite
[2010.10.12 13:12:19 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\Windows Home Server
[2010.10.24 10:56:47 | 000,000,000 | ---D | M] -- C:\Users\Dietmar\AppData\Roaming\Windows Live Writer
[2012.06.16 09:02:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Extras
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.08.2012 22:51:12 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Dietmar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 69,67% Memory free
12,00 Gb Paging File | 9,79 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233,30 Gb Total Space | 137,24 Gb Free Space | 58,82% Space Free | Partition Type: NTFS
Drive D: | 232,36 Gb Total Space | 200,69 Gb Free Space | 86,37% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 380,14 Gb Free Space | 81,62% Space Free | Partition Type: NTFS
Drive F: | 200,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 3,76 Gb Total Space | 1,50 Gb Free Space | 39,85% Space Free | Partition Type: FAT32
 
Computer Name: HANS-DIETHER-PC | User Name: Dietmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{289F4A2E-C655-4C9B-898B-4121433F8026}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B34565F-B0E2-4075-9F32-E30CD145427C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2D4068A2-932D-4966-B43F-44FD2DED57EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2E2A19A7-46FC-437A-BF28-5C7E792A2509}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F2B0BC5-31EC-4AE1-AEF6-6B40D9EE7AF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A6FA670-CEA6-4C17-AF84-3956913493AE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{57916C16-223B-467A-8ABC-17ECFE95D2A4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{623B5AB9-C2FD-4E82-8098-87DBF38D101B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{64DD3E31-FC14-48A1-923E-A8704DFEB082}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6AC19522-882C-4CF8-921B-0312C688E49D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6EFE0938-3E65-43CF-923F-33C833188F5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{782B3EB5-BEC0-4929-95B1-6AE3879BD8EA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7E1AF14F-76AE-493E-86E4-89F9CD492894}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{83FE2D5B-A868-42FE-8D1B-CF8E96607266}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8E1B09D2-92CF-4855-B139-01BABE363EBA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8FFB5273-C7E7-4401-8D93-B93D2D2FA4A6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{942AB503-2716-4704-8610-E86B702D78BC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9C2B4C7C-BE85-4859-A4A7-4B2DE737EEEE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9E88A3F5-1EE7-4795-9009-EA9B5721156A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AACBE323-802C-4D4B-A163-3570504CA498}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0AC1E08-9373-4505-A4E3-B7C531CBB621}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C1CB63A8-3246-48FE-A934-540746CB3D00}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C87C0300-3647-4B98-B047-639277240459}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DC5DC9BE-26D4-4A3F-A597-35CE1A191670}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBBFEA2A-21BE-4FE3-872E-DEE8B8C62047}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{148C3454-5831-4776-88C4-4CEF22FD39A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22A2F8EA-5F50-42B3-BC5F-3B9A193A975B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2489A799-E24E-4943-B9D0-8F90152C19A3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{29C6CD27-2458-4D60-BEB2-2684B615A881}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3E5CF99F-0286-4432-A723-E1160FE559DD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{46DB31D9-BC42-417B-925E-A7668B4634BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65E31CB4-EE7B-45B0-BF2F-C9182F978F82}" = protocol=6 | dir=out | app=system | 
"{72680EE2-DB24-4ADA-8DCC-77716CC1AE07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7898C49A-A044-4986-9CF2-D9A0E959405D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8EFB7213-BA94-4109-93F1-B77D8F341E55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC26B7D6-EC4B-4C19-B5CE-AABD02811C6E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AFBF2CA0-B99F-4E0E-965F-D9DC2C90D2C0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4339B5C-EB6D-4290-86C7-6C9371058C11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BB9B4A79-6A50-443C-BEFE-78E0C4F0DF9D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1D154EC-716D-47D0-9EE1-027B8219DBF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5195298-27FB-442F-9E6F-0B87521A86F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA0FCEBF-2EAF-4D91-8D52-E3FD92F625FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB2275C6-F560-4F2D-97BE-8CBD6E5B2FF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDB114D2-5A7C-45E9-8C8F-0205670EA2D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1DFEFBA-5156-4A80-B7F7-400364EEF37A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E575164E-3FA0-4A4E-9B97-247CC599DC59}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F24F6B08-A82E-44A8-88B3-EC6FF64FD3E4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{F94D6FF9-D8C4-425C-9ACA-D4087A955997}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"TCP Query User{54B0676B-B45B-4AAA-AAA8-4AF9154B7772}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 
"TCP Query User{800ECD07-B857-4CB3-B1B6-FA088A819813}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 
"TCP Query User{978E96F5-816A-4DED-999B-9825C63796E7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{57F02221-DB52-4229-9DC1-F0DE3D669B39}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{7B7A2F09-FF1C-466F-8371-5F41EDF5CF18}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 
"UDP Query User{DB846369-3C0D-45F5-A368-42AC518BB090}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP990_series" = Canon MP990 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{692F4201-AB4C-4795-9F42-123F0601F8B7}" = LightsOut Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{320D4FBD-53F7-476B-A4AF-E26A02645918}" = MAGIX Video easy HD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}" = ImageMixer 3 SE Ver.3
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0301.1
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87896691-0089-4BDC-BABF-41E37ECB4D80}" = MAGIX Screenshare
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C1871E-A526-4C27-9C6D-C70D77CB4705}" = MAGIX Speed burnR (MSI)
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Badaboom" = Badaboom 1.2.0.87
"BurnAware Free_is1" = BurnAware Free 3.0.7
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP990 series Benutzerregistrierung" = Canon MP990 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDStyler_is1" = DVDStyler v1.8.2 rc 1
"DVDx 4.0" = DVDx 4.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EXPERTool_is1" = EXPERTool 7.6
"FastStone Capture" = FastStone Capture 5.3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.13.421
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LightsOut Client" = LightsOut Client
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX_MSI_Video_easy_2" = MAGIX Video easy HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Medion GoPal Assistant" = Medion GoPal Assistant 4.00.0047
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MyCamera" = Canon Utilities MyCamera
"Nokia PC Suite" = Nokia PC Suite
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"QUICKMEDIACONVERTER" = Quick Media Converter
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.02.2012 07:58:17 | Computer Name = Hans-Diether-PC | Source = Application Hang | ID = 1002
Description = Programm VideoEasy_u.exe, Version 2.0.1.1 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1670    Startzeit:
 01ccf6d8ca3a09f8    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\MAGIX\Video_easy_HD\VideoEasy_u.exe

Berichts-ID:
   
 
Error - 04.04.2012 14:22:16 | Computer Name = Hans-Diether-PC | Source = Application Hang | ID = 1002
Description = Programm DataDisc.exe, Version 3.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15ac    Startzeit:
 01cd128fa6e780b3    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\BurnAware Free\DataDisc.exe

Berichts-ID:
 18f3a959-7e83-11e1-b7ee-6cf049e64595  
 
Error - 22.04.2012 08:03:17 | Computer Name = Hans-Diether-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.17.12.5896,
 Zeitstempel: 0x4c378e88  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002ce3d0  ID des fehlerhaften
 Prozesses: 0x101c  Startzeit der fehlerhaften Anwendung: 0x01cd207ad75b6771  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\nvd3dum.dll  Berichtskennung: 24f27586-8c73-11e1-8a91-6cf049e64595
 
Error - 25.04.2012 16:21:35 | Computer Name = Hans-Diether-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000001  ID des fehlerhaften
 Prozesses: 0x8bc  Startzeit der fehlerhaften Anwendung: 0x01cd2315cae83107  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 408fedc2-8f14-11e1-b214-6cf049e64595
 
Error - 16.05.2012 15:40:27 | Computer Name = Hans-Diether-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 5e8    Startzeit: 01cd339ad505a04b    Endzeit: 0    Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID:
 f463cc04-9f8e-11e1-936c-6cf049e64595  
 
Error - 14.07.2012 09:16:59 | Computer Name = Hans-Diether-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0x1228  Startzeit der fehlerhaften Anwendung: 0x01cd61c2ab254ea8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 30af5d02-cdb6-11e1-84d2-6cf049e64595
 
Error - 14.07.2012 09:17:44 | Computer Name = Hans-Diether-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.7601.16982,
 Zeitstempel: 0x4fca005d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000013d63
ID
 des fehlerhaften Prozesses: 0x1228  Startzeit der fehlerhaften Anwendung: 0x01cd61c2ab254ea8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\System32\jscript.dll  Berichtskennung: 4b897519-cdb6-11e1-84d2-6cf049e64595
 
Error - 14.07.2012 09:17:51 | Computer Name = Hans-Diether-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.7601.16982,
 Zeitstempel: 0x4fca005d  Ausnahmecode: 0xc000041d  Fehleroffset: 0x0000000000013d63
ID
 des fehlerhaften Prozesses: 0x1228  Startzeit der fehlerhaften Anwendung: 0x01cd61c2ab254ea8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\System32\jscript.dll  Berichtskennung: 4f927a98-cdb6-11e1-84d2-6cf049e64595
 
Error - 14.07.2012 09:29:09 | Computer Name = Hans-Diether-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VideoEasy_u.exe, Version: 2.0.1.1,
 Zeitstempel: 0x4c04d38d  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x1705fd2d  ID des fehlerhaften
 Prozesses: 0x8a4  Startzeit der fehlerhaften Anwendung: 0x01cd61c44a9e64cc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\MAGIX\Video_easy_HD\VideoEasy_u.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: e3c481bd-cdb7-11e1-84d2-6cf049e64595
 
Error - 23.07.2012 10:39:14 | Computer Name = Hans-Diether-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xb16ed448  ID des fehlerhaften
 Prozesses: 0xfdc  Startzeit der fehlerhaften Anwendung: 0x01cd68dd796e0eee  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 2c42e99d-d4d4-11e1-94dd-6cf049e64595
 
[ System Events ]
Error - 30.07.2012 15:50:04 | Computer Name = Hans-Diether-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 30.07.2012 15:50:04 | Computer Name = Hans-Diether-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 30.07.2012 15:50:04 | Computer Name = Hans-Diether-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 30.07.2012 15:50:04 | Computer Name = Hans-Diether-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 31.07.2012 15:37:14 | Computer Name = Hans-Diether-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 31.07.2012 15:38:15 | Computer Name = Hans-Diether-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 31.07.2012 15:40:19 | Computer Name = Hans-Diether-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%-2147024882
 
Error - 01.08.2012 16:23:55 | Computer Name = Hans-Diether-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 01.08.2012 16:24:56 | Computer Name = Hans-Diether-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.08.2012 16:41:25 | Computer Name = Hans-Diether-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Dietmar\AppData\Local\Temp\mbr.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
 
< End of report >

--- --- ---

t'john · 02.08.2012, 05:09

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) 
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{10B8A711-AC43-49d3-9229-C833033D7901}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE401 
IE - HKCU\..\SearchScopes\{8CD5FA7D-8334-4D6C-AB17-242F96A2B509}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A83C5F0A-0D4C-4CE5-9DCB-26D75867B8B2&apn_sauid=A359006D-B7E5-43F5-AD43-F3DEA86BC2AB 
IE - HKCU\..\SearchScopes\{BDF33FD3-E1ED-4b4b-A7BD-AEF8C19A0D50}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM 
IE - HKCU\..\SearchScopes\{EF116B86-A9FD-46FC-ADA6-F715A6E5FAA9}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} 
IE - HKCU\..\SearchScopes\{F2F70610-C10C-426e-970C-9188D8AB3C75}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{d653b767-d5f3-11df-b72d-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{d653b767-d5f3-11df-b72d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\wubi.exe 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

t'john · 21.08.2012, 03:33

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GVU Trojaner, Prüfung MBR (inkl. Log-Files)

Log-Analyse und Auswertung: GVU Trojaner, Prüfung MBR (inkl. Log-Files)