Trojan.Spatet durch Malwarebytes gefunden

kwongk · 26.09.2012, 17:59

Der monatliche Suchlauf stand wieder an mit Malwarebytes
Diesmal hat er leider etwas gefunden

Ein Trojaner oder auch zwei, der sich an meine Druckersoftware drangesetzt hat. Vorher hatte sich F-Secure gemeldet, aber nicht, um den Trojaner zu erkennen, sondern, weil es nicht mehr funktionierte. Bedeutet wohl, der Trojaner hat F-Secure ausgetricks?

Das wäre der ein Log

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: KWO-COMPUTER [Administrator]

26.09.2012 17:51:13
mbam-log-2012-09-26 (18-48-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346695
Laufzeit: 56 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|D:\PROGRAMME\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Daten: 3 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Programme\HP\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> Keine Aktion durchgeführt.

(Ende)

Sind dieTrojaner jetzt wirklich weg? Vielen Dank im vorraus an die Helfer.

schrauber · 27.09.2012, 06:39

Hi,

Laut dem Log auf keinen Fall, da steht "Keine Aktion durchgeführt". Schau mal ob Du die DAteien noch findest im Windows Explorer, wenn ja bitte hier scannen lassen:

www.virustotal.com

und den Link zum Ergebnis hier posten.

kwongk · 27.09.2012, 15:07

Vielen Dank für deine Hilfe.
Der Log ist ja noch vor der Beseitigung. Der jetzige wäre der hier:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.26.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: KWO-COMPUTER [Administrator]

26.09.2012 22:26:22
mbam-log-2012-09-26 (22-26-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346282
Laufzeit: 45 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes hat nichts mehr gefunden, genauso wenig wie Superantispyware, davon ist allerdings die Log-Datei nicht mehr übrig, da geraten wurde, nachdem nutzen, die Software zu dinstallieren.
Kann ich davon ausgehen, dass nichts mehr vorhanden ist von den Trojanern? In den Verzeichnissen wurde nichts mehr gefunden, auch nicht, wenn alle verstecken Dateien gezeigt werden.

schrauber · 27.09.2012, 15:15

Am besten wir schauen noch einmal drüber.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Starte bitte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

Schließe alle Programme. (Wichtig)
Klicke auf den Quick Scan Button.
Klick auf .
Kopiere den Inhalt aus OTL.txt und Extras.txt hier in Code-Tags in Deinen Thread.

kwongk · 27.09.2012, 15:20

Würde ich gerne machen, jedoch kann ich es von der besagten Seite nicht herunterladen....

schrauber · 27.09.2012, 15:26

Kommt ne Fehlermeldung?

kwongk · 27.09.2012, 15:27

Nein, aber jetzt funktioniert es. Wieso auch immer es nach einen Neustart downloadbar ist.

Hier sind die Log-Dateien

OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.09.2012 16:30:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 69,06% Memory free
11,71 Gb Paging File | 10,41 Gb Available in Paging File | 88,91% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,80 Gb Total Space | 108,67 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Drive D: | 135,19 Gb Total Space | 119,77 Gb Free Space | 88,60% Space Free | Partition Type: NTFS
 
Computer Name: KWO-COMPUTER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.27 16:26:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.09 13:35:06 | 001,027,792 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2012.07.09 13:35:06 | 000,560,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2012.06.21 13:29:36 | 000,163,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\fshoster32.exe
PRC - [2012.03.15 18:00:44 | 000,311,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2012.03.15 18:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2012.03.15 15:55:34 | 000,062,160 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
PRC - [2009.10.13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.10.07 05:23:24 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 19:44:55 | 010,706,624 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtWebKit4.dll
MOD - [2012.07.18 19:44:55 | 008,347,328 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtGui4.dll
MOD - [2012.07.18 19:44:55 | 003,051,200 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtXmlPatterns4.dll
MOD - [2012.07.18 19:44:55 | 002,256,576 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtCore4.dll
MOD - [2012.07.18 19:44:55 | 001,162,944 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtScript4.dll
MOD - [2012.07.18 19:44:55 | 001,076,928 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtCLucene4.dll
MOD - [2012.07.18 19:44:55 | 000,986,816 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtNetwork4.dll
MOD - [2012.07.18 19:44:55 | 000,622,272 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtSql4.dll
MOD - [2012.07.18 19:44:55 | 000,450,240 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtHelp4.dll
MOD - [2012.07.18 19:44:55 | 000,372,416 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtXml4.dll
MOD - [2012.03.15 18:00:36 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng
MOD - [2012.03.15 18:00:34 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng
MOD - [2012.03.15 18:00:34 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2011.10.04 16:55:44 | 000,242,344 | ---- | M] () -- C:\Program Files (x86)\F-Secure\imageformats\qmng4.dll
MOD - [2011.10.04 16:55:44 | 000,037,032 | ---- | M] () -- C:\Program Files (x86)\F-Secure\imageformats\qico4.dll
MOD - [2011.10.04 16:55:44 | 000,034,984 | ---- | M] () -- C:\Program Files (x86)\F-Secure\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.19 12:37:25 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.11 16:44:38 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.21 13:29:36 | 000,163,536 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\fshoster32.exe -- (fshoster)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.15 18:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2012.03.15 18:00:38 | 000,914,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2012.03.15 15:55:34 | 000,062,160 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2011.10.04 18:00:04 | 000,221,864 | ---- | M] (F-Secure Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.10.01 00:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.17 18:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.15 18:34:45 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012.08.10 14:02:00 | 000,058,424 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fsccsys.sys -- (fsccsys1346970101)
DRV:64bit: - [2012.03.15 18:00:38 | 000,095,112 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2012.03.15 18:00:38 | 000,046,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.07.21 17:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009.12.15 04:27:50 | 000,183,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.09.04 07:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.08.22 23:24:58 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.10 15:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.07.01 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.07.01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.04.07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.28 17:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2005.11.03 16:40:56 | 000,089,600 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2005.08.10 14:46:20 | 000,068,608 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2005.05.16 15:21:16 | 000,007,168 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2012.07.18 19:53:19 | 000,199,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012.07.09 13:35:06 | 000,062,032 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012.03.15 18:00:28 | 000,015,016 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2011.08.17 12:37:54 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1820pt&r=273605100516l0423z165t4573e328
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A9F41457-69C8-4B91-A00B-6F8F25AEE7D5}: "URL" = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2849855.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:2.0.0 build 11633
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Programme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ [2012.09.07 00:21:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\firefox\components [2012.09.11 16:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\mozzila firefox 4\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\mozzila firefox 4\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programme\mozilla 4.0.1\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programme\mozilla 4.0.1\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\mozzila firefox 4\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\mozzila firefox 4\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Programme\mozilla 4.0.1\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Programme\mozilla 4.0.1\plugins
 
[2012.03.01 17:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.19 12:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cxgae4ay.default\extensions
[2012.07.26 18:39:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cxgae4ay.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.14 00:04:36 | 000,000,925 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cxgae4ay.default\searchplugins\conduit.xml
[2012.09.07 00:21:25 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="F-Secure Corporation" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="2.0.0 build 11633">) -- C:\PROGRAM FILES (X86)\F-SECURE\APPS\ONLINESAFETY\BPP\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2012.04.16 15:21:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\Programme\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33430AA6-EE3A-4B13-BDD0-A343AEC49345}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A293B8E-2082-4902-975B-5A7302AAB24D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9787C18B-A169-4AF5-A31F-DDFF006ECEF1}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 14:10:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 5.0 Beta
[2012.09.15 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2012.09.15 21:37:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\fontconfig
[2012.09.15 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.8
[2012.09.15 21:37:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\gegl-0.2
[2012.09.14 00:04:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2012.09.14 00:04:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CRE
[2012.09.14 00:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.09.14 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Conduit
[2012.09.12 20:14:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\WindowsUpdate
[2012.09.12 11:39:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.09.11 16:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.11 16:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.07 00:21:41 | 000,058,424 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fsccsys.sys
[2012.09.02 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CrashDumps
[2012.08.30 14:47:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE
[2012.08.30 14:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 16:31:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 16:31:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 16:29:28 | 001,528,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.27 16:29:28 | 000,664,248 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.27 16:29:28 | 000,626,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.27 16:29:28 | 000,134,802 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.27 16:29:28 | 000,111,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.27 16:24:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 16:24:36 | 3144,867,840 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.26 22:43:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.23 14:10:06 | 000,002,231 | ---- | M] () -- C:\Users\***\Desktop\GeoGebra 5.0 JOGL1 Beta.lnk
[2012.09.19 20:45:36 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012.09.18 20:11:03 | 000,004,553 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.15 11:08:36 | 000,033,186 | ---- | M] () -- C:\Users\***\Dreieck.ggb
[2012.09.14 19:58:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.09.14 19:58:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.09.14 00:02:51 | 000,000,163 | ---- | M] () -- C:\Windows\wininit.ini
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 12:37:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.18 20:11:03 | 000,004,553 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.15 21:37:22 | 000,000,740 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.15 11:01:08 | 000,033,186 | ---- | C] () -- C:\Users\***\Dreieck.ggb
[2012.09.15 10:40:44 | 000,002,231 | ---- | C] () -- C:\Users\***\Desktop\GeoGebra 5.0 JOGL1 Beta.lnk
[2012.09.14 20:04:52 | 000,001,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.09.14 19:58:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.09.14 19:58:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.01 21:23:53 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.11.26 11:20:59 | 000,019,570 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.08.02 21:17:00 | 000,007,667 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.06.22 18:29:47 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.06.09 15:37:53 | 000,181,714 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011.06.09 15:37:53 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2011.04.24 00:18:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.11 16:29:21 | 000,016,384 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.05 18:07:14 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.23 19:45:58 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.01.16 14:59:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.29 23:14:02 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.12.29 23:13:16 | 001,554,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.15 11:25:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.01.17 23:54:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\doas
[2012.09.15 18:02:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.08.26 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\F-Secure
[2011.06.09 22:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.06.08 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Watchtower
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2010.01.12 01:49:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.09.14 00:11:24 | 000,004,716 | ---- | M] () -- C:\bt.log
[2012.09.27 16:24:36 | 3144,867,840 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 16:24:38 | 4193,161,216 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
<           >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.19 12:37:25 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

--- --- ---

[/code]

Das wäre Extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.09.2012 16:30:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 69,06% Memory free
11,71 Gb Paging File | 10,41 Gb Available in Paging File | 88,91% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,80 Gb Total Space | 108,67 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Drive D: | 135,19 Gb Total Space | 119,77 Gb Free Space | 88,60% Space Free | Partition Type: NTFS
 
Computer Name: KWO-COMPUTER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26272A4D-5E35-4760-A2E7-44B8D5CA543C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2BD26AB6-8883-42BD-9212-B4DB94FEC131}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{39835662-7650-40DB-8334-6DD2F8FF314F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3A8774FE-FE6A-461D-9340-830186A63A42}" = lport=445 | protocol=6 | dir=in | app=system | 
"{55D8129C-E0AB-4650-BBAE-A36732756938}" = lport=138 | protocol=17 | dir=in | app=system | 
"{57F6659E-AB80-4A6E-9FAF-FA70734C7130}" = rport=137 | protocol=17 | dir=out | app=system | 
"{63B9E164-CC07-48D7-9CF4-B0AB6DBD387E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7205AC0F-69AC-42F6-89A9-67812B21D802}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D85353D-5807-4E76-9A61-3B2B3223CD67}" = rport=139 | protocol=6 | dir=out | app=system | 
"{987647D0-0502-461F-8AF3-3870FBA896F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{998CFCAB-4948-4B3C-BC8D-B95037F7BCC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9C862E38-403A-46BF-8956-50580A19C66E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C1DEC32B-01C7-4977-A923-4A576A939389}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C506F4A1-156B-46CF-8458-93A9B59E77D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB8E128E-8211-4265-AE97-50E220BDE794}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E86F5065-15B4-460C-8B55-48C8EED7CF6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F208DFB9-0786-4B64-BFA4-0D164E680C65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F7C2FE0B-7468-4CFF-9C07-54FAC1A97E1B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FEFBFEBD-FD1C-4242-AE49-58B61BD2EC09}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0279B711-C888-47D0-B751-B6B18D94D1CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{264CBFC1-F42C-416A-9697-61B61C8DC945}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2CA59211-9BB5-4918-A921-BE1F8DA0D9AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36AA575E-C825-4B51-914B-095FF33BC87F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{399D0694-56E5-4E4F-9922-6B07708D3755}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4680CEF5-D4BE-4B0E-ABD5-E4767D720713}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7491FD10-4BE0-4783-AF37-41C500EFAA91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{783F6B78-74F4-48AA-B33E-D7827269BF03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{99BA6667-F73E-4CAF-9766-60A6D1518260}" = protocol=17 | dir=in | app=d:\programme\office 2007\office12\onenote.exe | 
"{C0B47BAB-0495-4669-92AB-BC319A7EB2CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{C1A14982-A491-4AA2-821F-85F05AC174AB}" = dir=in | app=d:\programme\skype\phone\skype.exe | 
"{DFBAEC5C-104C-48A7-AEF8-B3B808191DEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC1F81EF-090A-4A32-A73D-4CF782EDF41F}" = protocol=6 | dir=in | app=d:\programme\office 2007\office12\onenote.exe | 
"TCP Query User{6FF2B951-2839-45B3-B534-AFDD83136E56}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{0C3A5DC1-C6F8-4F0B-8D9A-C87ED241660A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53E0DD16-FE2D-4A4B-A66A-984397C49204}" = F-Secure Network CCF 1.02.111
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{605C5258-7549-4F4C-9E40-D8327CE6C62E}" = Platform4 Player ActiveX Control
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.56.100.0 (release)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8BE514E8-4486-4730-8B68-FA15EEDC942E}" = Watchtower Library 2011 - Deutsch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.143.1229
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA282D50-F084-5663-A2D2-4521AEACF6BE}" = Online Safety 1.57.21440.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F96077EB-8673-42E0-B87D-6092D94FA0A0}" = F-Secure Launch pad
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"F-Secure ServiceEnabler 666" = F-Secure Launch pad
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiTouch_is1" = MosartMultiTouch 3.0
"NSIS_doas" = Das große Oxford Wörterbuch
"QUICKfind" = QUICKfind server v1.1
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.09.2012 05:53:51 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 26.09.2012 05:53:51 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 26.09.2012 05:53:51 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 26.09.2012 05:53:51 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 26.09.2012 05:53:51 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 26.09.2012 05:53:53 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 26.09.2012 05:53:54 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 26.09.2012 05:53:54 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 26.09.2012 05:53:54 | Computer Name = Kwo-Computer | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 26.09.2012 11:41:40 | Computer Name = Kwo-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.3.32328.0,
 Zeitstempel: 0x4f703ad2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xfeeefeee  ID des fehlerhaften
 Prozesses: 0x5a8  Startzeit der fehlerhaften Anwendung: 0x01cd9befa239e422  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\F-Secure\fshoster32.exe  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: a99978de-07f0-11e2-98e8-00269eaf48c8
 
Error - 26.09.2012 17:13:12 | Computer Name = Kwo-Computer | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 SASKUTIL.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
[ System Events ]
Error - 27.09.2012 09:55:42 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.09.2012 09:57:10 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 27.09.2012 09:57:13 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 27.09.2012 09:57:14 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 27.09.2012 10:00:25 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 27.09.2012 10:00:37 | Computer Name = Kwo-Computer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.137.373.0)
 
Error - 27.09.2012 10:24:50 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 27.09.2012 10:24:52 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.09.2012 10:25:26 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 27.09.2012 10:25:27 | Computer Name = Kwo-Computer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >

--- --- ---

schrauber · 27.09.2012, 16:19

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

kwongk · 27.09.2012, 16:27

Das wäre der inhalt

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 09/27/2012 um 17:24:30 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - KWO-COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : D:\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cxgae4ay.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Users\***\AppData\Local\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cxgae4ay.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-3970714811-3977751657-3445416358-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cxgae4ay.default\prefs.js

Gefunden : user_pref("CT2849855.1000234.TWC_TMP_city", "HANNOVER");
Gefunden : user_pref("CT2849855.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT2849855.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2849855.FirstTime", "true");
Gefunden : user_pref("CT2849855.FirstTimeFF3", "true");
Gefunden : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Gefunden : user_pref("CT2849855.UserID", "UN57566575140642316");
Gefunden : user_pref("CT2849855.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2849855.autoDisableScopes", -1);
Gefunden : user_pref("CT2849855.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2849855.embeddedsData", "[{\"appId\":\"129349796699500456\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2849855.enableAlerts", "always");
Gefunden : user_pref("CT2849855.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2849855.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2849855.fixPageNotFoundError", "true");
Gefunden : user_pref("CT2849855.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2849855.fixUrls", true);
Gefunden : user_pref("CT2849855.installId", "fftE4F5.tmp.exe");
Gefunden : user_pref("CT2849855.installType", "XPE");
Gefunden : user_pref("CT2849855.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.isNewTabEnabled", true);
Gefunden : user_pref("CT2849855.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2849855.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2849855.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.keyword", true);
Gefunden : user_pref("CT2849855.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gefunden : user_pref("CT2849855.openThankYouPage", "true");
Gefunden : user_pref("CT2849855.openUninstallPage", "FALSE");
Gefunden : user_pref("CT2849855.scriptSource", "hxxp://127.0.0.1:10000/gui/");
Gefunden : user_pref("CT2849855.search.searchAppId", "129349796699500456");
Gefunden : user_pref("CT2849855.search.searchCount", "0");
Gefunden : user_pref("CT2849855.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2849855.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2849855.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2849855.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2849855.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347573875942");
Gefunden : user_pref("CT2849855.serviceLayer_services_appsMetadata_lastUpdate", "1347573875815");
Gefunden : user_pref("CT2849855.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347573876350");
Gefunden : user_pref("CT2849855.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347573877239");
Gefunden : user_pref("CT2849855.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347573876733");
Gefunden : user_pref("CT2849855.serviceLayer_services_searchAPI_lastUpdate", "1347573874784");
Gefunden : user_pref("CT2849855.serviceLayer_services_serviceMap_lastUpdate", "1347573862390");
Gefunden : user_pref("CT2849855.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347573876259");
Gefunden : user_pref("CT2849855.serviceLayer_services_toolbarSettings_lastUpdate", "1347573874713");
Gefunden : user_pref("CT2849855.serviceLayer_services_translation_lastUpdate", "1347573875905");
Gefunden : user_pref("CT2849855.settingsINI", true);
Gefunden : user_pref("CT2849855.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2849855.smartbar.CTID", "CT2849855");
Gefunden : user_pref("CT2849855.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2849855.smartbar.homepage", true);
Gefunden : user_pref("CT2849855.smartbar.toolbarName", "BittorrentBar_DE ");
Gefunden : user_pref("CT2849855.startPage", "TRUE");
Gefunden : user_pref("CT2849855.toolbarBornServerTime", "14-9-2012");
Gefunden : user_pref("CT2849855.toolbarCurrentServerTime", "14-9-2012");
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "BittorrentBar_DE Customized Web Search");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855[...]
Gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2849855");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=[...]

*************************

AdwCleaner[R1].txt - [7290 octets] - [27/09/2012 17:24:30]

########## EOF - C:\AdwCleaner[R1].txt - [7350 octets] ##########

Ich hab irgendwie mitbekommen, dass im OTL-Log eine Fehlfunktion von meinem Antivirenprogramm festgestellt wurde, was bedeutet das hier:

Code:

ATTFilter

Error - 26.09.2012 11:41:40 | Computer Name = Kwo-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.3.32328.0,
 Zeitstempel: 0x4f703ad2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xfeeefeee  ID des fehlerhaften
 Prozesses: 0x5a8  Startzeit der fehlerhaften Anwendung: 0x01cd9befa239e422  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\F-Secure\fshoster32.exe  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: a99978de-07f0-11e2-98e8-00269eaf48c8

schrauber · 27.09.2012, 16:28

Hast Du was bemerkt? Könnte en Schluckauf des Tools gewesen sein

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

kwongk · 27.09.2012, 16:37

das wäre der Bericht

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 09/27/2012 um 17:34:07 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - KWO-COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : D:\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cxgae4ay.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cxgae4ay.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cxgae4ay.default\prefs.js

Gelöscht : user_pref("CT2849855.1000234.TWC_TMP_city", "HANNOVER");
Gelöscht : user_pref("CT2849855.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2849855.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2849855.FirstTime", "true");
Gelöscht : user_pref("CT2849855.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Gelöscht : user_pref("CT2849855.UserID", "UN57566575140642316");
Gelöscht : user_pref("CT2849855.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2849855.autoDisableScopes", -1);
Gelöscht : user_pref("CT2849855.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2849855.embeddedsData", "[{\"appId\":\"129349796699500456\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2849855.enableAlerts", "always");
Gelöscht : user_pref("CT2849855.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2849855.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2849855.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2849855.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2849855.fixUrls", true);
Gelöscht : user_pref("CT2849855.installId", "fftE4F5.tmp.exe");
Gelöscht : user_pref("CT2849855.installType", "XPE");
Gelöscht : user_pref("CT2849855.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.isNewTabEnabled", true);
Gelöscht : user_pref("CT2849855.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2849855.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2849855.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.keyword", true);
Gelöscht : user_pref("CT2849855.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2849855.openThankYouPage", "true");
Gelöscht : user_pref("CT2849855.openUninstallPage", "FALSE");
Gelöscht : user_pref("CT2849855.scriptSource", "hxxp://127.0.0.1:10000/gui/");
Gelöscht : user_pref("CT2849855.search.searchAppId", "129349796699500456");
Gelöscht : user_pref("CT2849855.search.searchCount", "0");
Gelöscht : user_pref("CT2849855.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2849855.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2849855.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2849855.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2849855.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347573875942");
Gelöscht : user_pref("CT2849855.serviceLayer_services_appsMetadata_lastUpdate", "1347573875815");
Gelöscht : user_pref("CT2849855.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347573876350");
Gelöscht : user_pref("CT2849855.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347573877239");
Gelöscht : user_pref("CT2849855.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347573876733");
Gelöscht : user_pref("CT2849855.serviceLayer_services_searchAPI_lastUpdate", "1347573874784");
Gelöscht : user_pref("CT2849855.serviceLayer_services_serviceMap_lastUpdate", "1347573862390");
Gelöscht : user_pref("CT2849855.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347573876259");
Gelöscht : user_pref("CT2849855.serviceLayer_services_toolbarSettings_lastUpdate", "1347573874713");
Gelöscht : user_pref("CT2849855.serviceLayer_services_translation_lastUpdate", "1347573875905");
Gelöscht : user_pref("CT2849855.settingsINI", true);
Gelöscht : user_pref("CT2849855.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2849855.smartbar.CTID", "CT2849855");
Gelöscht : user_pref("CT2849855.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2849855.smartbar.homepage", true);
Gelöscht : user_pref("CT2849855.smartbar.toolbarName", "BittorrentBar_DE ");
Gelöscht : user_pref("CT2849855.startPage", "TRUE");
Gelöscht : user_pref("CT2849855.toolbarBornServerTime", "14-9-2012");
Gelöscht : user_pref("CT2849855.toolbarCurrentServerTime", "14-9-2012");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "BittorrentBar_DE Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2849855");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=[...]

*************************

AdwCleaner[R1].txt - [7417 octets] - [27/09/2012 17:24:30]
AdwCleaner[S1].txt - [7847 octets] - [27/09/2012 17:34:07]

########## EOF - C:\AdwCleaner[S1].txt - [7907 octets] ##########

schrauber · 27.09.2012, 16:40

Supi, neues OTL log bitte dann sind wir durch denk ich

kwongk · 27.09.2012, 17:01

Danke für deine Hilfe

Code:

ATTFilter

OTL logfile created on: 27.09.2012 17:42:29 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 67,95% Memory free
11,71 Gb Paging File | 10,38 Gb Available in Paging File | 88,63% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,80 Gb Total Space | 108,65 Gb Free Space | 72,05% Space Free | Partition Type: NTFS
Drive D: | 135,19 Gb Total Space | 119,77 Gb Free Space | 88,60% Space Free | Partition Type: NTFS
 
Computer Name: KWO-COMPUTER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.27 16:26:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.09 13:35:06 | 001,027,792 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2012.07.09 13:35:06 | 000,560,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2012.06.21 13:29:36 | 000,163,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\fshoster32.exe
PRC - [2012.03.15 18:00:44 | 000,311,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2012.03.15 18:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2012.03.15 15:55:34 | 000,062,160 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
PRC - [2009.10.13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.10.07 05:23:24 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 19:44:55 | 010,706,624 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtWebKit4.dll
MOD - [2012.07.18 19:44:55 | 008,347,328 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtGui4.dll
MOD - [2012.07.18 19:44:55 | 003,051,200 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtXmlPatterns4.dll
MOD - [2012.07.18 19:44:55 | 002,256,576 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtCore4.dll
MOD - [2012.07.18 19:44:55 | 001,162,944 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtScript4.dll
MOD - [2012.07.18 19:44:55 | 001,076,928 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtCLucene4.dll
MOD - [2012.07.18 19:44:55 | 000,986,816 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtNetwork4.dll
MOD - [2012.07.18 19:44:55 | 000,622,272 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtSql4.dll
MOD - [2012.07.18 19:44:55 | 000,450,240 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtHelp4.dll
MOD - [2012.07.18 19:44:55 | 000,372,416 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.680_none_a025cb6556b2730a\QtXml4.dll
MOD - [2012.03.15 18:00:36 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng
MOD - [2012.03.15 18:00:34 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng
MOD - [2012.03.15 18:00:34 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2011.10.04 16:55:44 | 000,242,344 | ---- | M] () -- C:\Program Files (x86)\F-Secure\imageformats\qmng4.dll
MOD - [2011.10.04 16:55:44 | 000,037,032 | ---- | M] () -- C:\Program Files (x86)\F-Secure\imageformats\qico4.dll
MOD - [2011.10.04 16:55:44 | 000,034,984 | ---- | M] () -- C:\Program Files (x86)\F-Secure\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.19 12:37:25 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.11 16:44:38 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.21 13:29:36 | 000,163,536 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\fshoster32.exe -- (fshoster)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.15 18:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2012.03.15 18:00:38 | 000,914,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2012.03.15 15:55:34 | 000,062,160 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2011.10.04 18:00:04 | 000,221,864 | ---- | M] (F-Secure Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.10.01 00:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.17 18:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.15 18:34:45 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012.08.10 14:02:00 | 000,058,424 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fsccsys.sys -- (fsccsys1346970101)
DRV:64bit: - [2012.03.15 18:00:38 | 000,095,112 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2012.03.15 18:00:38 | 000,046,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.07.21 17:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009.12.15 04:27:50 | 000,183,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.09.04 07:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.08.22 23:24:58 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.10 15:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.07.01 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.07.01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.04.07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.28 17:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2005.11.03 16:40:56 | 000,089,600 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2005.08.10 14:46:20 | 000,068,608 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2005.05.16 15:21:16 | 000,007,168 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2012.07.18 19:53:19 | 000,199,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012.07.09 13:35:06 | 000,062,032 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012.03.15 18:00:28 | 000,015,016 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2011.08.17 12:37:54 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1820pt&r=273605100516l0423z165t4573e328
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A9F41457-69C8-4B91-A00B-6F8F25AEE7D5}: "URL" = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:2.0.0 build 11633
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Programme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ [2012.09.07 00:21:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\firefox\components [2012.09.11 16:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\mozzila firefox 4\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\mozzila firefox 4\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programme\mozilla 4.0.1\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programme\mozilla 4.0.1\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\mozzila firefox 4\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\mozzila firefox 4\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Programme\mozilla 4.0.1\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Programme\mozilla 4.0.1\plugins
 
[2012.03.01 17:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.19 12:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cxgae4ay.default\extensions
[2012.07.26 18:39:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cxgae4ay.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.07 00:21:25 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="F-Secure Corporation" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="2.0.0 build 11633">) -- C:\PROGRAM FILES (X86)\F-SECURE\APPS\ONLINESAFETY\BPP\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2012.04.16 15:21:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\Programme\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [F-Secure Hoster (666)] C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33430AA6-EE3A-4B13-BDD0-A343AEC49345}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A293B8E-2082-4902-975B-5A7302AAB24D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9787C18B-A169-4AF5-A31F-DDFF006ECEF1}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 17:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.23 14:10:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 5.0 Beta
[2012.09.15 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2012.09.15 21:37:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\fontconfig
[2012.09.15 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.8
[2012.09.15 21:37:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\gegl-0.2
[2012.09.14 00:04:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2012.09.14 00:04:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CRE
[2012.09.12 20:14:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\WindowsUpdate
[2012.09.12 11:39:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.09.11 16:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.11 16:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.07 00:21:41 | 000,058,424 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fsccsys.sys
[2012.09.02 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CrashDumps
[2012.08.30 14:47:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE
[2012.08.30 14:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 17:43:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.27 17:42:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 17:42:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 17:40:31 | 001,528,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.27 17:40:31 | 000,664,248 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.27 17:40:31 | 000,626,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.27 17:40:31 | 000,134,802 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.27 17:40:31 | 000,111,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.27 17:35:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 17:35:28 | 3144,867,840 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 16:26:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.23 14:10:06 | 000,002,231 | ---- | M] () -- C:\Users\***\Desktop\GeoGebra 5.0 JOGL1 Beta.lnk
[2012.09.19 20:45:36 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012.09.18 20:11:03 | 000,004,553 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.15 11:08:36 | 000,033,186 | ---- | M] () -- C:\Users\***\Dreieck.ggb
[2012.09.14 19:58:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.09.14 19:58:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.09.14 00:02:51 | 000,000,163 | ---- | M] () -- C:\Windows\wininit.ini
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 12:37:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.18 20:11:03 | 000,004,553 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.15 21:37:22 | 000,000,740 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.15 11:01:08 | 000,033,186 | ---- | C] () -- C:\Users\***\Dreieck.ggb
[2012.09.15 10:40:44 | 000,002,231 | ---- | C] () -- C:\Users\***\Desktop\GeoGebra 5.0 JOGL1 Beta.lnk
[2012.09.14 20:04:52 | 000,001,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.09.14 19:58:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.09.14 19:58:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.01 21:23:53 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.11.26 11:20:59 | 000,019,570 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.08.02 21:17:00 | 000,007,667 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.06.22 18:29:47 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.06.09 15:37:53 | 000,181,714 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011.06.09 15:37:53 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2011.04.24 00:18:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.11 16:29:21 | 000,016,384 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.05 18:07:14 | 000,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.23 19:45:58 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.01.16 14:59:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.29 23:14:02 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.12.29 23:13:16 | 001,554,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.15 11:25:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.01.17 23:54:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\doas
[2012.09.15 18:02:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.08.26 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\F-Secure
[2011.06.09 22:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.06.08 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Watchtower
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2012.09.27 17:24:35 | 000,007,417 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012.09.27 17:34:13 | 000,007,970 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2010.01.12 01:49:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.09.14 00:11:24 | 000,004,716 | ---- | M] () -- C:\bt.log
[2012.09.27 17:35:28 | 3144,867,840 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 17:35:32 | 4193,161,216 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >

< End of report >

schrauber · 27.09.2012, 17:07

AdwCleaner öffnen > Uninstall

OTL öffnen > Button Bereinigung drücken, fertig

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

kwongk · 27.09.2012, 17:21

Ok, danke vielmals für deine Hilfe. Einige Softwares werde ich wohl noch installieren von den von deinen Empfehlungen, aber dafür brauche ich ja keine Anleitung mehr, also kann mein Tread wohl von deinen Abos weichen.

Eine Frage habe ich jedoch doch noch: Was hast du eigentlich grob gesagt gemacht oder eher: Was hab ich nach Anleitung von dir gemacht?

27.09.2012, 06:39	#2
schrauber /// the machine /// TB-Ausbilder	Trojan.Spatet durch Malwarebytes gefunden Hi, Laut dem Log auf keinen Fall, da steht "Keine Aktion durchgeführt". Schau mal ob Du die DAteien noch findest im Windows Explorer, wenn ja bitte hier scannen lassen: www.virustotal.com und den Link zum Ergebnis hier posten. __________________ __________________

27.09.2012, 15:26	#6
schrauber /// the machine /// TB-Ausbilder	Trojan.Spatet durch Malwarebytes gefunden Kommt ne Fehlermeldung? __________________ --> Trojan.Spatet durch Malwarebytes gefunden

27.09.2012, 16:40	#12
schrauber /// the machine /// TB-Ausbilder	Trojan.Spatet durch Malwarebytes gefunden Supi, neues OTL log bitte dann sind wir durch denk ich __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Trojan.Spatet durch Malwarebytes gefunden

Plagegeister aller Art und deren Bekämpfung: Trojan.Spatet durch Malwarebytes gefunden