Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU 2.xx benötige dringend Hilfe bei der Bereinigung

GVU 2.xx benötige dringend Hilfe bei der Bereinigung


Log-Analyse und Auswertung: GVU 2.xx benötige dringend Hilfe bei der Bereinigung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 09.10.2012, 18:34   #1
ms-kassel
 
GVU 2.xx benötige dringend Hilfe bei der Bereinigung - Ausrufezeichen

GVU 2.xx benötige dringend Hilfe bei der Bereinigung


Guten Tag,

ich benötige Hilfe bei der Bereinigung eines Laptops. Ich habe auf dem Laptop einen GVU Trojaner einer mir unbekannten Version. Am ähnlichsten kommt die 2.07er Version. Jedoch wird bei mir nicht nur die Zahlungsmethode ukash sondern auch paysafe angezeigt. Ich habe mehrere Logs erstellt und hoffe Ihr könnt mir beim Fix helfen.

Zitat:
OTL logfile created on: 09.10.2012 19:06:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Schulz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,89 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 23,20% Memory free
7,78 Gb Paging File | 3,88 Gb Available in Paging File | 49,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 139,87 Gb Free Space | 75,07% Space Free | Partition Type: NTFS
Drive D: | 254,14 Gb Total Space | 254,02 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 119,15 Gb Total Space | 84,97 Gb Free Space | 71,32% Space Free | Partition Type: FAT32
Drive F: | 31,70 Mb Total Space | 0,04 Mb Free Space | 0,14% Space Free | Partition Type: FAT

Computer Name: AWD46791U | User Name: Markus Schulz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Markus Schulz\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\lsass.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - E:\_DATENABLAGE\7.WSUS\dotnet\x64-glb\ndp40-kb2656405-x64_0a6d8bf8c91cb5c494365c35c00a16b45139652c.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe ()
PRC - C:\Windows\SysWOW64\DptfParticipantProcessorService.exe ()
PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
PRC - d:\1eed1328fdd51595c3ab819aace1e5\Setup.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\DWRCS.exe (DameWare Development LLC)
PRC - C:\Windows\SysWOW64\DWRCST.exe (DameWare Development)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\Users\MARIOT~1\AppData\Local\Temp\mstsc.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\avcodec-54.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (DptfPolicyConfigTDPService) -- C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe ()
SRV - (DptfParticipantProcessorService) -- C:\Windows\SysWOW64\DptfParticipantProcessorService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AcronisAgent) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (MMS) -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McShield) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe (McAfee, Inc.)
SRV - (DWMRCS) -- C:\Windows\SysWOW64\DWRCS.exe (DameWare Development LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (AX88772B) -- C:\Windows\SysNative\drivers\ax88772b.sys (ASIX Electronics Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (DptfManager) -- C:\Windows\SysNative\drivers\DptfManager.sys (Intel Corporation)
DRV:64bit: - (DptfDevProc) -- C:\Windows\SysNative\drivers\DptfDevProc.sys (Intel Corporation)
DRV:64bit: - (DptfDevDram) -- C:\Windows\SysNative\drivers\DptfDevDram.sys (Intel Corporation)
DRV:64bit: - (DptfDevPch) -- C:\Windows\SysNative\drivers\DptfDevPch.sys (Intel Corporation)
DRV:64bit: - (DptfDevGen) -- C:\Windows\SysNative\drivers\DptfDevGen.sys (Intel Corporation)
DRV:64bit: - (DptfDevFan) -- C:\Windows\SysNative\drivers\DptfDevFan.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (assd) -- C:\Windows\SysNative\drivers\assd.sys (ASUS Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NEOFLTR_650_16789) -- C:\Windows\SysNative\drivers\NEOFLTR_650_16789.SYS (Juniper Networks)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (dwvkbd) -- C:\Windows\SysNative\drivers\dwvkbd64.sys (DameWare)
DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-937147602-4130455944-424280025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE FA 6D AA F7 97 CD 01 [binary data]
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\..\SearchScopes\{7FE137B9-4292-4E80-B334-E5AD55CBFFD6}: "URL" =
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-937147602-4130455944-424280025-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 06 D6 30 3A A6 CD 01 [binary data]
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1016\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1016\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE500
IE - HKU\S-1-5-21-937147602-4130455944-424280025-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_14\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0_14\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-937147602-4130455944-424280025-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-937147602-4130455944-424280025-1016\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe (DameWare Development)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-937147602-4130455944-424280025-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-937147602-4130455944-424280025-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-937147602-4130455944-424280025-1001..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-937147602-4130455944-424280025-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-937147602-4130455944-424280025-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-937147602-4130455944-424280025-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mario Theune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-937147602-4130455944-424280025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-937147602-4130455944-424280025-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-937147602-4130455944-424280025-1001\..Trusted Domains: awd.de ([]* in Vertrauenswürdige Sites)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://awd.netucate.net/download1026/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} https://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab (GO-Global 4)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D62D146-A8CF-483C-BC03-92D047B09FBC}: DhcpNameServer = 172.20.124.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB7D70BE-493E-4397-AB69-ADAE73101516}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.19 14:01:20 | 000,000,042 | ---- | M] () - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.09 18:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.10.09 18:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.09 18:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.10.09 18:44:48 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.09 18:44:36 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.09 18:44:36 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.09 18:44:36 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.09 18:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.10.09 18:41:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.09 18:37:03 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\ASUS WebStorage
[2012.10.09 18:22:06 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Macromedia
[2012.10.09 18:21:55 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Adobe
[2012.10.09 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Google
[2012.10.09 18:21:52 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Local\Google
[2012.10.09 18:21:19 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Malwarebytes
[2012.10.09 18:20:44 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Local\Power2Go
[2012.10.09 18:19:51 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.09 18:19:51 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Searches
[2012.10.09 18:19:51 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.09 18:19:48 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Identities
[2012.10.09 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Contacts
[2012.10.09 18:19:41 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Intel
[2012.10.09 18:19:41 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Local\ASUS
[2012.10.09 18:19:39 | 000,000,000 | --SD | C] -- C:\Users\Markus Schulz\AppData\Roaming\Microsoft
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Videos
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Saved Games
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Pictures
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Music
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Links
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Favorites
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Downloads
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Documents
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\Desktop
[2012.10.09 18:19:39 | 000,000,000 | R--D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Vorlagen
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\AppData\Local\Verlauf
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\AppData\Local\Temporary Internet Files
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Startmenü
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\SendTo
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Recent
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Netzwerkumgebung
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Lokale Einstellungen
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Documents\Eigene Videos
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Documents\Eigene Musik
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Eigene Dateien
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Documents\Eigene Bilder
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Druckumgebung
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Cookies
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\AppData\Local\Anwendungsdaten
[2012.10.09 18:19:39 | 000,000,000 | -HSD | C] -- C:\Users\Markus Schulz\Anwendungsdaten
[2012.10.09 18:19:39 | 000,000,000 | -H-D | C] -- C:\Users\Markus Schulz\AppData
[2012.10.09 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\Documents\Visual Studio 2005
[2012.10.09 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Local\Temp
[2012.10.09 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\Roaming
[2012.10.09 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Local\Microsoft Help
[2012.10.09 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Local\Microsoft
[2012.10.09 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Markus Schulz\AppData\Roaming\Media Center Programs
[2012.10.09 17:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.09 17:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.09 17:39:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.09 17:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.09 15:22:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.09.26 09:22:21 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.24 16:33:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.24 16:33:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.24 16:33:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.24 16:33:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.24 16:33:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.24 16:33:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.24 16:33:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.24 16:33:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.24 16:33:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.24 16:33:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.24 16:33:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.24 16:33:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.24 16:33:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.24 16:33:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.24 16:33:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.13 11:01:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.13 11:01:16 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.13 11:01:14 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.13 11:01:14 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.11 09:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLinc 10
[2012.09.11 09:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLinc

========== Files - Modified Within 30 Days ==========

[2012.10.09 19:10:36 | 083,023,306 | ---- | M] () -- C:\ProgramData\cstsm.pad
[2012.10.09 19:09:40 | 001,912,842 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.09 19:09:40 | 000,805,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.09 19:09:40 | 000,743,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.09 19:09:40 | 000,189,002 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.09 19:09:40 | 000,152,066 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.09 19:01:19 | 001,868,744 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.09 19:00:45 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2012.10.09 19:00:03 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 18:44:28 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.09 18:44:28 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.09 18:44:28 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.09 18:44:27 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.09 18:44:27 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.09 18:44:27 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.09 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 18:28:19 | 000,000,387 | ---- | M] () -- C:\Users\Markus Schulz\AppData\Roaming\sp_data.sys
[2012.10.09 18:21:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 18:21:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 18:19:43 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.10.09 18:19:41 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 18:14:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 18:14:39 | 3131,482,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 17:39:26 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.09 15:50:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 15:50:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 15:22:06 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.09 15:04:58 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.05 12:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.09.18 08:13:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012.10.09 19:00:45 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2012.10.09 18:20:45 | 000,000,387 | ---- | C] () -- C:\Users\Markus Schulz\AppData\Roaming\sp_data.sys
[2012.10.09 18:20:37 | 000,001,407 | ---- | C] () -- C:\Users\Markus Schulz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.09 18:19:54 | 000,001,441 | ---- | C] () -- C:\Users\Markus Schulz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.09 17:39:26 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.09 15:22:15 | 083,023,306 | ---- | C] () -- C:\ProgramData\cstsm.pad
[2012.09.18 08:13:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.26 09:57:41 | 000,008,837 | ---- | C] () -- C:\Windows\SysWow64\Dwrcs.ini
[2012.06.26 09:57:40 | 000,722,944 | ---- | C] () -- C:\Windows\SysWow64\DWRCSMSI.exe
[2012.06.26 09:56:04 | 000,081,920 | ---- | C] () -- C:\Program Files (x86)\uninstgs.exe
[2012.06.26 09:42:01 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\AWDBCenter.dll
[2012.05.30 14:49:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.04.27 09:50:25 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPService.exe
[2012.04.27 09:50:25 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DptfParticipantProcessorService.exe
[2012.04.27 09:50:24 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPDll.dll
[2012.04.27 09:49:07 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.04.27 09:48:58 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.04.27 09:48:51 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.27 09:48:45 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.03.30 02:24:16 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.24 04:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2012.02.24 04:28:11 | 001,868,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.06.26 02:17:00 | 000,000,000 | ---D | M] -- C:\Users\Mario Theune\AppData\Roaming\ASUS WebStorage
[2012.06.26 09:54:36 | 000,000,000 | ---D | M] -- C:\Users\Mario Theune\AppData\Roaming\AWD
[2012.07.20 10:53:03 | 000,000,000 | ---D | M] -- C:\Users\Mario Theune\AppData\Roaming\Juniper Networks
[2012.06.28 09:16:36 | 000,000,000 | ---D | M] -- C:\Users\Mario Theune\AppData\Roaming\TeamViewer
[2012.10.09 18:37:03 | 000,000,000 | ---D | M] -- C:\Users\Markus Schulz\AppData\Roaming\ASUS WebStorage

========== Purity Check ==========



< End of report >
Zitat:
OTL Extras logfile created on: 09.10.2012 19:06:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Schulz\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,89 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 23,20% Memory free
7,78 Gb Paging File | 3,88 Gb Available in Paging File | 49,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 139,87 Gb Free Space | 75,07% Space Free | Partition Type: NTFS
Drive D: | 254,14 Gb Total Space | 254,02 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 119,15 Gb Total Space | 84,97 Gb Free Space | 71,32% Space Free | Partition Type: FAT32
Drive F: | 31,70 Mb Total Space | 0,04 Mb Free Space | 0,14% Space Free | Partition Type: FAT

Computer Name: AWD46791U | User Name: Markus Schulz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FC1EBFE-65BA-4758-A2BA-797E9A761B12}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
"{D5B1868C-E438-4735-A1AE-BABDB3F8E8DE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F4A462E5-2C2E-4110-9012-8F08395053F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1389E5A1-2134-46ED-BE72-69C84AB1BD97}" = protocol=17 | dir=in | app=c:\awd\av-butler\vm\bin\java.exe |
"{1687D1DB-787A-4F79-AB2E-34602286D0A2}" = protocol=6 | dir=in | app=c:\awd\av-butler\vm\bin\java.exe |
"{368EED97-3E9C-4F24-8CDF-9F29D2A498BB}" = protocol=17 | dir=in | app=c:\windows\system32\dwrcs.exe |
"{5A13F910-D1EF-4B61-A814-BAAC948985C2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe |
"{77D968FF-E2D4-475C-B78B-D78D420463A5}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{7CA049ED-1959-4EC6-8662-626190032D46}" = protocol=6 | dir=in | app=c:\awd\av-butler\vm\bin\javaw.exe |
"{8013362A-9633-481F-BE66-181A0AFF9A6B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe |
"{A19D6EB7-4BF6-4887-A887-608D1E426B7C}" = protocol=17 | dir=in | app=c:\awd\av-butler\vm\bin\javaw.exe |
"{B37E08B4-B047-462B-8D02-A3E427BB7A96}" = protocol=17 | dir=in | app=c:\program files (x86)\acronis\backupandrecovery\mms.exe |
"{BFF68F6B-3186-405E-A4A2-C3D0F1CBF1C2}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{D00CFACF-7586-4DB1-BFB7-20916A9F0160}" = protocol=6 | dir=in | app=c:\program files (x86)\acronis\backupandrecovery\mms.exe |
"{D535FDAE-9F30-445D-AA2C-AF99E17E1E74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E64DE3B0-063F-42C3-BC56-1DFC3E2D9D15}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{F12658EB-E40F-4A05-9AE7-7751CDE94176}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F15BB09E-509C-4554-8A2C-CCB6BEB232C9}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F63BBCBF-BC6A-482D-B4F3-07C1DBC3D98F}" = protocol=6 | dir=in | app=c:\windows\system32\dwrcs.exe |
"TCP Query User{BB849C0B-8CCC-4C1E-A35F-05497B0DE372}C:\program files (x86)\java\jre1.5.0_14\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.5.0_14\bin\javaw.exe |
"UDP Query User{173414CE-6BA8-48A2-A44F-8B2EA92DB0B1}C:\program files (x86)\java\jre1.5.0_14\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.5.0_14\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{4E4282C3-F66E-4852-837A-7675527178C2}" = Intel(R) WiDi
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63425B4B-989C-4C73-9C97-2A2F6C6B5338}" = Microsoft SQL Server Management Studio Express
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9750516C-1C1A-4059-BEEE-D454AD3DC02C}" = RSA EAP Client 7.1
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF607B1F-A78B-4F1D-BC8E-6C2AB3B75405}" = ExpressCache
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.5.9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{34D121D1-62B3-4B42-98A3-4DE3D1B70706}" = AWD Kommunikationscenter
"{3AD96D37-7CAF-4295-A274-E403F1F38065}" = Tools für Microsoft SQL Server 2005
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{5E616211-01C7-47C6-A5DD-96C6A1BCB41C}" = Heureka
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63F77981-887E-4586-841E-4C5B37929981}" = MasterSetup 32.00.0007, DVD-Stand 0032_20110228
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73569AD2-9793-4A59-B218-5088AD194D40}" = AWD Business Center
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{75C16BE5-3302-4143-8790-36D24C41660E}" = bAV-Analyse Pro
"{7EDA7179-9B8E-465B-A3F8-CECB27F90FE0}" = PFS 2005
"{8DE11CA6-32A5-4505-82DF-E758C2B73DA2}" = AWD Business Center
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9243CB37-6943-4534-9293-4D850A716E4E}" = DameWareClient
"{938CFBD4-0652-49E5-BB8B-153948865941}" = ASUS Virtual Touch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF762D2-2D12-4865-91C4-87705F91C28F}" = Acronis Backup & Recovery 10* Agent
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{B800CE44-D206-475D-A6E2-5B3808E2D60A}" = ASUS PWR Option
"{BFE7E085-7327-43D8-B0A3-4A0DDC97D652}" = Acronis Backup & Recovery 10*Standalone*Management*Console
"{C2C599FE-4FCA-40D0-8C9B-050122D727EF}" = AWD Angebotsmappe
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}" = Intel® AT Service signup
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (AWDVERTRIEB)
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E638F850-42EE-43FD-8048-EC28003EEDEA}" = AWD BeratungsCenter
"{EAA4F23F-0CD6-4A31-B1A1-DEABF33B5F7C}" = AWD Security
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Angebotsmappe+" = Angebotsmappe+ 2.0.3
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_UX32VD" = AsusScr_UX32VD
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform & Thermal Framework
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"uninstall.exe" = iLinc Client

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-937147602-4130455944-424280025-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.09.2012 12:43:11 | Computer Name = AWD46791u | Source = RasClient | ID = 20227
Description =

Error - 27.09.2012 12:45:08 | Computer Name = AWD46791u | Source = RSA EAP Client 7.1 For Microsoft Windows | ID = 113
Description =

Error - 28.09.2012 03:20:02 | Computer Name = AWD46791u | Source = RSA EAP Client 7.1 For Microsoft Windows | ID = 113
Description =

Error - 28.09.2012 05:47:25 | Computer Name = AWD46791u | Source = RSA EAP Client 7.1 For Microsoft Windows | ID = 113
Description =

Error - 01.10.2012 04:28:22 | Computer Name = AWD46791u | Source = RSA EAP Client 7.1 For Microsoft Windows | ID = 113
Description =

Error - 01.10.2012 06:33:21 | Computer Name = AWD46791u | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0xc000041d Fehleroffset: 0x0000e49d ID des fehlerhaften
Prozesses: 0x18bc Startzeit der fehlerhaften Anwendung: 0x01cd9fbe82f0d9b5 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 6b533209-0bb3-11e2-87a0-c48508153c35

Error - 01.10.2012 06:43:45 | Computer Name = AWD46791u | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x00020023 ID des fehlerhaften
Prozesses: 0x10ac Startzeit der fehlerhaften Anwendung: 0x01cd9fc02db4ef6a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: df2df941-0bb4-11e2-87a0-c48508153c35

Error - 02.10.2012 01:35:09 | Computer Name = AWD46791u | Source = RSA EAP Client 7.1 For Microsoft Windows | ID = 113
Description =

Error - 02.10.2012 01:35:30 | Computer Name = AWD46791u | Source = RasClient | ID = 20227
Description =

Error - 02.10.2012 01:39:04 | Computer Name = AWD46791u | Source = RSA EAP Client 7.1 For Microsoft Windows | ID = 113
Description =

Error - 02.10.2012 03:37:07 | Computer Name = AWD46791u | Source = RSA EAP Client 7.1 For Microsoft Windows | ID = 113
Description =

[ System Events ]
Error - 19.09.2012 04:50:42 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 19.09.2012 04:50:52 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 19.09.2012 04:51:09 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 20.09.2012 07:30:48 | Computer Name = AWD46791u | Source = AX88772B | ID = 17
Description =

Error - 21.09.2012 04:20:08 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 21.09.2012 04:20:12 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 25.09.2012 05:57:11 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 25.09.2012 05:58:36 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 26.09.2012 03:57:40 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 26.09.2012 06:13:31 | Computer Name = AWD46791u | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EE77B277-64C2-4EEB-8F1F-CB502526D4DB} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.


< End of report >
Scanlauf von Malewarebytes...
Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Markus Schulz :: AWD46791U [Administrator]

09.10.2012 18:27:12
mbam-log-2012-10-09 (18-56-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383284
Laufzeit: 25 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> 5624 -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> 5740 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\Mario Theune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)

Alt 09.10.2012, 19:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU 2.xx benötige dringend Hilfe bei der Bereinigung - Standard

GVU 2.xx benötige dringend Hilfe bei der Bereinigung


Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!
__________________

__________________
Alt 10.10.2012, 09:40   #3
ms-kassel
 
GVU 2.xx benötige dringend Hilfe bei der Bereinigung - Standard

GVU 2.xx benötige dringend Hilfe bei der Bereinigung


Habe die Dateien jetzt unter Quarantäne gestellt. Kann mir jemand sagen, was der Trojaner alles anrichtet? In einer anderen Version habe ich gesehen, dass "alle" Daten verschlüsselt wurden. Wurden durch die Version 2.xx am System Veränderungen vorgenommen die die Sicherheit beeinträchtigen, bzw. die eine Neuinstallation zwingend erforderlich machen?
__________________
Alt 10.10.2012, 12:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU 2.xx benötige dringend Hilfe bei der Bereinigung - Standard

GVU 2.xx benötige dringend Hilfe bei der Bereinigung



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu GVU 2.xx benötige dringend Hilfe bei der Bereinigung
7-zip, adobe, bho, cpu, defender, document, dringend, error, excel, firefox, flash player, format, gfnexsrv.exe, google, helper, home, iexplore.exe, install.exe, logfile, ntdll.dll, nvidia update, nvpciflt.sys, plug-in, realtek, registry, remote control, rundll, scan, software, trojaner, udp, usb, usb 2.0, usb 3.0, version., visual studio, windows


« TR/Dropper.Gen5 von avira entdeckt | Entfernung Live Security Platinum »


Ähnliche Themen: GVU 2.xx benötige dringend Hilfe bei der Bereinigung


  1. Ramnit, benötige dringend Hilfe !
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (3)
  2. GVU-Trojaner! Benötige dringend Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (15)
  3. benötige dringend hilfe bitte helfen
    Mülltonne - 10.10.2012 (3)
  4. Virus / Trojaner / Malware - Benötige dringend Hilfe - Windows XP SP3
    Log-Analyse und Auswertung - 20.11.2011 (1)
  5. Benötige dringend Hilfe
    Mülltonne - 21.10.2008 (0)
  6. Bluescreen,benötige dringend Hilfe
    Plagegeister aller Art und deren Bekämpfung - 03.08.2008 (0)
  7. Backdoor.Win32.Bifrose.aej!! Benötige dringend Hilfe!!
    Plagegeister aller Art und deren Bekämpfung - 31.03.2008 (13)
  8. Benötige dringend hilfe
    Plagegeister aller Art und deren Bekämpfung - 06.07.2007 (3)
  9. benötige dringend hilfe!
    Log-Analyse und Auswertung - 12.06.2007 (3)
  10. cmos checksum error --> und weiter? benötige dringend hilfe
    Netzwerk und Hardware - 27.01.2007 (1)
  11. Hijacker eingefangen ! benötige dringend Hilfe
    Log-Analyse und Auswertung - 27.06.2006 (6)
  12. kurz vor vollendung m. seminararbeit,antivir findet trojaner-benötige dringend hilfe
    Log-Analyse und Auswertung - 16.01.2006 (2)
  13. Benötige dringend Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 28.12.2005 (25)
  14. benötige dringend Hilfe ....
    Log-Analyse und Auswertung - 28.09.2005 (1)
  15. Ich benötige dringend Eure Hilfe....
    Log-Analyse und Auswertung - 08.09.2005 (1)
  16. Bitte um Hilfe bei bereinigung
    Plagegeister aller Art und deren Bekämpfung - 29.03.2005 (3)
  17. Benötige dringend Hilfe: "NDrv.exe"
    Plagegeister aller Art und deren Bekämpfung - 02.07.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU 2.xx benötige dringend Hilfe bei der Bereinigung - Guten Tag, ich benötige Hilfe bei der Bereinigung eines Laptops. Ich habe auf dem Laptop einen GVU Trojaner einer mir unbekannten Version. Am ähnlichsten kommt die 2.07er Version. Jedoch wird - GVU 2.xx benötige dringend Hilfe bei der Bereinigung...
Archiv
Du betrachtest: GVU 2.xx benötige dringend Hilfe bei der Bereinigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129