Trojaner-Board - aus sicherheitsgründen wurde ihr windows system blockiert

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - aus sicherheitsgründen wurde ihr windows system blockiert (https://www.trojaner-board.de/106469-sicherheitsgruenden-wurde-windows-system-blockiert.html)

aus sicherheitsgründen wurde ihr windows system blockiert

Hallo, hatte heute diesen schwarzen hintergrund mit dieser meldung. Hab dann meinen Laptop im gesicherten modus gestartet und hab mein system auf einen früheren zeitpunkt zurückgesetzt. Das problem war danach weg und alles lief wie vorher.

jetzt wollte ich mal fragen ob der trojaner weg ist oder ob der noch da sein könnte. hab avira durchlaufen lassen. hat 3 stunden gedauert und es wurde nix gefunden.

würde mich über eine schnelle antwort freuen...

Patrick:dankeschoen:

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Hier das Ergebnis nach dem Scan

:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8392
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

18.12.2011 13:16:44

mbam-log-2011-12-18 (13-16-44).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Durchsuchte Objekte: 484804

Laufzeit: 3 Stunde(n), 6 Minute(n), 1 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 1

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

c:\program files (x86)\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

c:\Users\Gonzo\AppData\LocalLow\Sun\Java\deployment\cache\6.0\43\6f7e10ab-118f5ee6 (Trojan.Dropper) -> Quarantined and deleted successfully.

Hier der OTL.Txt Bericht

:OTL Logfile:

Code:

OTL logfile created on: 18.12.2011 13:25:13 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gonzo\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,38% Memory free

7,99 Gb Paging File | 6,62 Gb Available in Paging File | 82,75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453,66 Gb Total Space | 363,35 Gb Free Space | 80,09% Space Free | Partition Type: NTFS

 

Computer Name: M10APRBAU | User Name: Gonzo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Gonzo\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()

PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

PRC - C:\Users\Gonzo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)

SRV:64bit: - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll ()

SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)

SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()

SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)

SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)

SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)

SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ABBYY.Licensing.PDFTransformer.Classic.3.0) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()

DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.)

DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.)

DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)

DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)

DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360411l745l03d4z155t5992c346

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360411l745l03d4z155t5992c346

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360411l745l03d4z155t5992c346

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360411l745l03d4z155t5992c346

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360411l745l03d4z155t5992c346

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={DCCB734E-7FB2-4BEA-B9C0-D63CE8095E65}&mid=8ff337e1189c47d1a2fda113f0ef2718-ba9af9e26972ad05f8bace04f2d9249a28645170&lang=de&ds=tt014&pr=sa&d=&v=&sap=hp

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=2adfb28c-4227-4897-b2cd-fa14122de96c&apn_ptnrs=^AAA&apn_sauid=761AA446-0933-41DB-8135-428237A3DFD1&apn_dtid=^YYYYYY^YY^DE&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gonzo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.04 13:38:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.04 13:38:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.17 18:49:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.11 13:39:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.06 20:57:17 | 000,000,000 | ---D | M]

 

[2011.04.14 10:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzo\AppData\Roaming\mozilla\Extensions

[2011.12.15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzo\AppData\Roaming\mozilla\Firefox\Profiles\s8nbd81m.default\extensions

[2011.08.05 06:30:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gonzo\AppData\Roaming\mozilla\Firefox\Profiles\s8nbd81m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.12.14 19:56:43 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Gonzo\AppData\Roaming\mozilla\Firefox\Profiles\s8nbd81m.default\extensions\avg@toolbar

[2011.12.15 17:58:59 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Gonzo\AppData\Roaming\mozilla\Firefox\Profiles\s8nbd81m.default\extensions\toolbar@ask.com

[2011.12.17 18:52:13 | 000,002,399 | ---- | M] () -- C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\s8nbd81m.default\searchplugins\askcom.xml

[2011.12.14 19:56:37 | 000,003,741 | ---- | M] () -- C:\Users\Gonzo\AppData\Roaming\Mozilla\Firefox\Profiles\s8nbd81m.default\searchplugins\avg-secure-search.xml

[2011.11.11 13:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.12.17 18:49:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

() (No name found) -- C:\USERS\GONZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S8NBD81M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.11.11 13:39:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)

O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gonzo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Gonzo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gonzo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gonzo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDBE0D5A-AC9B-4602-9C59-B33E25E8C3DC}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\sacore - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\dssrequest - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27:64bit: - HKLM IFEO\acer arcade deluxe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\decryption.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\minilauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\nobuactivation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\onlinehelp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\PDVDLaunchPolicy.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\powerdvd11.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\scrybe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\sprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\acer arcade deluxe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\decryption.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\minilauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\nobuactivation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\onlinehelp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\PDVDLaunchPolicy.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\powerdvd11.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\scrybe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\sprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.04.14 12:27:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{3652f6f4-9a98-11e0-bfb3-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{3652f6f4-9a98-11e0-bfb3-705ab60bceeb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

O33 - MountPoints2\{3652f760-9a98-11e0-bfb3-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{3652f760-9a98-11e0-bfb3-705ab60bceeb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell\install\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{cc532195-718a-11e0-97aa-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{cc532195-718a-11e0-97aa-705ab60bceeb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.18 09:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.18 09:47:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gonzo\Desktop\OTL.exe

[2011.12.18 09:43:57 | 000,000,000 | ---D | C] -- C:\Users\Gonzo\AppData\Roaming\Malwarebytes

[2011.12.18 09:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.18 09:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.18 09:43:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.18 09:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.17 19:15:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011.12.17 19:15:06 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.12.17 19:15:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.12.17 19:15:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.12.17 19:15:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.12.17 19:15:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.12.17 19:15:04 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.12.17 19:15:04 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.12.17 19:11:56 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011.12.17 19:11:55 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011.12.17 16:33:58 | 000,000,000 | ---D | C] -- C:\Users\Gonzo\AppData\Roaming\Unity

[2011.12.17 14:45:23 | 000,000,000 | ---D | C] -- C:\Users\Gonzo\Desktop\ps3

[2011.12.14 19:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

[2011.12.14 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search

[2011.12.14 19:56:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2011.12.14 13:43:11 | 000,000,000 | ---D | C] -- C:\Users\Gonzo\Desktop\KON_SolidWorks

[2011.12.14 13:39:00 | 000,000,000 | ---D | C] -- C:\Users\Gonzo\Desktop\Kon-Kolleg 2012

[2011.12.04 21:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\aliasworlds

[2011.12.03 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzo\Desktop\Atemlos - Gefährliche Wahrheit online anschauen und downloaden - Kinofilm, Film Stream angucken

[2011.11.19 16:53:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzo\Desktop\Neuer Ordner (3)

[2009.11.03 05:04:33 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.18 13:29:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.18 13:29:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.18 13:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.18 12:59:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.12.18 09:59:08 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.18 09:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzo\Desktop\OTL.exe

[2011.12.18 09:43:50 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.18 04:07:27 | 000,580,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.18 03:51:32 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat

[2011.12.18 01:00:56 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.18 01:00:56 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.18 01:00:56 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.18 01:00:56 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.18 01:00:56 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.17 19:09:14 | 000,060,786 | ---- | M] () -- C:\Users\Gonzo\Desktop\trojaner-windowssystem-blockiert.jpg

[2011.12.11 00:53:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3202591309-3259406859-2103435512-1001UA.job

[2011.12.11 00:53:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3202591309-3259406859-2103435512-1001Core.job

[2011.12.09 13:01:15 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.12.08 17:17:02 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2011.12.08 16:54:36 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2011.12.08 16:54:34 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2011.12.08 16:54:28 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2011.12.08 16:54:22 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2011.12.03 20:02:21 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2011.11.30 11:50:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.18 09:59:08 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.18 09:43:50 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.18 03:51:32 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat

[2011.12.17 19:09:01 | 000,060,786 | ---- | C] () -- C:\Users\Gonzo\Desktop\trojaner-windowssystem-blockiert.jpg

[2011.12.14 13:43:44 | 011,480,841 | ---- | C] () -- C:\Users\Gonzo\Desktop\UNIGRAPHICS - Praktikum mit NX5.pdf

[2011.12.14 13:43:43 | 005,468,649 | ---- | C] () -- C:\Users\Gonzo\Desktop\UNIGRAPHICS NX5 - kurz und bündig.pdf

[2011.11.06 21:21:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2011.07.26 05:50:10 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011.06.27 07:02:47 | 000,000,000 | ---- | C] () -- C:\Users\Gonzo\AppData\Local\Temptable.xml

[2011.05.20 13:23:01 | 000,148,426 | ---- | C] () -- C:\Windows\hphins33.dat

[2011.05.20 13:23:01 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat

[2011.05.16 20:06:00 | 000,000,275 | ---- | C] () -- C:\Windows\FESTO.INI

[2011.05.04 20:29:50 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2011.05.04 08:23:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.04.14 22:04:03 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011.04.14 17:03:34 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI

[2011.04.14 12:50:06 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.04.14 10:00:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.04.14 09:32:51 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe

[2011.04.14 09:18:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:701B92FB

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4149A170

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9CF728A6

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:3C0887BF

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D01ACC06

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2216A431
 

< End of report >

--- --- ---

und hier der extra.Txt

:OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 18.12.2011 13:25:13 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gonzo\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,38% Memory free

7,99 Gb Paging File | 6,62 Gb Available in Paging File | 82,75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453,66 Gb Total Space | 363,35 Gb Free Space | 80,09% Space Free | Partition Type: NTFS

 

Computer Name: M10APRBAU | User Name: Gonzo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) German Language Pack

"{3F82D964-902D-6022-EB00-55D93408A5D4}" = ccc-utility64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

"{5783F2D7-A005-0407-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2012

"{5783F2D7-A005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2012 Language Pack - Deutsch

"{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{76D6189D-1664-0400-0000-DFC2EE337EAC}" = Autodesk Inventor View 2012

"{76D6189D-1664-0400-0001-DFC2EE337EAC}" = Autodesk Inventor View 2012 Language Pack - Deutsch

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C7D0D68F-F94E-F87F-C6B2-6F5DF09E84F3}" = ATI AVIVO64 Codecs

"{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)

"{CF6EF6B0-129F-4CF2-D9F8-C3BDC60C9C01}" = ATI Catalyst Install Manager

"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012

"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP02.1

"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0

"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012

"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack

"AutoCAD Mechanical 2012" = AutoCAD Mechanical 2012

"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012

"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012

"Autodesk Inventor View 2012" = Autodesk Inventor View 2012 Deutsch

"CCleaner" = CCleaner

"DWG TrueView 2012" = DWG TrueView 2012

"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.01 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{042BA2F8-4377-300B-DEE8-D7EFF7978F80}" = CCC Help Hungarian

"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service

"{0ABC7271-8A78-EC86-5803-6CF73129C3B1}" = Catalyst Control Center Localization All

"{11751407-BCEF-E9A2-398B-6CCB837F4C35}" = CCC Help Norwegian

"{11DB0B8E-16FA-5230-7001-1CB6E31D1353}" = CCC Help Czech

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe

"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{195EECE9-39EE-C961-0D1A-353233A8E392}" = CCC Help Italian

"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2A0C6BE1-83D9-EAA3-82BB-F4A99CF51555}" = Catalyst Control Center Core Implementation

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{31F8B784-64AC-D91D-51E5-17BDF25B53FD}" = Catalyst Control Center Graphics Previews Vista

"{324F0B7C-B113-8DC3-645F-7EBD982F132E}" = Catalyst Control Center InstallProxy

"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition

"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3F154BFD-A522-9145-3D02-5F1EA74C931C}" = CCC Help Japanese

"{3FD91634-FC60-65F1-4895-122D7E910486}" = CCC Help French

"{400F0DE6-CFF9-69EE-BDE9-DCBE3CD3A453}" = CCC Help German

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{54DDF14D-6A3C-83A9-C67D-D5D737E743B1}" = CCC Help Turkish

"{599B5DB7-8D0F-8627-BFBE-B994C1EBD924}" = CCC Help English

"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{61358075-211A-0E83-26F1-8C1A3DB1074B}" = CCC Help Swedish

"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{6E93F14C-625B-F3BF-45E7-C679E38E5B81}" = CCC Help Dutch

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78CEA452-7C5D-DC05-53EC-01AA2F77E611}" = ccc-core-static

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{7F8E087F-3600-F776-54FF-1E769EF72E0E}" = CCC Help Thai

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{930DFC5B-87A9-7D71-1DA1-E806461F3A54}" = CCC Help Danish

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B6BFF70-751F-B1A3-6FCF-2C5446A79973}" = Catalyst Control Center Graphics Light

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A786161E-959C-4B4B-AA6D-7424C13CCCF2}" = SolidWorks eDrawings 2010

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B458CFDA-7040-AA04-3C57-094BDF3F28AD}" = Catalyst Control Center Graphics Full Existing

"{B5DC6670-8226-4CA0-87B4-5E2D09AE1314}" = LG United Mobile Drivers

"{BAB0627B-C4F4-2F91-62FE-EF8A5EE437ED}" = CCC Help Greek

"{BD695A12-48A2-5594-9FB5-98B3FC44FA00}" = CCC Help Russian

"{BD7FB582-C716-420D-A4A2-584816B93FC0}_is1" = Inverted Image 1.3 Free version

"{C068C515-5F7B-807E-E2B2-6F8660FC4D28}" = CCC Help Finnish

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C68D259B-9BF1-738F-D632-E874ED783EF3}" = CCC Help Korean

"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min

"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.88.610

"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E15AE125-45D7-B0BB-0C50-0E152EBEC59D}" = CCC Help Spanish

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EA6D7A23-54B6-448B-3236-7690739CA8F8}" = CCC Help Polish

"{EAC051FE-DA6B-4DE7-31BC-FF7C6CF8CD50}" = Catalyst Control Center Graphics Full New

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11

"{F6E7E425-319E-A332-7903-6D9B71C33E69}" = CCC Help Chinese Traditional

"{F8A237AF-94FA-8D2A-C301-6FB0B4E8C0CF}" = CCC Help Portuguese

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FA950C5C-19F4-BFF8-9F2F-566C83C70A17}" = CCC Help Chinese Standard

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Akamai" = Akamai NetSession Interface Service

"Autodesk Design Review 2012" = Autodesk Design Review 2012

"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)

"AVG Secure Search" = AVG Security Toolbar

"Avira AntiVir Desktop" = Avira Free Antivirus

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8

"BFGC" = Big Fish Games: Game Manager

"DAEMON Tools Lite" = DAEMON Tools Lite

"DivX Setup.divx.com" = DivX-Setup

"EPSON Scanner" = EPSON Scan

"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series

"FluidSIM 3.6f Pneumatik" = FluidSIM 3.6f Pneumatik

"FormatFactory" = FormatFactory 2.60

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727

"Gardenscapes_is1" = Gardenscapes

"GridVista" = Acer GridVista

"Identity Card" = Identity Card

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11

"LG PC Suite IV" = LG PC Suite IV

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU

"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)

"Port Royale_is1" = Port Royale

"SolidWorks Installation Manager 20100-40201-1100-100" = SolidWorks 2010 x64 Edition SP02.1

"SpeedFan" = SpeedFan (remove only)

"TuneUp Utilities 2011" = TuneUp Utilities 2011

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 06.11.2011 15:56:22 | Computer Name = M10APRBau | Source = System Restore | ID = 8193

Description = 

 

Error - 06.11.2011 15:56:33 | Computer Name = M10APRBau | Source = VSS | ID = 13

Description = 

 

Error - 06.11.2011 15:56:33 | Computer Name = M10APRBau | Source = VSS | ID = 12292

Description = 

 

Error - 06.11.2011 15:56:33 | Computer Name = M10APRBau | Source = VSS | ID = 8193

Description = 

 

Error - 06.11.2011 15:56:33 | Computer Name = M10APRBau | Source = System Restore | ID = 8193

Description = 

 

Error - 06.11.2011 15:56:53 | Computer Name = M10APRBau | Source = VSS | ID = 13

Description = 

 

Error - 06.11.2011 15:56:53 | Computer Name = M10APRBau | Source = VSS | ID = 12292

Description = 

 

Error - 06.11.2011 15:56:53 | Computer Name = M10APRBau | Source = VSS | ID = 8193

Description = 

 

Error - 06.11.2011 15:56:53 | Computer Name = M10APRBau | Source = System Restore | ID = 8193

Description = 

 

Error - 14.11.2011 08:41:17 | Computer Name = M10APRBau | Source = Application Hang | ID = 1002

Description = Programm msiexec.exe, Version 5.0.7601.17514 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1084    Startzeit: 01cca2caa3377ee9    Endzeit: 0    Anwendungspfad: 

C:\Windows\SysWOW64\msiexec.exe    Berichts-ID: ef48dbf2-0ebd-11e1-b0e8-705ab60bceeb
 

 

[ System Events ]

Error - 17.12.2011 13:46:37 | Computer Name = M10APRBau | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 17.12.2011 13:46:37 | Computer Name = M10APRBau | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 17.12.2011 13:50:59 | Computer Name = M10APRBau | Source = Service Control Manager | ID = 7000

Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%2

 

Error - 17.12.2011 13:51:00 | Computer Name = M10APRBau | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%306.

 

Error - 17.12.2011 13:51:48 | Computer Name = M10APRBau | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 17.12.2011 13:54:43 | Computer Name = M10APRBau | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für ActiveX Killbits

 unter Windows 7 für x64-basierte Systeme (KB2618451)

 

Error - 17.12.2011 13:54:43 | Computer Name = M10APRBau | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte

 Systeme (KB2620712)

 

Error - 17.12.2011 13:54:43 | Computer Name = M10APRBau | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x800f0816 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer

 8 für Windows 7 für x64-Systeme (KB2618444)

 

Error - 17.12.2011 13:54:43 | Computer Name = M10APRBau | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte

 Systeme (KB2639417)

 

Error - 17.12.2011 19:33:20 | Computer Name = M10APRBau | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

 

< End of report >

--- --- ---

und hier die istallierten programme

:

Code:

ABBYY FineReader 9.0 Sprint        ABBYY        05.11.2011                9.01.513.58212

ABBYY PDF Transformer 3.0        ABBYY        05.11.2011                3.00.317.68010

Acer Arcade Deluxe        CyberLink Corp.        01.11.2009        99,9MB        3.0.7029

Acer Crystal Eye webcam Ver:1.1.88.610        Chicony Electronics Co.,Ltd.        13.04.2011                1.1.88.610

Acer ePower Management        Acer Incorporated        01.11.2009                4.05.3006

Acer eRecovery Management        Acer Incorporated        01.11.2009                4.05.3006

Acer GameZone Console        Oberon Media, Inc.        01.11.2009                5.1.0.2

Acer GridVista        Acer Inc.        13.04.2011                3.01.0730

Acer Registration        Acer Incorporated        13.04.2011                1.02.3006

Acer ScreenSaver        Acer Incorporated        13.04.2011                1.02.0804

Acer Updater        Acer Incorporated        01.11.2009                1.01.3017

Acrobat.com        Adobe Systems Incorporated        01.11.2009        1,61MB        1.6.65

Adobe AIR        Adobe Systems Inc.        02.11.2009                1.5.0.7220

Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        05.11.2011        6,00MB        11.0.1.152

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        29.11.2011        6,00MB        11.1.102.55

Adobe Reader X (10.1.1) - Deutsch        Adobe Systems Incorporated        05.11.2011        119,2MB        10.1.1

Akamai NetSession Interface                09.11.2011                

Akamai NetSession Interface Service                09.11.2011                

Apple Application Support        Apple Inc.        26.10.2011        61,1MB        2.1.5

Apple Software Update        Apple Inc.        06.10.2011        2,38MB        2.1.3.127

Ask Toolbar        Ask.com        09.06.2011        3,17MB        1.12.2.0

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver        Atheros Communications Inc.        13.04.2011                1.0.0.10

ATI Catalyst Install Manager        ATI Technologies, Inc.        13.04.2011        18,2MB        3.0.741.0

AutoCAD Mechanical 2012        Autodesk        13.04.2011                16.0.49.0

Autodesk Content Service        Autodesk        13.04.2011        95,9MB        2.0.90

Autodesk Design Review 2012        Autodesk, Inc.        13.04.2011                12.0.0.93

Autodesk Inventor Fusion 2012        Autodesk, Inc.        13.04.2011                1.0.0.79

Autodesk Inventor Fusion plug-in for AutoCAD 2012        Autodesk        13.04.2011                0.0.1.138

Autodesk Inventor View 2012 Deutsch        Autodesk        13.04.2011        833MB        16.0.15600.0000

Autodesk Material Library 2012        Autodesk        13.04.2011        97,9MB        2.5.0.8

Autodesk Material Library Base Resolution Image Library 2012        Autodesk        13.04.2011        71,4MB        2.5.0.8

Autodesk Vault 2012 (Client)        Autodesk, Inc.        13.04.2011                16.0.56.200

AVG Security Toolbar        AVG Technologies        14.12.2011                8.0.0.40

Avira Free Antivirus        Avira        09.12.2011        104,8MB        12.0.0.870                

Benutzerhandbuch EPSON SX130 Series                05.11.2011                

Big Fish Games: Game Manager                03.12.2011                3.0.1.60

CCleaner        Piriform        17.12.2011                3.13

CDBurnerXP        CDBurnerXP        02.12.2011        17,9MB        4.4.0.2838

CDBurnerXP        CDBurnerXP        17.10.2011        16,9MB        4.3.8.2631

Compatibility Pack für 2007 Office System        Microsoft Corporation        17.12.2011        61,6MB        12.0.6425.1000

CyberLink PowerDVD 11        CyberLink Corp.        01.09.2011        224MB        11.0.1620.51

DAEMON Tools Lite        DT Soft Ltd        01.05.2011                4.40.2.0131

Dairy Dash        Oberon Media        24.07.2011                

DivX-Setup        DivX, LLC        03.05.2011                2.5.0.8

Dream Day First Home        Oberon Media        24.07.2011                

DWG TrueView 2012        Autodesk        13.04.2011                18.2.51.0

eBay Worldwide        OEM        13.04.2011        100,00KB        2.1.0901

Epson Easy Photo Print 2        SEIKO EPSON CORPORATION        05.11.2011                2.2.4.0

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)        SEIKO EPSON CORPORATION        05.11.2011                1.00.0000

Epson Event Manager        SEIKO EPSON CORPORATION        05.11.2011        40,5MB        2.40.0009

EPSON Scan        Seiko Epson Corporation        05.11.2011                

EPSON SX130 Series Printer Uninstall        SEIKO EPSON Corporation        05.11.2011                

Facebook Video Calling 1.0.0.8953        Skype Limited        13.11.2011        3,93MB        1.0.8953

Farm Frenzy 2        Oberon Media        24.07.2011                

FARO LS 1.1.406.58        FARO Scanner Production        13.04.2011        21,5MB        4.6.58.2

Firebird SQL Server - MAGIX Edition        MAGIX AG        03.05.2011        10,1MB        2.1.23.0

First Class Flurry        Oberon Media        24.07.2011                

FluidSIM 3.6f Pneumatik                15.05.2011                        

Gardenscapes        Playrix Entertainment        09.06.2011        116,5MB        

Google Earth Plug-in        Google        14.11.2011        40,9MB        6.1.0.5001

Google SketchUp 8        Google, Inc.        27.10.2011        73,3MB        3.0.4993

Google Toolbar for Internet Explorer        Google Inc.        07.12.2011                7.2.2318.1946

Granny In Paradise        Oberon Media        24.07.2011                

HP Deskjet D1600 Printer Driver 14.0 Rel. 6        HP        19.05.2011                14.0

Identity Card        Acer Incorporated        13.04.2011                1.00.3003

Intel® Matrix Storage Manager        Intel Corporation        13.04.2011                

Inverted Image 1.3 Free version        zxt2007.com        19.05.2011        3,70MB        

Java(TM) 6 Update 26        Oracle        12.05.2011        95,0MB        6.0.260

Launch Manager        Acer Inc.        13.04.2011                3.0.03

LG Bluetooth Drivers        LG Electronics        19.06.2011        0,69MB        1.1

LG PC Suite IV        LG Electronics        19.06.2011                4.3.17.20110428

LG United Mobile Drivers        LG Electronics        19.06.2011        6,03MB        3.2.0.0

LG USB Modem Drivers        LG Electronics        22.10.2011        1,21MB        4.9.7

Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        17.12.2011        13,8MB        1.51.2.1300

Merriam Websters Spell Jam        Oberon Media        24.07.2011                

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        13.04.2011        38,8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        13.04.2011        2,94MB        4.0.30319

Microsoft .NET Framework 4 Extended        Microsoft Corporation        13.04.2011        52,0MB        4.0.30319

Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        13.04.2011        10,7MB        4.0.30319

Microsoft Chart Controls for Microsoft .NET Framework 3.5        Microsoft Corporation        10.08.2011        13,8MB        3.5.30730.0

Microsoft Office 2003 Web Components        Microsoft Corporation        18.06.2011        29,6MB        12.0.6213.1000

Microsoft Office File Validation Add-In        Microsoft Corporation        13.09.2011        7,95MB        14.0.5130.5003

Microsoft Office Professional Edition 2003        Microsoft Corporation        17.12.2011        825MB        11.0.8173.0

Microsoft Office Suite Activation Assistant        Microsoft Corporation        01.11.2009        8,37MB        2.9

Microsoft Silverlight        Microsoft Corporation        18.10.2011        148,5MB        4.0.60831.0

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        13.04.2011        1,72MB        3.1.0000

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        17.04.2011        0,25MB        8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        17.04.2011        0,24MB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        05.11.2011        2,38MB        8.0.59193

Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        13.04.2011        0,68MB        8.0.61000

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        09.05.2011        0,57MB        8.0.51011

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        08.05.2011        0,77MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        08.05.2011        0,58MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        13.04.2011        0,77MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        13.04.2011        0,77MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        18.06.2011        0,77MB        9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        13.04.2011        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        13.04.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        18.06.2011        0,59MB        9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        20.10.2011        16,5MB        10.0.40219

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU        Microsoft Corporation        13.04.2011                

Microsoft Visual Studio 2005 Tools for Applications - ENU        Microsoft Corporation        13.04.2011                

Microsoft Works        Microsoft Corporation        17.04.2011        710MB        9.7.0621

Microsoft WSE 3.0 Runtime        Microsoft Corp.        13.04.2011        0,92MB        3.0.5305.0

Mozilla Firefox 8.0 (x86 de)        Mozilla        10.11.2011        36,9MB        8.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        23.04.2011        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        23.04.2011        1,33MB        4.20.9876.0

MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        19.06.2011        36,00KB        4.20.9818.0

MyWinLocker        Egis Technology Inc.        01.11.2009        47,9MB        3.1.76.0

Norton Online Backup        Symantec        01.11.2009        2,09MB        1.2.0.36

NTI Backup Now 5        NewTech Infosystems        01.11.2009        466MB        5.1.2.627

NTI Media Maker 8        NewTech Infosystems        01.11.2009        766MB        8.0.12.6623

Port Royale                24.05.2011                

QuickTime        Apple Inc.        26.10.2011        73,3MB        7.71.80.42

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        01.11.2009                6.0.1.5904

Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        01.11.2009                6.1.7600.30104

SolidWorks 2010 x64 Edition SP02.1        SolidWorks Corporation        13.04.2011                18.2.1.12

SpeedFan (remove only)                09.08.2011                

Synaptics Gesture Suite featuring SYNAPTICS | Scrybe        Synaptics Inc.        25.07.2011        14,0MB        1.6.5.17120

Synaptics Pointing Device Driver        Synaptics Incorporated        25.07.2011        46,4MB        13.2.2.0

TuneUp Utilities 2011        TuneUp Software        13.12.2011                10.0.4500.45

Welcome Center        Acer Incorporated        13.04.2011                1.00.3008

Windows Live Anmelde-Assistent        Microsoft Corporation        13.04.2011        1,94MB        5.000.818.5

Windows Live Essentials        Microsoft Corporation        13.04.2011                14.0.8089.0726

Windows Live Sync        Microsoft Corporation        13.04.2011        2,79MB        14.0.8089.726

Windows Live-Uploadtool        Microsoft Corporation        13.04.2011        0,22MB        14.0.8014.1029

WinRAR 4.01 (64-Bit)        win.rar GmbH        23.07.2011                4.01.0

1.
Die hier aufgelisteten Programme/Erweiterungen gelten als unnötig, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".
Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen, die Palette reicht von Toolbars und anderen Browser-Addons bis hin zu System-Utilities und oft die Checkbox bereits angeklickt ist, so dass man keine Möglichkeit hat, solche Zusätzprogramme abwählen.
► Einige (recht häufig vorkommende) Beispiele - was Deinen Rechner betrifft ist rot gefärbt, kannst (empfohlen) deinstallieren :

Code:

Ask Toolbar         <- Adware -Toolbar

Babylon toolbar

Bing Bar 

Conduit Engine

DAEMON Tools Toolbar 

DVDVideoSoftTB Toolbar

Facemoods Toolbar/Plug-In

Google-Toolbar (Helper) & Partner Service - Google Inc

kikin plugin

McAfee Security Scan Plus <- nicht schädlich, aber unnötig

diverse All-in-one Windows Registry Cleaner, freies System-Optimierer, kostenlose Windows-Uninstaller

softonic-de3 Toolbar

(Windows) Searchqu Toolbar

Whenu Save!

YouTube Downloader Toolbar

Hier sind einige der häufigsten Freeware-Anbieter:
Filesharing Software (wie z.B uTorrent, eMule & Co), Instant-Messaging-Client, QIP, IZArc, CPUID HWMonitor , Flash Player, Adobe Air, Silverlight, Foxit-Reader, CCleaner, Adobe Reader, Skype, Dingsby oder den RealPlayer in der Default-Einstellung installiert,
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite von dir festgelegt worden?
unter Extras ⇒ Erweiterungen ungewollte AddOns/PlugIns, Toolbars eingetragen sind?
unter Software/Programme nachsehen, ob irgendwelche Dir unbekannte Software, Toolbars etc eingetragen sind!

2.
da Du als AV-Programm installiert, wird nicht mehr benötigt, kann deinstalliert werden:
AVG Security Toolbar

3.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.startup.homepage: "http://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=2adfb28c-4227-4897-b2cd-fa14122de96c&apn_ptnrs=^AAA&apn_sauid=761AA446-0933-41DB-8135-428237A3DFD1&apn_dtid=^YYYYYY^YY^DE&q="

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

[2011.12.15 17:58:59 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Gonzo\AppData\Roaming\mozilla\Firefox\Profiles\s8nbd81m.default\extensions\toolbar@ask.com

[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKCU..\Run: [Facebook Update] C:\Users\Gonzo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3652f6f4-9a98-11e0-bfb3-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{3652f6f4-9a98-11e0-bfb3-705ab60bceeb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

O33 - MountPoints2\{3652f760-9a98-11e0-bfb3-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{3652f760-9a98-11e0-bfb3-705ab60bceeb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{cc5320b7-718a-11e0-97aa-705ab60bceeb}\Shell\install\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{cc532195-718a-11e0-97aa-705ab60bceeb}\Shell - "" = AutoRun

O33 - MountPoints2\{cc532195-718a-11e0-97aa-705ab60bceeb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

[2011.12.18 12:59:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.12.11 00:53:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3202591309-3259406859-2103435512-1001UA.job

[2011.12.11 00:53:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3202591309-3259406859-2103435512-1001Core.job

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:701B92FB

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4149A170

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9CF728A6

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:3C0887BF

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D01ACC06

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2216A431
 

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

6.
reinige dein System mit CCleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

8.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

Hallo, habe jetzt alle schritte bis auf 4 und 5 gemacht. Habe selber im Logfile keine Änderungen vorgenommen. Den Scan bei Punkt 5 mache ich später. Sonst habe ich wie gesagt alles erledigt.
Hast du denn sonst was schlimmes auf meinem System gefunden???

alle Schritte bitte nach Reihenfolge erledigen, sonst kann ich dazu nicht sagen!