Trojaner-Board - Bundespolizei - Ihr Computer wurde gesperrt

Alles klar.

Das MBAM-Log hatte ich ja schon oben gepostet. Hier kommen die OTL-Logs:

OTL.txt
---------OTL Logfile:

Code:

OTL logfile created on: 20.08.2012 19:26:36 - Run 2

OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\pm\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,75% Memory free

6,17 Gb Paging File | 5,80 Gb Available in Paging File | 94,01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 157,00 Gb Total Space | 72,45 Gb Free Space | 46,15% Space Free | Partition Type: NTFS

Drive D: | 58,59 Gb Total Space | 15,27 Gb Free Space | 26,06% Space Free | Partition Type: NTFS

Drive F: | 3,76 Gb Total Space | 0,31 Gb Free Space | 8,13% Space Free | Partition Type: FAT

Drive O: | 82,49 Gb Total Space | 63,51 Gb Free Space | 76,99% Space Free | Partition Type: NTFS

 

Computer Name: PM-PC | User Name: pm | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\pm\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - D:\utilities\FileZilla FTP Client\fzshellext.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (SamsungAllShareV2.0) -- C:\Programme\SAMSUNG\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)

SRV - (SimpleSlideShowServer) -- C:\Programme\SAMSUNG\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)

SRV - (AntiVirService) -- D:\utilities\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- D:\utilities\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)

SRV - (NMSAccessU) -- D:\utilities\CDBurnerXP\NMSAccessU.exe ()

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

SRV - (RalinkRegistryWriter) -- C:\Programme\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (Acer HomeMedia Connect Service) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (FirebirdServerMAGIXInstance) -- D:\Common\Database\bin\fbserver.exe (MAGIX®)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)

DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)

DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (TelekomNM3) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)

DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)

DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)

DRV - (avgio) -- D:\utilities\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)

DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (VTIMIDEV01) -- C:\Windows\System32\drivers\vtimidi.sys (Kemper Digital Gmbh)

DRV - (VTIAUDIO) -- C:\Windows\System32\drivers\vtiaudio.sys (usb-audio.de)

DRV - (VIRUSUSB) -- C:\Windows\System32\drivers\VirusUSB.sys (access)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)

DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Windows (R) 2000 DDK provider)

DRV - (giveio) -- C:\Windows\System32\giveio.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\..\SearchScopes,DefaultScope = {738FA51F-40A9-440E-B3D2-721FE519490C}

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\..\SearchScopes\{738FA51F-40A9-440E-B3D2-721FE519490C}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0

FF - prefs.js..network.proxy.http: "84.14.229.122"

FF - prefs.js..network.proxy.http_port: 3128

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Development\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pm\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pm\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\pm\AppData\Roaming\01040 [2012.06.07 15:25:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 19:30:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.14 21:41:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\pm\AppData\Roaming\01040 [2012.06.07 15:25:39 | 000,000,000 | ---D | M]

 

[2009.09.27 16:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pm\AppData\Roaming\mozilla\Extensions

[2011.10.23 22:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pm\AppData\Roaming\mozilla\Firefox\Profiles\54bnkcxw.default\extensions

[2010.12.20 10:59:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pm\AppData\Roaming\mozilla\Firefox\Profiles\54bnkcxw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.09.13 21:33:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\pm\AppData\Roaming\mozilla\Firefox\Profiles\54bnkcxw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.10.22 19:07:32 | 000,000,000 | ---D | M] (Telekom Toolbar 3.0) -- C:\Users\pm\AppData\Roaming\mozilla\Firefox\Profiles\54bnkcxw.default\extensions\totbff01@telekom.de

[2011.10.23 22:53:49 | 000,002,107 | ---- | M] () -- C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\54bnkcxw.default\searchplugins\amazonde.xml

[2011.10.23 22:53:49 | 000,001,550 | ---- | M] () -- C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\54bnkcxw.default\searchplugins\einkaufswelt.xml

[2011.10.23 22:53:49 | 000,002,127 | ---- | M] () -- C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\54bnkcxw.default\searchplugins\leo-franzsisch.xml

[2011.10.23 22:53:49 | 000,002,105 | ---- | M] () -- C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\54bnkcxw.default\searchplugins\leo-spanisch.xml

[2011.10.23 22:53:50 | 000,001,216 | ---- | M] () -- C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\54bnkcxw.default\searchplugins\t-onlinede-portalsuche.xml

[2011.10.23 22:53:50 | 000,001,819 | ---- | M] () -- C:\Users\pm\AppData\Roaming\Mozilla\Firefox\Profiles\54bnkcxw.default\searchplugins\t-onlinede-websuche.xml

[2011.06.28 22:55:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.02.12 16:44:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009.10.03 15:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

[2011.06.28 22:55:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2009.10.03 15:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

[2011.06.28 22:55:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2012.06.07 15:25:39 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\PM\APPDATA\ROAMING\01040

[2011.06.28 22:55:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\pm\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pm\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pm\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = D:\Development\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\pm\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [AllShareAgent] C:\Programme\SAMSUNG\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [avgnt] D:\utilities\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000..\Run: [ildauukhxpvmdcz] C:\ProgramData\ildauukh.exe ()

O4 - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found

O4 - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found

O4 - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000..\Run: [KiesPDLR] C:\Programme\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)

O4 - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000..\Run: [KiesTrayAgent] C:\Programme\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-1696037778-3463843437-3674826648-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files\Malwarebytes-Anti-Malware_Neu2\mbamgui.exe (Malwarebytes Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\pm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\utilities\YahooMessenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\utilities\YahooMessenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CCEBB1D-C2AB-4203-806F-C7DCC19BB631}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BACF31A3-0277-454D-9442-387CECDBB832}: DhcpNameServer = 192.168.42.129

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: O:\Pictures\El-Arco-Cabo-San-Lucas-Mexico-1-1600x1200.jpg

O24 - Desktop BackupWallPaper: O:\Pictures\El-Arco-Cabo-San-Lucas-Mexico-1-1600x1200.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006.03.24 13:06:42 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]

O33 - MountPoints2\{571c8a3a-582e-11e1-9bea-bd4e755bd399}\Shell - "" = AutoRun

O33 - MountPoints2\{571c8a3a-582e-11e1-9bea-bd4e755bd399}\Shell\AutoRun\command - "" = F:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.20 19:25:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\pm\Desktop\OTL.exe

[2012.08.20 14:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\zongczmhxscpksa

[1 C:\Users\pm\AppData\Roaming\*.tmp files -> C:\Users\pm\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.20 19:25:35 | 000,640,358 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.08.20 19:25:35 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.08.20 19:25:35 | 000,116,122 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.08.20 19:25:35 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.08.20 19:18:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pm\Desktop\OTL.exe

[2012.08.20 16:28:34 | 000,001,462 | ---- | M] () -- C:\Users\pm\.recently-used.xbel

[2012.08.20 16:16:56 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.20 16:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.20 16:09:24 | 000,001,255 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.08.20 16:08:06 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.20 16:08:06 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.20 16:08:06 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.08.20 14:59:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1696037778-3463843437-3674826648-1000UA.job

[2012.08.20 14:53:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.08.20 14:18:51 | 000,000,051 | ---- | M] () -- C:\ProgramData\wcffniocrhfcrhw

[2012.08.20 14:18:43 | 000,057,344 | ---- | M] () -- C:\ProgramData\ildauukh.exe

[2012.08.17 20:59:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1696037778-3463843437-3674826648-1000Core.job

[2012.08.15 20:41:19 | 000,002,031 | ---- | M] () -- C:\Users\pm\Desktop\Google Chrome.lnk

[1 C:\Users\pm\AppData\Roaming\*.tmp files -> C:\Users\pm\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.08.20 16:28:34 | 000,001,462 | ---- | C] () -- C:\Users\pm\.recently-used.xbel

[2012.08.20 14:18:51 | 000,057,344 | ---- | C] () -- C:\ProgramData\ildauukh.exe

[2012.08.20 14:18:45 | 000,000,051 | ---- | C] () -- C:\ProgramData\wcffniocrhfcrhw

[2012.06.07 15:25:35 | 000,000,016 | ---- | C] () -- C:\Users\pm\AppData\Roaming\blckdom.res

[2012.02.25 18:57:58 | 000,000,600 | ---- | C] () -- C:\Users\pm\AppData\Local\PUTTY.RND

[2011.08.12 20:51:53 | 000,000,680 | ---- | C] () -- C:\Users\pm\AppData\Local\d3d9caps.dat

[2011.06.15 21:26:18 | 000,002,136 | ---- | C] () -- C:\Users\pm\AppData\Roaming\00B2.0AA

[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.02.12 16:45:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.02.28 20:58:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2009.10.30 22:12:05 | 000,000,041 | ---- | C] () -- C:\Users\pm\jMSCviewer.cfg

[2009.10.04 12:12:42 | 000,002,614 | ---- | C] () -- C:\Users\pm\.kdiff3rc

[2009.10.03 16:27:10 | 000,042,496 | ---- | C] () -- C:\Users\pm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 8 bytes -> C:\Windows:

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0A73A758
 

< End of report >

--- --- ---

Extras.txt
------------OTL Logfile:

Code:

OTL Extras logfile created on: 20.08.2012 19:26:36 - Run 2

OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\pm\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,75% Memory free

6,17 Gb Paging File | 5,80 Gb Available in Paging File | 94,01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 157,00 Gb Total Space | 72,45 Gb Free Space | 46,15% Space Free | Partition Type: NTFS

Drive D: | 58,59 Gb Total Space | 15,27 Gb Free Space | 26,06% Space Free | Partition Type: NTFS

Drive F: | 3,76 Gb Total Space | 0,31 Gb Free Space | 8,13% Space Free | Partition Type: FAT

Drive O: | 82,49 Gb Total Space | 63,51 Gb Free Space | 76,99% Space Free | Partition Type: NTFS

 

Computer Name: PM-PC | User Name: pm | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04CDE4E5-0FAF-4611-8041-5B30B34EDF19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{0BDE8743-4E79-4951-B0C6-D8640211B06E}" = lport=445 | protocol=6 | dir=in | app=system | 

"{20CC54A6-B685-42DD-A38A-FA1DEAA2090F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{24B7466B-A9E3-4EC5-896D-B2164DB0F16F}" = rport=139 | protocol=6 | dir=out | app=system | 

"{287C5201-98E1-4AD7-A18D-4E139BA7757E}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{2D060DD4-6E0E-49E2-BFA3-E0431225E51E}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{39FA9CFF-6644-4AAA-BD38-7CD5E6FD247C}" = lport=138 | protocol=17 | dir=in | app=system | 

"{3EE86BA6-B78B-40CF-B7C2-46B93D4B995E}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5269A6F1-6BA6-49D4-B7BE-EB2595C6276C}" = rport=137 | protocol=17 | dir=out | app=system | 

"{681F9A38-00AE-48B0-9A0E-C181597D1314}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{72B2E85F-BFC8-4662-AD32-2BDFF092F5DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7DB78CA0-8B10-4FEA-BC14-94D7C5F3BA0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{897F7004-66BC-4082-AC07-3E6299A88E49}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service | 

"{8B7152AE-FB68-44D7-9C0C-CC504F2E7E13}" = lport=139 | protocol=6 | dir=in | app=system | 

"{A4F26FE4-A6B7-4AF0-BD0A-AA54AD7B4DD4}" = rport=445 | protocol=6 | dir=out | app=system | 

"{AA8E84D3-A0C3-4FB9-BA8F-5D6CFD292C30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{C067A810-F5B4-44E9-8E0C-F498F2CDE85A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C1B85BB9-5266-4B84-8439-FC7A577A153D}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D0157F09-AB48-4F50-9024-0FE2179CFA44}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{D6889A99-BAC3-42BA-8D8C-8396257538D8}" = rport=138 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{002D24B5-D761-445A-86AD-CFF9C1577FD8}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 

"{02CEB671-F684-4344-964B-1C18EB96680C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{090EC0F1-F422-4023-B19F-CF9943122179}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{0C2DB98E-1537-4209-8080-11D50EDCA827}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{11FD7101-FCC7-4972-BB92-198F204180FE}" = protocol=6 | dir=in | app=d:\utilities\yahoomessenger\messenger\yahoomessenger.exe | 

"{185909C4-58A6-4536-8366-9F8000477B8E}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 

"{1AD5A8C0-5B3D-4566-802A-02FF174B1E06}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 

"{239E5980-5591-4D78-975F-025A3FDDC640}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2519CF8C-2523-45C7-9800-E7058A1CD86B}" = protocol=17 | dir=in | app=d:\utilities\yahoomessenger\messenger\yahoomessenger.exe | 

"{31EE7D16-F716-4FB9-AA00-BE5CCDCEA841}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{399E14E9-4A2E-4B68-B4E0-C5DA43E8B0C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{3FFC0C0D-C90D-474E-9245-B10515267709}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4AA616C1-D6B2-465C-ABE1-BDA7972413CA}" = protocol=6 | dir=in | app=d:\utilities\yahoomessenger\messenger\yserver.exe | 

"{4D2BEF67-A386-475A-AFF2-F2A2F6ED7B94}" = protocol=6 | dir=out | app=system | 

"{531345E3-915A-4BA9-8378-B27050D0599B}" = protocol=17 | dir=in | app=d:\utilities\yahoomessenger\messenger\yserver.exe | 

"{5695F33A-7178-4D3E-AD4E-68C7F7AF18AA}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe | 

"{61E0A7BC-DCCC-4D69-B91D-0374400CA6A3}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 

"{6729609B-C79D-4915-A65B-4B7A815E2A54}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe | 

"{720F7643-ABD1-4466-A56D-4183AD36F0B6}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe | 

"{7874FA1B-7372-4A4A-A3C2-BC855D38AEA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{78A4A1C3-2C2D-43E1-B8B0-C72CC31891A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{80DAB3BC-95CA-4E71-9706-8418FC3A5663}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 

"{8B4C3A4E-E278-477C-AB93-F2880F306783}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A4F37CAD-FA8D-4816-A6E7-7073E2ABE428}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{A82B1C8E-AD9D-4198-A771-791E93B61A50}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 

"{ACD817BB-CFBB-4759-9345-750CE98CEEDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AEDA48D6-DE3C-497E-A2AC-83AC6F91E143}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{B3B55EBB-7994-4D31-881F-4709CAB21372}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{B68B5DD6-5A33-45DF-9F78-BFA7750B78B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C1348AC0-EF05-4169-849E-581BBEE5E6DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C4417E9F-1422-4364-8443-A824ECE00DD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{C4E4586C-F061-47D7-80D8-45DFCABF120D}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 

"{C82EACC7-74EB-4672-A072-2CE6D900568B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CB6F704B-4080-4387-AC3F-96E948F45E24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{D952AC95-7A0F-487D-99EC-16E4FC207A57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{E2F69F5F-B790-4CDA-889D-6D8D67AE92F3}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 

"{EF0D546E-9707-4347-8F71-10779D8225D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{FF617729-D965-41F0-B345-B020013A23A3}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 

"TCP Query User{2621A225-7B0F-4098-9073-EE546D75E076}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{4F14B541-621F-4CBC-AD5D-6992ACFACE24}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{60036A03-E809-4CF2-8E35-037F8E0C750C}D:\development\eclipse\eclipse_3.6.2\eclipse.exe" = protocol=6 | dir=in | app=d:\development\eclipse\eclipse_3.6.2\eclipse.exe | 

"TCP Query User{62DEE941-9165-4507-BE06-B8EA990B8AF3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{9AE577BB-1F49-4689-AE74-D8367FFF503D}D:\development\eclipse\eclipse_3.6.2\eclipse.exe" = protocol=6 | dir=in | app=d:\development\eclipse\eclipse_3.6.2\eclipse.exe | 

"TCP Query User{A4539585-9BD2-4E59-8248-B9BF2B414172}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{EB1CB60F-E358-4792-B63D-7EF20DF2EB2E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{FD869869-C006-4560-A7FA-F64F57B937AD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{064D85FE-744E-4201-ADEE-48A67554AE00}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{0B263953-22EC-47AD-BB68-8072E938667E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{3A403BAE-12C2-4CB6-A37C-C62FEBAD7CFA}D:\development\eclipse\eclipse_3.6.2\eclipse.exe" = protocol=17 | dir=in | app=d:\development\eclipse\eclipse_3.6.2\eclipse.exe | 

"UDP Query User{47157189-C712-46B3-AF49-960704D01B75}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{744EA694-A657-4121-A63F-3CD17F80B130}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{758DFF4F-C001-4A72-B6D8-BF1413D85CCC}D:\development\eclipse\eclipse_3.6.2\eclipse.exe" = protocol=17 | dir=in | app=d:\development\eclipse\eclipse_3.6.2\eclipse.exe | 

"UDP Query User{DB745DEF-63B2-4D89-B7A3-B756E4549DEB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{E949F88C-C71A-458E-B8B5-466EEECF751C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0

"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16

"{32A3A4F4-B792-11D6-A78A-00B0D0150160}" = J2SE Development Kit 5.0 Update 16

"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23

"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26

"{3CF44BDE-BDDC-4510-A5CF-EBE97D1B8F73}" = eXperience112

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager

"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ADA5E0F-BD69-4AD9-94F5-CBC638D83AC3}" = Samsung PC Studio 3

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{64C6A3C3-7115-4480-B6E8-21BD5B480173}" = Virus TI Software Suite

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11146090}" = Big Kahuna Reef 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = MCF Ravenhearst

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0

"7-Zip" = 7-Zip 4.65

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Android SDK Tools" = Android SDK Tools

"AsUninst.exe" = Anvil Studio

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVMWLANCLI" = AVM FRITZ!WLAN

"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"FileZilla Client" = FileZilla Client 3.3.1

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition

"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Inkscape" = Inkscape 0.48.1 

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)

"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)

"Native Instruments Battery 2 Demo" = Native Instruments Battery 2 Demo

"Native Instruments Battery 3" = Native Instruments Battery 3

"Netzmanager" = Netzmanager

"NI Service Center" = NI Service Center

"NVIDIA Drivers" = NVIDIA Drivers

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"Samplitude Music Studio 15 D" = Samplitude Music Studio 15 15.0.1.0 (D)

"SpeedFan" = SpeedFan (remove only)

"USB_AUDIO_DEAccess_Virus" = Virus TI Driver

"VLC media player" = VLC media player 1.0.3

"xplorer2p" = xplorer² professional

"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Toolbar" = Yahoo! Toolbar

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1696037778-3463843437-3674826648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10.06.2012 11:57:09 | Computer Name = pm-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 30.06.2012 10:16:49 | Computer Name = pm-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung adb.exe, Version 0.0.0.0, Zeitstempel 0x4ea5dc09,

 fehlerhaftes Modul WINUSB.DLL, Version 6.0.6000.16386, Zeitstempel 0x4549be30, 

Ausnahmecode 0xc0000005, Fehleroffset 0x00002522,  Prozess-ID 0x17ac, Anwendungsstartzeit

 01cd480d15811c10.

 

Error - 01.07.2012 06:22:28 | Computer Name = pm-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 01.07.2012 16:27:38 | Computer Name = pm-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung adb.exe, Version 0.0.0.0, Zeitstempel 0x4ea5dc09,

 fehlerhaftes Modul WINUSB.DLL, Version 6.0.6000.16386, Zeitstempel 0x4549be30, 

Ausnahmecode 0xc0000005, Fehleroffset 0x00002522,  Prozess-ID 0x14a8, Anwendungsstartzeit

 01cd578795a6caf0.

 

Error - 12.08.2012 14:42:51 | Computer Name = pm-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 15.08.2012 15:53:07 | Computer Name = pm-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3523, Zeitstempel

 0x4a92de61, fehlerhaftes Modul PSDProtect.dll, Version 3.0.0.2, Zeitstempel 0x47cd6a90,

 Ausnahmecode 0x40000015, Fehleroffset 0x0000aea3,  Prozess-ID 0xbc0, Anwendungsstartzeit

 01cd78baec53b760.

 

Error - 17.08.2012 12:19:40 | Computer Name = pm-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6000.16771, Zeitstempel

 0x4907deda, fehlerhaftes Modul PhotoViewer.dll, Version 6.0.6000.16386, Zeitstempel

 0x4549bdab, Ausnahmecode 0xc0000005, Fehleroffset 0x00050c2f,  Prozess-ID 0x11cc,

 Anwendungsstartzeit 01cd78c0e40c84a0.

 

Error - 20.08.2012 08:18:45 | Computer Name = pm-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.1.0.137, Zeitstempel

 0x46444e37, fehlerhaftes Modul Multimedia.api, Version 8.1.0.137, Zeitstempel 0x464447dc,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00030cbc,  Prozess-ID 0xc84, Anwendungsstartzeit

 01cd7ecde7756b80.

 

Error - 20.08.2012 09:07:49 | Computer Name = pm-PC | Source = EventSystem | ID = 4609

Description = 

 

Error - 20.08.2012 10:12:42 | Computer Name = pm-PC | Source = EventSystem | ID = 4609

Description = 

 

[ System Events ]

Error - 16.12.2010 22:24:50 | Computer Name = pm-PC | Source = ACPI | ID = 327685

Description = AMLI: ACPI-BIOS versucht, in eine ungültige E/A-Portadresse (0x70)

 zu schreiben, die sich in "0x70 - 0x71", einem  geschützten Adressbereich befindet.

 Dies kann zu Systeminstabilität führen. Wenden Sie sich an den Systemhersteller,

um

 technische Unterstützung zu erhalten.

 

Error - 16.12.2010 22:24:50 | Computer Name = pm-PC | Source = ACPI | ID = 327684

Description = AMLI: ACPI-BIOS versucht, von einer ungültigen E/A-Portadresse (0x71)

 zu lesen, die sich in "0x70 - 0x71", einem  geschützten Adressbereich, befindet. 

Dies kann zu Systeminstabilität führen. Wenden Sie sich and den Systemhersteller,

um

 technische Unterstützung zu erhalten.

 

Error - 16.12.2010 22:24:51 | Computer Name = pm-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz

 11, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung

 zu erhalten.

 

Error - 16.12.2010 22:24:51 | Computer Name = pm-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz

 12, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung

 zu erhalten.

 

Error - 16.12.2010 22:24:51 | Computer Name = pm-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz

 13, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung

 zu erhalten.

 

 

< End of report >

--- --- ---

Ich hab nun wie beschrieben mit OTL den Fix durchgeführt. OTL wollte dann auch einen Neustart. Ich habe den Rechner dann auch ganz normal booten lassen (also nicht im abgesicherten Modus). Allerdings kam dann bei Hochfahren von Windows ein Popup:

"An Windows wurde eine nicht autorisierte Änderung vorgenommen.
Windows hat eine Änderung erkannt, die eine eingeschränkte Windows-Funktionalität verursacht, ..."
Vom Popup hab ich ein Bild: www.fen-net.de/~na468/tmp/Windows_warn_message.jpg

Ich hab dann wieder im abgesicherten Modus gestartet und das Log zum OTL-Fix geholt:

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1696037778-3463843437-3674826648-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
HKEY_USERS\S-1-5-21-1696037778-3463843437-3674826648-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1696037778-3463843437-3674826648-1000\Software\Microsoft\Internet Explorer\SearchScopes\{738FA51F-40A9-440E-B3D2-721FE519490C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{738FA51F-40A9-440E-B3D2-721FE519490C}\ not found.
HKU\S-1-5-21-1696037778-3463843437-3674826648-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 removed from extensions.enabledItems
Prefs.js: "84.14.229.122" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder not found.
Registry value HKEY_USERS\S-1-5-21-1696037778-3463843437-3674826648-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ildauukhxpvmdcz deleted successfully.
C:\ProgramData\ildauukh.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File F:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{571c8a3a-582e-11e1-9bea-bd4e755bd399}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571c8a3a-582e-11e1-9bea-bd4e755bd399}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{571c8a3a-582e-11e1-9bea-bd4e755bd399}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{571c8a3a-582e-11e1-9bea-bd4e755bd399}\ not found.
File F:\autorun.exe not found.
C:\ProgramData\zongczmhxscpksa folder moved successfully.
C:\ProgramData\wcffniocrhfcrhw moved successfully.
File C:\ProgramData\ildauukh.exe not found.
Unable to delete ADS C:\Windows: .
ADS C:\ProgramData\Temp:0A73A758 deleted successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1696037778-3463843437-3674826648-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1696037778-3463843437-3674826648-1000Core.job moved successfully.
C:\USERS\PM\APPDATA\Roaming\01040\components folder moved successfully.
C:\USERS\PM\APPDATA\Roaming\01040 folder moved successfully.
C:\Users\pm\AppData\Roaming\blckdom.res moved successfully.
========== FILES ==========
File\Folder C:\USERS\PM\APPDATA\Roaming\0104* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\pm\Desktop\cmd.bat deleted successfully.
C:\Users\pm\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pm
->Temp folder emptied: 994456425 bytes
->Temporary Internet Files folder emptied: 66903383 bytes
->Java cache emptied: 113131996 bytes
->FireFox cache emptied: 66175481 bytes
->Google Chrome cache emptied: 153310670 bytes
->Flash cache emptied: 227263 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170447201 bytes
RecycleBin emptied: 610875898 bytes

Total Files Cleaned = 2.075,00 mb

OTL by OldTimer - Version 3.2.58.1 log created on 08212012_091925