Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschrim nach Modzilla start

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.10.2012, 19:47   #1
mojo22215
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Guten Tag,

habe das selbe Problem wie mach anderer hier und erhalte nach starten des PC's nur einen Weißen bildschrim mit der aufschrift : Programm konnte die seite nicht anzeigen. (Durch Mov***k verursacht)

habe mir bereits oldtimer geladen und bitte nun um eine kleine anleitung und den text.


Vielen Lieben dank für die Hilfe


(ab jetzt lass ich auch die finger von dem scheiß ._. )

Geändert von mojo22215 (04.10.2012 um 20:10 Uhr)

Alt 04.10.2012, 20:00   #2
mojo22215
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



habe bereits den OTL von Oldtimer durchgeführt und folgende texte erhalten :

OTL.txt.datei:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.10.2012 20:37:44 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Seven\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 80,94% Memory free
8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 10,70 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive D: | 416,83 Gb Total Space | 121,96 Gb Free Space | 29,26% Space Free | Partition Type: NTFS
Drive Z: | 100,00 Mb Total Space | 61,69 Mb Free Space | 61,69% Space Free | Partition Type: NTFS
 
Computer Name: SEVEN-PC | User Name: Seven | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 20:19:31 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Seven\Downloads\OTL.exe
PRC - [2012.09.07 21:11:04 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.06 19:35:03 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2011.08.18 16:25:12 | 001,101,960 | ---- | M] () -- D:\Programme\AD-Ware\AWSC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.07 21:11:04 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.09.06 19:35:03 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.25 16:08:45 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.20 22:45:17 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 21:11:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.05 19:00:14 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.08.15 12:44:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\Games\Smite\HiPatchService.exe -- (HiPatchService)
SRV - [2012.02.27 21:48:37 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.19 16:33:50 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- D:\Programme\AD-Ware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.12.19 15:46:42 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Programme\AVG\avgwdsvc.exe -- (avg9wd)
SRV - [2011.12.19 15:44:49 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Programme\AVG\avgemc.exe -- (avg9emc)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\AVG\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.28 17:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.05 19:00:26 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.20 11:22:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011.12.20 02:17:26 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.12.19 15:46:44 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011.12.19 15:46:44 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.08.18 16:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 7B 07 A4 51 BE CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..network.proxy.http: "199.195.109.21"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@mail.ru/GameCenter: C:\Users\Seven\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll (Mail.Ru)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Programme\AVG\Firefox [2011.12.19 16:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.05 19:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 21:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 21:11:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.19 15:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\Extensions
[2012.09.17 19:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions
[2012.07.25 20:39:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.08 19:56:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.17 19:43:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.02 20:24:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012.09.16 19:54:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\ich@maltegoetz.de
[2012.08.22 22:38:56 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\firefox\profiles\tu6lldje.default\extensions\ciuvo-extension@icq.de.xpi
[2012.08.29 22:56:07 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\firefox\profiles\tu6lldje.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.09.27 20:42:35 | 000,001,056 | ---- | M] () -- C:\Users\Seven\AppData\Roaming\mozilla\firefox\profiles\tu6lldje.default\searchplugins\icqplugin.xml
[2012.09.11 20:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 21:11:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 23:05:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 19:00:05 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.31 19:12:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 23:05:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 23:05:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 23:05:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 23:05:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 13:18:54 | 000,002,152 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns.adobe.de
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.de
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.de
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.de
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.de
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.de 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.de
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 19 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\AVG\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] D:\Programme\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Azrove] C:\Users\Seven\AppData\Roaming\Etaf\ilymg.exe File not found
O4 - HKCU..\Run: [dsteegzxzxtwuff] C:\ProgramData\dsteegzx.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Seven\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\Icq7\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\Icq7\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C2DF0ED-F4F5-4539-8599-7C8C2EADBAE6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell - "" = AutoRun
O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell - "" = AutoRun
O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell\AutoRun\command - "" = H:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BambooCore - hkey= - key= - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: GameCenterMailRu - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: lxeamon.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Sony PC Companion - hkey= - key= - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Programme\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Unable to open variant key
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 19:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ifjeqzbxzmaphvc
[2012.10.03 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Zuby
[2012.10.03 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Quir
[2012.10.03 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Etaf
[2012.10.03 01:14:22 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\runic games
[2012.09.30 19:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2012.09.30 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2012.09.30 18:59:46 | 001,711,104 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysNative\synsoacc.dll
[2012.09.30 18:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eLicenser
[2012.09.22 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\Games for Windows - LIVE Demos
[2012.09.22 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.09.21 17:55:13 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Spotify
[2012.09.21 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Spotify
[2012.09.07 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.05 19:00:26 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 20:04:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.10.04 20:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 20:04:06 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 19:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 19:39:33 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 19:39:33 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 19:26:05 | 000,076,359 | ---- | M] () -- C:\ProgramData\hxrnlgtkhzhiiqg
[2012.10.04 19:26:01 | 000,105,984 | ---- | M] () -- C:\Users\Seven\ms.exe
[2012.10.04 19:26:01 | 000,105,984 | ---- | M] () -- C:\ProgramData\dsteegzx.exe
[2012.10.04 18:55:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.10.04 18:55:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.10.04 18:54:35 | 096,450,964 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012.09.30 19:01:24 | 000,002,892 | ---- | M] () -- C:\Windows\SysWow64\audcon.sys
[2012.09.30 18:59:47 | 000,000,051 | ---- | M] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012.09.28 19:19:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.28 19:19:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.28 19:19:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.28 19:19:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.28 19:19:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.20 20:34:09 | 000,000,818 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.09.05 19:00:26 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 20:04:26 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.10.04 19:26:04 | 000,105,984 | ---- | C] () -- C:\ProgramData\dsteegzx.exe
[2012.10.04 19:26:02 | 000,076,359 | ---- | C] () -- C:\ProgramData\hxrnlgtkhzhiiqg
[2012.10.04 19:26:01 | 000,105,984 | ---- | C] () -- C:\Users\Seven\ms.exe
[2012.09.30 19:01:24 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012.09.30 18:59:47 | 000,147,425 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Aide.chm
[2012.09.30 18:59:46 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2012.09.30 18:59:46 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2012.09.30 18:59:46 | 000,120,468 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Hilfe.chm
[2012.09.30 18:59:46 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2012.09.30 18:59:46 | 000,114,279 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Help.chm
[2012.09.30 18:59:43 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012.09.30 18:59:43 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012.09.21 17:55:13 | 000,001,799 | ---- | C] () -- C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.07.07 17:25:06 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.27 21:48:39 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.27 21:48:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 18:38:14 | 000,000,132 | ---- | C] () -- C:\Users\Seven\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.31 03:48:16 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.12.26 13:46:23 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2011.12.26 13:46:22 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2011.12.22 21:44:49 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.12.22 21:44:49 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.12.21 01:14:12 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.12.19 15:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.07 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Audacity
[2012.06.03 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Braid
[2012.07.31 00:17:57 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\DAEMON Tools Lite
[2012.05.11 18:10:45 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\DVDVideoSoft
[2012.02.08 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.04 19:31:35 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Etaf
[2011.12.23 02:20:19 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\FRITZ!
[2012.10.01 23:03:59 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\ICQ
[2011.12.19 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\IObit
[2011.12.19 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\LolClient
[2012.05.25 12:31:34 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\LolClient2
[2011.12.30 14:10:16 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\OpenOffice.org
[2012.05.27 15:45:20 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\PACE Anti-Piracy
[2012.10.04 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Quir
[2012.10.03 01:14:22 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\runic games
[2012.10.04 19:38:41 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Spotify
[2012.05.27 15:50:26 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.10.03 16:14:24 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Steinberg
[2012.07.25 00:18:40 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\TS3Client
[2011.12.29 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Ubisoft
[2012.10.03 16:14:24 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\VST3 Presets
[2012.05.11 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Wacom
[2012.05.11 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.08.31 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\YourFileDownloader
[2012.10.03 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Zuby
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.21 19:47:15 | 000,000,000 | -H-D | M] -- C:\$AVG
[2012.07.13 21:23:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.01 13:30:25 | 000,000,000 | ---D | M] -- C:\AMD
[2011.12.19 15:29:01 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.19 15:15:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.26 13:59:49 | 000,000,000 | ---D | M] -- C:\logs
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.03 16:09:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.03 16:16:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.04 19:26:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.19 15:15:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.19 15:15:01 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.04 18:51:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.19 15:15:13 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.04 20:04:06 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.07 14:07:59 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.04 20:04:26 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.05.11 18:41:28 | 000,000,002 | ---- | M] () -- C:\Users\Seven\.bdockinstall.log
[2012.06.10 11:45:53 | 000,069,831 | ---- | M] () -- C:\Users\Seven\DesktopStCenter.txt
[2012.10.04 19:26:01 | 000,105,984 | ---- | M] () -- C:\Users\Seven\ms.exe
[2012.10.04 20:42:43 | 002,883,584 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT
[2012.10.04 20:42:42 | 000,262,144 | -HS- | M] () -- C:\Users\Seven\ntuser.dat.LOG1
[2011.12.19 15:15:16 | 000,000,000 | -HS- | M] () -- C:\Users\Seven\ntuser.dat.LOG2
[2011.12.19 15:19:52 | 000,065,536 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.19 15:19:52 | 000,524,288 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.19 15:19:52 | 000,524,288 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.12.19 15:15:16 | 000,000,020 | -HS- | M] () -- C:\Users\Seven\ntuser.ini
[2012.07.14 02:03:37 | 000,062,976 | -HS- | M] () -- C:\Users\Seven\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1248 bytes -> C:\Users\Seven\AppData\Local\Temp:HVwps2Wks5HfWCfjLdIwUa
@Alternate Data Stream - 1180 bytes -> C:\Users\Seven\AppData\Local\Temp:xgxtGMbprvYvdcwHU79JeDWQ

< End of report >
         
--- --- ---
.
.
.
.
.

extra.txt.datei :OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.10.2012 20:37:44 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Seven\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 80,94% Memory free
8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 10,70 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive D: | 416,83 Gb Total Space | 121,96 Gb Free Space | 29,26% Space Free | Partition Type: NTFS
Drive Z: | 100,00 Mb Total Space | 61,69 Mb Free Space | 61,69% Space Free | Partition Type: NTFS
 
Computer Name: SEVEN-PC | User Name: Seven | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe Creative Suite 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe Creative Suite 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A0F21E-112E-410D-A45E-C6AC45EED0C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{09019D06-2B50-4118-B979-9A2F317BC6DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C3C49AA-3FAA-4EF2-9EAA-80C3D82209F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19C90A4D-D3B4-4DCB-9C15-BB77254FC64B}" = lport=59023 | protocol=17 | dir=in | name=pando media booster | 
"{1E3B74FB-C5A0-4633-AAB9-4BDC07EBE3B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2E735434-6A42-4720-B496-7318DF078482}" = rport=445 | protocol=6 | dir=out | app=system | 
"{30318389-5D43-46E2-BA54-287C08F9AFD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{305C6589-B477-42D0-84C0-2980E9A348E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{353FC863-2E54-45D3-A4C8-65DAAE32E4E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50362F35-1273-4452-9202-C6D5E57F754E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{56440972-D293-462B-9BC0-D50BC471379B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5CC51FD3-44C8-41C5-8FFD-494E860290DD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F270CA2-8A94-4526-9FCC-1086D3CCEF8F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{702421F6-48FC-431F-AFF6-C8F066C2A6C0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{74670E63-E1D2-4D78-8F7F-7F6288BABA7C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{84B63441-4BA8-4C5F-8A4E-410096D5C70B}" = lport=59023 | protocol=17 | dir=in | name=pando media booster | 
"{8649CD6B-0377-4AB9-8366-398FAE486CDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{87A78AC1-E4DC-4A7D-82BA-F27A6EDE8179}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A049C766-A366-4E28-9A13-63125FFFCF8A}" = lport=59023 | protocol=6 | dir=in | name=pando media booster | 
"{AF3A7486-9FEC-4272-A309-B1070F7EE877}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BB598F63-AAF0-4E78-8070-FF1732CD3341}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{BD8AA0AE-B2B7-4093-88E8-E9407178BB0D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DDC7B6C1-7BF0-43C4-B517-83B09BD1A7AB}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{DE1804A0-5586-48F9-AA02-7735DF21BF0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2504786-1212-496D-9504-72E903FB1AFD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E6EA3BF1-96DD-4389-8FA0-8FA231E4D4B4}" = lport=59023 | protocol=6 | dir=in | name=pando media booster | 
"{F1525A98-44B2-459C-80BD-18E83DC086AC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F1994D3A-51B8-45CA-8B87-EFF85509986B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBBD1CBD-6984-4096-AD0D-56110C07C7B0}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A6CF1B-B1AE-4D7C-B425-CB12794E6706}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\torchlight\torchlight.exe | 
"{0771F7EC-3175-4183-8412-B119A39F762F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{07A7254B-2E3F-4005-A072-DD72D61EB72F}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{07CD126E-D610-4696-8E36-1253A47DA513}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{086664E4-80AD-4052-8990-378977177650}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{094047B6-FCA8-44F4-BE4D-BABAE57D90B3}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{0B727EF4-2959-4492-9D41-4971E8011CEC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0BA01CE7-3810-424A-9AC3-A606236BD09F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0EBE088F-3395-4BA3-A3A5-3048700BF092}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1128E111-CE95-44F4-9820-078112DAC8C8}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe | 
"{1206D464-3208-4B2F-9A1F-CBC649B6B8DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A442E38-2DAA-4D93-9002-E29A38228056}" = dir=in | app=d:\programme\avg\avgupd.exe | 
"{1D6E9C41-489A-453F-8DAE-AABFC373C3B2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{25311B31-D72A-41B0-A181-8B335E1F6089}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe | 
"{258E1156-4AEF-47BB-B6D7-45EEAD61CB75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2B222BF1-FBD4-4E38-9920-ADDC991BD713}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{30ECBFCD-B319-4D3E-8BE1-64215D78CC6F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{32258D04-EA12-4D54-8B5B-5A3774FDD675}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{3303FF50-F5B1-4A43-911F-CABD1CCFE74E}" = dir=in | app=d:\programme\avg\avgnsa.exe | 
"{34CC6206-141B-4E12-9078-B196FC298FD7}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{3581352C-944F-41A6-813E-877962DAE099}" = protocol=17 | dir=in | app=d:\games\riot games\league of legends\game\league of legends.exe | 
"{3800B555-461C-40D4-ABAB-1D4568B9C620}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\moinneseli\counter-strike source\hl2.exe | 
"{39FD4F2D-7046-492C-A18F-44195BCD215A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3B8BE04F-707F-44F9-A585-B2D9D1EF464A}" = dir=in | app=d:\programme\avg\avgemc.exe | 
"{415241C9-56B1-4BC4-AA85-FF5FEE1FFBAE}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{423EC8EA-0F52-483E-BF01-1BA38AA8FB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{42D0EEAF-F211-47E7-8EF0-A965750226F4}" = protocol=17 | dir=in | app=d:\games\riot games\league of legends\air\lolclient.exe | 
"{44BA2AC2-ABA7-425A-B538-10EC77172949}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{46B3C77F-A9B2-4964-AD31-AF905961ACAF}" = protocol=17 | dir=in | app=d:\games\batman_asylum\binaries\shippingpc-bmgame.exe | 
"{46B50C59-6945-4F96-AE41-1CCC5A731971}" = protocol=17 | dir=in | app=e:\alicecd.exe | 
"{49B6A4F4-964A-4214-9AC6-F7BAD3F333FF}" = protocol=17 | dir=in | app=d:\games\assasins creed ii\assassinscreediigame.exe | 
"{4E48F2EE-436B-48F6-BEA9-556EEA904E03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{50053230-DE1A-4910-970F-E24FB59ECA75}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{518ECCE8-629B-4103-A0F9-E2CBA558EBCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{542F95FB-7EF9-42CF-8CF1-2F06ED116D0D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{56000D40-E254-432B-B759-6224A69B5AD8}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{56B48694-B8C8-42EF-A8E6-46C324490673}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe | 
"{5C22F230-9C57-48EE-9017-CE3487ADC5AC}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{5D4F43D7-97F2-4248-AA20-EE9081A81AE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E56E538-A8B4-4063-9AD6-110D90834C95}" = protocol=6 | dir=in | app=d:\games\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{626863CC-BD53-4AF7-8E5F-B4E2C420DCF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{646853D6-AB6C-4BBD-B8C5-EAD347AB15D9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{6682FB6F-3D00-4AA2-9439-392414B11B23}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe | 
"{682C9FE2-D7E0-4AE0-B902-88F7DD314FF2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{69D243EE-14CE-4B55-9447-95D42A4E36B8}" = protocol=6 | dir=in | app=d:\games\riot games\league of legends\air\lolclient.exe | 
"{6ACC0D7A-4A85-41B3-B9CD-A9A7C5C5297A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7024BB1B-0E53-4690-8434-1A1FB81EB31A}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{73F3AE0A-8BB2-4A2C-BCE5-128817794852}" = protocol=17 | dir=in | app=d:\games\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{7430F714-6647-495A-B7BC-E360F0323873}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75BE2DDB-F308-403C-8F61-86B93A9C1FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7713AE58-D6F7-4AAD-80BD-ADC9C044C7F3}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe | 
"{77359879-78B1-48E1-A64E-1BEAD5EF23F0}" = protocol=6 | dir=out | app=system | 
"{871CCC64-9F31-4422-BB31-8033045A309B}" = protocol=6 | dir=in | app=d:\games\assasins creed ii\uplaybrowser.exe | 
"{87A682DE-2973-4231-887B-4CA7D43D30F0}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{87CF10D4-EB7C-4BAE-835D-65266CA09969}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{8F454C25-E99E-4B12-91D0-0F1F96D87FB4}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe | 
"{9120E162-2D0C-4E92-B57F-D01D1D61BFAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{99FA85E6-3894-47B6-A02C-A5741B5C78F2}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe | 
"{9FC17EF1-060B-4DCF-B8E3-64D69D4684FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A49AA610-AA25-4020-AAF2-13304869D663}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe | 
"{A9A97A53-2ECF-4493-80AC-4DCDD400911D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{AA399B82-5870-46B8-B36F-B4909FB9D073}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{ABA4E463-70D5-4735-AE56-FA09DD1B7F1E}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\moinneseli\counter-strike source\hl2.exe | 
"{AC1AF938-676E-45EB-9C50-75CDA2B132FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0A7C346-777D-4861-AA10-267BEE6CEAE1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B385BA5B-D1D2-4B24-B478-AE980B457A68}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{B4894610-FFB8-4D65-A795-3C118BCDC065}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BBC2C38E-07FA-4D41-8A29-BE582819888C}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe | 
"{C1338284-B87D-4638-B2CE-33F015476C42}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{C38C9B1C-3032-46A5-978B-E92C5BCF7CA4}" = protocol=6 | dir=in | app=d:\games\riot games\league of legends\game\league of legends.exe | 
"{CCCA26F0-F6F5-4708-8BC2-5321DC9D0085}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe | 
"{CEAAA99A-0D65-4F83-B5E6-4CB45FC62B3B}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe | 
"{D090FB93-EB18-4248-AA23-5D18AD61A104}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{D0ABA17E-A951-45F7-9D0B-CAE2293041F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D518B46C-B200-41C3-88B0-2253979BFB24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5BCB82E-110E-4EC9-AF41-64ED2E5B3108}" = protocol=6 | dir=in | app=d:\games\assasins creed ii\assassinscreediigame.exe | 
"{D9658B25-8B57-4B63-B35D-3193F5124935}" = protocol=6 | dir=in | app=d:\games\assasins creed ii\assassinscreedii.exe | 
"{E052E830-1A14-4104-BF89-23E3E11D54B7}" = protocol=17 | dir=in | app=d:\games\assasins creed ii\assassinscreedii.exe | 
"{E21B24F8-587D-4D36-8A32-61F3E3DD5FCB}" = protocol=6 | dir=in | app=d:\games\batman_asylum\binaries\shippingpc-bmgame.exe | 
"{E784A58D-FBE6-4D84-95A4-E56F19CAE716}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe | 
"{E8C42FE8-3A0B-40B0-836C-D61B839B2B3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EE4494CD-B57A-4B0C-BB91-E300BFD77189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE9713F1-F039-4B08-92C8-1EF0901E13F6}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{EEF060A1-8822-4E60-B660-5AE2DCF72935}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EF588B67-8BD6-4E03-AE19-557AF23DE7C9}" = protocol=17 | dir=in | app=d:\games\assasins creed ii\uplaybrowser.exe | 
"{F1BA1B89-D666-454D-AAF8-9D0429BA84F0}" = protocol=6 | dir=in | app=e:\alicecd.exe | 
"{F4A444F8-4D4A-44F9-B96C-9FC45D881C52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F936155A-8219-4220-A1FC-788B7B71AE29}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe | 
"{FA63F864-1C57-4D07-8F32-4B0BCB573692}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FCD96D59-48B2-4A28-A85C-CD6B7296F7D6}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe | 
"{FD06CD37-B9FB-439E-8C54-87F3ED05C6B2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\torchlight\torchlight.exe | 
"{FE068F27-0683-4C2A-8B96-A8CE50D9F777}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe | 
"{FE25CC4E-AD2A-4C56-9650-43101B08451A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe | 
"TCP Query User{0B216A71-DE23-444E-8CB3-7DE5A1307A05}D:\games\hon\hon.exe" = protocol=6 | dir=in | app=d:\games\hon\hon.exe | 
"TCP Query User{0E8872AD-2001-4595-B8DC-B161E88C2628}D:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe | 
"TCP Query User{1C94E711-FE54-48A2-9874-31005C50EF93}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{5E2FEE2B-61CA-4D92-92C7-8F00E5727816}D:\programme\icq7\icq7.7\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe | 
"TCP Query User{64440937-EDA7-4AFA-9524-64CD5355B864}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe | 
"TCP Query User{794815CB-CEC3-4B76-B055-54CD825E709B}C:\users\seven\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\local\temp\gw2.exe | 
"TCP Query User{7C9CB44B-CD7C-43B2-90A0-8BDC28292043}D:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe | 
"TCP Query User{812C40F6-986E-4DEB-A8B1-63F1471E8A78}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{8BDFC30D-8A7A-4A9F-9155-9FA8EC7C78CC}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{8ECCFCD8-315F-454B-9F40-7BB76C1D86D1}C:\users\seven\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{BBE66F8F-B012-49D8-AF62-B04F51E2BB03}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C63014A3-6277-488C-999A-B76E97EE7B9C}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe | 
"TCP Query User{E9331241-1997-4E8F-B85D-E9E577D730D2}D:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe | 
"TCP Query User{EBE64BFF-40A1-4F57-9478-DA5E22C6C1EF}D:\programme\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=d:\programme\lolreplay\lolreplay.exe | 
"TCP Query User{FA8EDF83-D87B-42FA-82B8-75F359D30538}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"UDP Query User{1B5FF148-2065-4005-8886-9D301DBB96D6}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe | 
"UDP Query User{29627376-87D1-4C32-AE46-85B5E4B62011}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe | 
"UDP Query User{2C883F4D-2C18-46CD-8545-BA139A03F24A}C:\users\seven\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\local\temp\gw2.exe | 
"UDP Query User{2D5B8988-CB73-473D-A197-264CF9399AB5}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{4558283E-1B34-4AE8-845C-9F0CC764C7ED}D:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe | 
"UDP Query User{50FF3480-1151-490E-9FA1-F60119D47AC8}C:\users\seven\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{65518E92-58C2-46A5-A9BB-2B4EDD61EA36}D:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe | 
"UDP Query User{7CE7375D-3616-4CB1-B266-BD4DEEC36E28}D:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe | 
"UDP Query User{A44AF554-43C1-43F0-A559-7D56C58C91FC}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"UDP Query User{AD2A5710-9BCD-402D-984A-6322DC6FD904}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{C673719C-8474-4B20-B2EE-FF2A49EB471C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{CE427A72-ABF1-45EC-BEB9-B17B62CFA7E1}D:\games\hon\hon.exe" = protocol=17 | dir=in | app=d:\games\hon\hon.exe | 
"UDP Query User{EB9EC281-BDD2-46F1-A565-3ED1204543A0}D:\programme\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=d:\programme\lolreplay\lolreplay.exe | 
"UDP Query User{F11648E4-B997-4BD0-A474-4DBFE094EC5F}D:\programme\icq7\icq7.7\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe | 
"UDP Query User{F8253143-5329-46CB-8A8C-B05FB44DDF2E}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In 
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7604A79D-245D-45BB-AFBB-975DE69FFF80}" = Digidesign M-Audio Keyboard Personality 8.0
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFABC775-5386-4BA5-86B4-505BBD36E812}" = Batman: Arkham Asylum Game of the Year Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"Audiograbber" = Audiograbber 1.83 SE 
"AVG9Uninstall" = AVG Free 9.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bamboo Dock" = Bamboo Dock
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Commandos 2: Men of Courage_is1" = Commandos 2: Men of Courage
"Commandos 3: Destination Berlin_is1" = Commandos 3: Destination Berlin
"Commandos Strike Force_is1" = Commandos Strike Force
"Commandos: Hinter feindlichen Linien_is1" = Commandos: Hinter feindlichen Linien
"Commandos: Im Auftrag der Ehre_is1" = Commandos: Im Auftrag der Ehre
"Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros._is1" = Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros. version 1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"GamersFirst LIVE!" = GamersFirst LIVE!
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Guild Wars 2" = Guild Wars 2
"LOLReplay" = LOLReplay
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Massive" = Native Instruments Massive
"NCLauncher_GameForge" = NC Launcher (GameForge)
"PunkBusterSvc" = PunkBuster Services
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 10" = Counter-Strike
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 240" = Counter-Strike: Source
"Steam App 41500" = Torchlight
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.3
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameCenterMailRu" = Игровой центр@Mail.Ru
"Limbo" = LIMBO
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.10.2012 13:24:53 | Computer Name = Seven-PC | Source = TabletServicePen | ID = 1
Description = 
 
Error - 04.10.2012 12:51:15 | Computer Name = Seven-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgtray.exe, Version: 9.0.0.926, 
Zeitstempel: 0x4f13ec5a  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001528e  ID des fehlerhaften
 Prozesses: 0x2dc  Startzeit der fehlerhaften Anwendung: 0x01cda2506dafa760  Pfad der
 fehlerhaften Anwendung: D:\Programme\AVG\avgtray.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: b53763c0-0e43-11e2-8a26-90e6bae1ce2e
 
Error - 04.10.2012 13:11:39 | Computer Name = Seven-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1444    Startzeit:
 01cda25199bceab0    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 8d60d041-0e46-11e2-8a26-90e6bae1ce2e  
 
Error - 04.10.2012 13:14:27 | Computer Name = Seven-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 568    Startzeit: 
01cda253aeb5d7a4    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 f0ec6715-0e46-11e2-8a26-90e6bae1ce2e  
 
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
 Fehler: 12007 (0x2ee7).
 
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
 Fehler: Diese Netzwerkverbindung ist nicht vorhanden.  .
 
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
 Fehler: Diese Netzwerkverbindung ist nicht vorhanden.  .
 
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
 Fehler: Diese Netzwerkverbindung ist nicht vorhanden.  .
 
Error - 04.10.2012 14:42:33 | Computer Name = Seven-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Seven\Downloads\SoftonicDownloader_fuer_audacity.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 04.10.2012 14:42:33 | Computer Name = Seven-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Seven\Downloads\SoftonicDownloader_fuer_easeus-data-recovery-wizard.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
[ System Events ]
Error - 19.08.2012 11:12:32 | Computer Name = Seven-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.08.2012 14:26:07 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 19.08.2012 14:26:11 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxeaCATSCustConnectService erreicht.
 
Error - 19.08.2012 14:26:11 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 19.08.2012 14:26:40 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 20.08.2012 16:32:03 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 20.08.2012 16:32:07 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxeaCATSCustConnectService erreicht.
 
Error - 20.08.2012 16:32:07 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 20.08.2012 16:32:28 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 20.08.2012 16:34:21 | Computer Name = Seven-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---
__________________


Geändert von mojo22215 (04.10.2012 um 20:11 Uhr)

Alt 05.10.2012, 01:14   #3
t'john
/// Helfer-Team
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start





Wichtig:
Loesche zuerst die OTL Version die du hast (hat einen Bug)
und lade diese: OTL Download - OTL 3.2.69.0


Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=dsp&q={searchTerms} 
FF - prefs.js..browser.search.defaultenginename: "" 
FF - prefs.js..browser.search.selectedEngine: "" 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 
FF - prefs.js..network.proxy.http: "199.195.109.21" 
FF - prefs.js..network.proxy.http_port: 9090 
FF - prefs.js..network.proxy.type: 2 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.05 19:00:49 | 000,000,000 | ---D | M] 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. 
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe () 
O4 - HKCU..\Run: [Azrove] C:\Users\Seven\AppData\Roaming\Etaf\ilymg.exe File not found 
O4 - HKCU..\Run: [dsteegzxzxtwuff] C:\ProgramData\dsteegzx.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell - "" = AutoRun 
O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell\AutoRun\command - "" = F:\autorun.exe 
O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell - "" = AutoRun 
O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell\AutoRun\command - "" = H:\Startme.exe 
@Alternate Data Stream - 1248 bytes -> C:\Users\Seven\AppData\Local\Temp:HVwps2Wks5HfWCfjLdIwUa 
@Alternate Data Stream - 1180 bytes -> C:\Users\Seven\AppData\Local\Temp:xgxtGMbprvYvdcwHU79JeDWQ 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Seven\*.tmp
C:\Users\Seven\AppData\Local\{*}
C:\Users\Seven\AppData\Local\Temp\*.exe
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
__________________

Alt 05.10.2012, 18:32   #4
mojo22215
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Hier der logfile von schritt 1. :

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 removed from extensions.enabledAddons
Prefs.js: ich@maltegoetz.de:1.4.3 removed from extensions.enabledAddons
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 removed from extensions.enabledAddons
Prefs.js: "199.195.109.21" removed from network.proxy.http
Prefs.js: 9090 removed from network.proxy.http_port
Prefs.js: 2 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar deleted successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\skin folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\it folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\id folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\es folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\en folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\de folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\da folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\modules folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\locale\en-US folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\locale folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\components folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32\chrome folder moved successfully.
C:\ProgramData\AVG Secure Search\12.2.5.32 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
D:\Programme\Winamp\winampa.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Azrove deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dsteegzxzxtwuff deleted successfully.
C:\ProgramData\dsteegzx.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ not found.
File H:\Startme.exe not found.
ADS C:\Users\Seven\AppData\Local\Temp:HVwps2Wks5HfWCfjLdIwUa deleted successfully.
ADS C:\Users\Seven\AppData\Local\Temp:xgxtGMbprvYvdcwHU79JeDWQ deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Seven\*.tmp not found.
File\Folder C:\Users\Seven\AppData\Local\{*} not found.
File\Folder C:\Users\Seven\AppData\Local\Temp\*.exe not found.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Seven\Desktop\cmd.bat deleted successfully.
C:\Users\Seven\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Seven
->Temp folder emptied: 107761056 bytes
->Temporary Internet Files folder emptied: 51513722 bytes
->FireFox cache emptied: 85212260 bytes
->Flash cache emptied: 67283 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 676821 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 234,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10052012_192642

Log zu schritt 3 :


Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/05/2012 um 20:20:32 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Seven - SEVEN-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Seven\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Iminent
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\Users\Seven\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Seven\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=nt

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\prefs.js

Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");

*************************

AdwCleaner[R1].txt - [6411 octets] - [05/10/2012 20:20:32]

########## EOF - C:\AdwCleaner[R1].txt - [6471 octets] ##########
         
Ok nun habe ich auch den letzten schritt getan und kann mein Windows schon im normalen modus starten ohne das der bildschirm kommt hier trotzdem noch der letzt log zu Schritt 4 :
Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/05/2012 um 20:22:57 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Seven - SEVEN-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Seven\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\AVG Secure Search
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Gelöscht mit Neustart : C:\Program Files (x86)\Iminent
Gelöscht mit Neustart : C:\ProgramData\AVG Secure Search
Gelöscht mit Neustart : C:\Users\Seven\AppData\Local\AVG Secure Search
Gelöscht mit Neustart : C:\Users\Seven\AppData\LocalLow\AVG Secure Search
Gelöscht mit Neustart : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\prefs.js

C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");

*************************

AdwCleaner[R1].txt - [6532 octets] - [05/10/2012 20:20:32]
AdwCleaner[R2].txt - [6592 octets] - [05/10/2012 20:22:34]
AdwCleaner[S1].txt - [7413 octets] - [05/10/2012 20:22:57]

########## EOF - C:\AdwCleaner[S1].txt - [7473 octets] ##########
         

Alt 05.10.2012, 19:37   #5
t'john
/// Helfer-Team
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

__________________
Mfg, t'john
Das TB unterstützen

Alt 05.10.2012, 20:09   #6
mojo22215
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



hier der mailware bytes log
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.05.08

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Seven :: SEVEN-PC [Administrator]

05.10.2012 19:38:49
mbam-log-2012-10-05 (19-38-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 398905
Laufzeit: 30 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Seven\ms.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Seven\Downloads\ADLSoft_UnCompressor_1.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\10052012_192642\C_ProgramData\dsteegzx.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\Assasins Creed II\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 05.10.2012, 22:16   #7
t'john
/// Helfer-Team
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Sehr gut!

Wie laeuft der Rechner?


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.10.2012, 22:22   #8
mojo22215
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



der pc läuft wie neu eigentlich alles ok. ich habe AD-Ware nochmal durchlaufen lassen und er hat nichts gefunden. Danke für die hilfe ! )

oke das Emsisoft geht nicht da ich kein service pack 1 habe

Alt 05.10.2012, 23:44   #9
t'john
/// Helfer-Team
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Zitat:
oke das Emsisoft geht nicht da ich kein service pack 1 habe
warum nicht?

Alles Windows Updates einspielen, inkl. Service Pack!
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.10.2012, 23:52   #10
mojo22215
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



hm... er will das irgendwie nicht. Gibts da noch ein anderes programm ?
also sonst läuft er jetzt ja auch super ohne mukken. Oder meinst du da ist noch was drauf ?

Alt 05.10.2012, 23:57   #11
t'john
/// Helfer-Team
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Zitat:
hm... er will das irgendwie nicht.
was heisst das?
Fehlermeldung?

Zitat:
Gibts da noch ein anderes programm ?
Darum gehts nicht.
Ein nicht updatebares WIndows ist Schrott.
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.10.2012, 13:44   #12
mojo22215
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



hat geklappt, hier der log:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 06.10.2012 13:20:13

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Z:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	06.10.2012 13:38:22


Gescannt	511354
Gefunden	0

Scan Ende:	06.10.2012 14:42:58
Scan Zeit:	1:04:36
         

Alt 06.10.2012, 14:46   #13
t'john
/// Helfer-Team
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.11.2012, 05:21   #14
t'john
/// Helfer-Team
 
Weißer Bildschrim nach Modzilla start - Standard

Weißer Bildschrim nach Modzilla start



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Weißer Bildschrim nach Modzilla start
anderer, anleitung, anzeige, bereits, bildschrim, erhalte, finger, geladen, guten, kleine, konnte, leitung, liebe, lieben, modzilla, problem, programm, scheiß, seite, start, starte, starten, verursacht, weiße, weißer




Ähnliche Themen: Weißer Bildschrim nach Modzilla start


  1. weißer BIldschirm nach PC Start.
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (14)
  2. Weißer Bildschirm nach Start
    Log-Analyse und Auswertung - 08.10.2013 (15)
  3. Weißer Bildschirm nach Start
    Log-Analyse und Auswertung - 06.10.2013 (3)
  4. weißer Bildschirm nach dem Start
    Log-Analyse und Auswertung - 25.08.2013 (6)
  5. Weißer Bildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (11)
  6. weißer Bildschrim nach User Login unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (32)
  7. Weißer Bildschirm nach Start Win XP
    Log-Analyse und Auswertung - 03.06.2013 (2)
  8. Weißer Bildschirm nach Start
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (17)
  9. Weißer Bildschrim und OTL Logfiles
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (11)
  10. Weißer Bildschirm nach start. Win XP
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (11)
  11. weißer Bildschrim (windows 7)
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (18)
  12. Weißer Bildschrim nach Modzilla start
    Alles rund um Windows - 04.10.2012 (3)
  13. weißer bildschrim nach start, webseite kann nicht angezeigt werden, taskmanager zeigt sich nur kurz
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (1)
  14. weißer hintergrund nach start
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (29)
  15. Weißer Bildschirm nach Start
    Log-Analyse und Auswertung - 12.09.2012 (13)
  16. Weißer Bildschrim virus
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  17. weißer Bildschrim nach Neustart
    Plagegeister aller Art und deren Bekämpfung - 29.04.2012 (9)

Zum Thema Weißer Bildschrim nach Modzilla start - Guten Tag, habe das selbe Problem wie mach anderer hier und erhalte nach starten des PC's nur einen Weißen bildschrim mit der aufschrift : Programm konnte die seite nicht anzeigen. - Weißer Bildschrim nach Modzilla start...
Archiv
Du betrachtest: Weißer Bildschrim nach Modzilla start auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.