Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: nach gema trojaner der den pc sperrt fehler beim systemstart

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.06.2012, 03:59   #1
lalalula
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



hallo,
ich hab ein problem ich hatte den Gema trojaner drauf, der den pc sperrt.
Und jetzt kommt beim windowsstart
c:\users\maki\appdata\local\temp\jork_0_typ_col.exe
könnte nicht gestartet werden.

ich konnte den trojaner in abgesichtertenmodus mit kaspersky löschen
leider weiss ich nicht wie er hies und eine logdata in kaspersky hab ich noch nicht endeckt.

und ich denke ich hab noch mehr schlimme sachen auf mein pc die kaspersky nicht gefunden hat.

defogger hat kein fehler gehabt. zumindest hat es keine datei auf mein destop gelegt.

die otl daten:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.06.2012 04:33:50 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\maki\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,19% Memory free
15,99 Gb Paging File | 13,92 Gb Available in Paging File | 87,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 4,28 Gb Free Space | 10,71% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,86 Gb Free Space | 79,60% Space Free | Partition Type: NTFS
 
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.29 04:11:47 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
 
[2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions
[2012.06.21 07:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions
[2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.02 16:22:45 | 000,002,059 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml
[2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.07 15:44:06 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI
[2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.12 15:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 15:15:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 15:15:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 15:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 15:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15068 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004.08.28 15:37:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell - "" = AutoRun
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia
[2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 04:22:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 04:22:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 04:17:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 04:17:09 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable
[2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini
[2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.24 05:19:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\loc_pyt_0_kroj.pad
[2012.06.24 05:15:17 | 000,001,895 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.20 05:47:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.17 23:40:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.17 23:40:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.17 23:40:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.17 23:40:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.17 23:40:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 13:42:01 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
 
========== Files Created - No Company Name ==========
 
[2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable
[2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf
[2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.24 05:15:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad
[2012.06.24 05:15:17 | 000,001,895 | ---- | C] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
[2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg
[2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft
[2012.01.04 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Azureus
[2010.11.02 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite
[2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft
[2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ
[2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local
[2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient
[2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble
[2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin
[2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr
[2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio
[2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


und Extra:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.06.2012 04:33:50 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\maki\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,19% Memory free
15,99 Gb Paging File | 13,92 Gb Available in Paging File | 87,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 4,28 Gb Free Space | 10,71% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,86 Gb Free Space | 79,60% Space Free | Partition Type: NTFS
 
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B12A2D-C8FD-4594-8FC2-471F8B8CD29D}" = lport=56239 | protocol=17 | dir=in | name=pando media booster | 
"{083EDC4A-F4C6-48F2-BF0B-8B52E537BAF1}" = lport=56239 | protocol=6 | dir=in | name=pando media booster | 
"{0BA61008-E65B-4860-AF91-D770F5351168}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{0C6597F9-5C2E-4A1C-B0EF-3C47B2BCCC86}" = rport=139 | protocol=6 | dir=out | app=system | 
"{120D1015-9D15-49FA-949E-DFE83562119C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{15E25C59-FC41-4515-A405-DF3533F4EFBC}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{16E8224A-5A5D-4E4C-9BED-48114D4CFEF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20AFCAC8-E3D4-4930-AB67-6D0447544DDD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{220B76DC-D36B-400A-B71F-23D63A8FDD01}" = lport=56239 | protocol=6 | dir=in | name=pando media booster | 
"{2F43D689-3C6A-49FA-AEAF-FC5A9487F35D}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher | 
"{334D3E8D-FEA3-4806-B514-22BB352861FC}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher | 
"{36551E85-BEE0-44E6-B97E-8FED5A28148E}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher | 
"{3922FE1B-ECCF-4C7D-A643-EDC0A2DBB747}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher | 
"{3A8BF361-66F8-4C64-A440-562ED1703C66}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{44A30F58-3D9B-4CDB-8B32-3975E0C5DDAC}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher | 
"{475893E4-6A19-4DAA-A214-843647129EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D6B2B78-6A13-4F4E-B51A-519F5590B5ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4E391BCB-81A3-4138-9E22-927D520825E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50F892AD-D87E-4EB8-9A5E-1F49E405F95A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{54AFEC8B-34B9-4FDE-A364-542DF3ABBCE7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5A8F34B8-2DFC-494E-9B12-C488B78B57AD}" = lport=56943 | protocol=6 | dir=in | name=pando media booster | 
"{5C8E93CF-82BE-46DD-B2F1-626FEAD64ED5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5DCF2294-3975-456B-92DD-75EFBA3FD38D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6168711C-4B11-4EA9-8EF1-657B66C28D40}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | 
"{61F21FE5-CAC6-4A12-ACC1-7F250C465141}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{637F9A14-8175-4EDB-8B1F-2327DABC3C23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6C6C16C9-AC75-4BA8-8294-65055B8AF122}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher | 
"{6D4C8F5E-BA7B-47D3-88D7-0BFAB1426DDD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{70BE25A6-9F35-4E9B-A147-EF68BAEFDEE4}" = lport=56943 | protocol=6 | dir=in | name=pando media booster | 
"{859271AA-1A71-4C8A-B9FA-1B90BD6C1DAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88674E82-8429-4E11-AB90-04533865A181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A969E20-9782-41BD-A965-E3874EF39FE7}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | 
"{9D41D45C-2389-4D71-B5A1-86D276CCDB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A055A39B-8C9A-4FE5-BF44-27B3E0B47290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A0F53810-E536-4D8B-8E0A-9E8D9E0BF10C}" = lport=56943 | protocol=17 | dir=in | name=pando media booster | 
"{A1D68B97-E6F2-40E5-B561-95414BC457B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAC08E18-43F1-44AC-ADDA-7E552A848BEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACD11528-3788-4007-AB63-EFEC6F8626B6}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{B11927D1-1F72-4ED1-9455-D5277C877FC8}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | 
"{B4726FE4-067B-471E-A991-E982C54E35F9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BA270A0A-1BCF-4B72-B731-FCC242909FD9}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher | 
"{BD923188-0C37-45D5-9C83-217641FCE076}" = lport=56943 | protocol=17 | dir=in | name=pando media booster | 
"{C0E7FDCB-0EA2-4DEE-B564-6A7D2CE94DC7}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher | 
"{C18963F2-514A-4558-BBD3-23F50DB1667A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C1ABE3BA-E479-4944-B5CD-6E1F581840A1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C464B320-8A9F-4BD8-A9EF-267B28C9356A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{C6141466-1FDB-47C2-9A44-782D54D3D3B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7CCF420-3921-41CC-898F-C9E64838055F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB85EABF-4727-488C-8DA3-371F548F4AD1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CBE31870-E69F-4DDB-AF50-5B63E0D3FC78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CE2B3187-219D-4B91-9962-195B6DE1FBF3}" = lport=56239 | protocol=17 | dir=in | name=pando media booster | 
"{CFE0B770-24FA-4326-9D8B-09FC173AE7F4}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher | 
"{D229929A-9A76-4920-96DA-BAD4B7E63376}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher | 
"{D2F9E3A6-3AFB-4810-AA19-57F403FD59BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB2BCE3B-332D-4CB1-9B77-B8D18D10D943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB7E4DC1-B9BB-4112-8959-D40F33F0CC65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DE7BC26E-5B80-412F-AB6D-075DF6CCA598}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher | 
"{DEAE600E-FBA3-4B2E-9701-00D223DC760D}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher | 
"{DF266C9A-1AAC-421C-B4F1-47314DD41EEB}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher | 
"{DFA810AB-04DA-437D-86CB-60E1C1A1A2B4}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher | 
"{E0CBCA70-CC77-48AA-911B-D7D647EF1109}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | 
"{EA263BE0-285A-4D56-AA9A-80167E508F94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FC1EE431-D9E2-404D-88D9-0BD9037C3113}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEFCD2BA-0D89-46EA-8C95-B0B23623BF0F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FF05DF33-FF09-4208-8896-4EDE63A7680A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00188318-3434-4561-AB62-8E4B257B686A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{03194B6B-E2EE-41C8-830B-EECF9C574C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{1079138B-F054-44B7-8B51-7EDCF4F0702D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10D70222-8747-4D25-AB3C-656B2F3819C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1A7958F4-96CA-4D22-B4A6-C70908352D3D}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe | 
"{1D1DFF57-E8B7-4F79-990B-EB9CB90A33E6}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{1D5187BE-1470-45AB-A8D3-B219B68A1BBA}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe | 
"{1EC60D01-B2BC-4DB5-A8E2-2234B47F1D01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{2339FE7C-7530-46B9-BE31-1867E2FC9BE6}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{23E94450-FBFA-4290-9109-2578E977FEE2}" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe | 
"{259DAC79-5941-4FB4-AA1B-42A0C32A4B23}" = protocol=6 | dir=in | app=e:\league of legends\game\league of legends.exe | 
"{25D75D12-F54A-4894-BD13-0AA208C66D63}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe | 
"{2FAFA836-C346-4AAF-AFB8-67EB9FCEA65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{342D8C0D-397B-4BBE-90A1-268F2EFAF0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3678F865-7B44-4511-9AE9-B7440BADF9C8}" = protocol=6 | dir=in | app=e:\valve\steam.exe | 
"{3C3DC46A-A6D2-4154-A088-85ED8B911491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{42EAEBC4-FB70-4AF3-AA33-02097CB77BD8}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe | 
"{4397F01D-62DE-4E25-876E-339646BB94B7}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe | 
"{45F700AE-117E-436C-94E7-4180067CFDD8}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{48EB54D3-24F1-40FE-9B6E-75D01D8A879E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{4A9019EA-0EA2-4D43-8CBF-FC961589D46A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{51661261-393D-4D87-A5DB-000A4E47D3D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{52A37D89-6E08-4B21-970A-E643ACB0823A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{543D2457-F83F-4559-B840-A1398DACBEC5}" = dir=in | app=d:\skype\phone\skype.exe | 
"{58495DCF-F7F2-447C-BA8B-01D3954619C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{586C605C-9C69-44D6-BA7D-7B7047142D4A}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe | 
"{5D64EE52-65A8-4EB4-9388-DADE998B2EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5EE0D5D2-0F06-4829-B43C-F71AA4B34028}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{603B1768-668A-4C8E-991E-FDA886042DD1}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike source\hl2.exe | 
"{64269AB3-8E91-4A85-95E2-1632EB71EB8D}" = protocol=6 | dir=in | app=e:\diablo iii beta\diablo iii.exe | 
"{68347310-28BE-47EB-B4CA-2FE5B650CAEF}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{690194C0-23E0-40EA-BB54-C4E311719EFB}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{6BF61799-51D3-4BC5-B171-168248BD0DE6}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike source\hl2.exe | 
"{6C73A531-C280-4782-BC43-0562AE17B971}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6DD0311F-47FB-454C-9E46-EDDF98405691}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{7104320D-59DE-4F8D-B59A-7692081DC74B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{755832E1-00DF-4518-8835-12984B2CA9C3}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{7817D259-95C2-47E7-90DE-F215337B8006}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe | 
"{79228880-ECB4-45E7-A587-F77D72676861}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe | 
"{79A01895-1387-4B10-B778-8E1E5D13B756}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{7A737697-9819-4165-A350-C1F6BD5A129F}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{7F2A932B-D5BA-4E77-A334-2217C670B2C5}" = protocol=17 | dir=in | app=e:\league of legends\air\lolclient.exe | 
"{816D1808-EB8F-4B28-99C0-BB5CE05C5F7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81F7693D-9870-46F8-A36C-A0139783304F}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe | 
"{823DE03C-FBDF-4FD4-96C3-E152FE1E4360}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe | 
"{84A38EE3-D790-4741-9D60-298F77089175}" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe | 
"{8947B655-0002-469F-8745-BADFD9C35B3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9034D00C-A69E-4319-95AB-8C5B425B9D2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{91B953C5-AEAB-4C51-AD3A-1C6497929B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{95DB39AB-E2A9-4908-86C8-3705B5737F65}" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe | 
"{982A40E9-6134-479A-8D09-069C3C5716AF}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe | 
"{985BB86E-BFAA-424D-A773-31F7C9D4CA9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99955B47-9206-4815-94A7-F809FC0D0EE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9AAD7561-0DAD-41B6-8713-58E83B4F5C3B}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{9FD1B678-E526-4193-8DA2-F123EA9DA252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0F1F88A-C62D-462D-BC4F-BF806117EB88}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe | 
"{A4EC1188-5B73-469A-A586-34C548BD5335}" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe | 
"{A81F2578-EEAE-4959-B879-4411EB384A0F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A94B9C9F-936E-4244-AFC5-72174AB6A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BAEF82C4-835F-4367-A516-DB91E81CE7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD48212E-C5DB-4BFB-9619-9A13765590C6}" = protocol=17 | dir=in | app=e:\league of legends\game\league of legends.exe | 
"{BD85C7D2-AD4B-4AF6-978A-BFA095396C53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BF43F9AB-CAA1-45A7-AA21-4AD6A0AF708D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{C6751553-4B32-47EA-8820-24C85FAE0B11}" = protocol=17 | dir=in | app=e:\diablo iii beta\diablo iii.exe | 
"{C7D2BCFE-CA0F-480D-B651-3E7822173AD4}" = protocol=17 | dir=in | app=e:\valve\steam.exe | 
"{C867EAEA-383B-409F-BA1D-18DCE0F757F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CBD8350C-FA20-4600-9672-D44B89F69FE4}" = protocol=6 | dir=in | app=e:\league of legends\air\lolclient.exe | 
"{CF5E2B61-5895-43E3-9AEA-63E2E57C7799}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe | 
"{D0AE6C02-42B3-46EA-9E17-1B6B35F71FC6}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{D46CF4A7-31E4-4406-9842-DD4D12A7D282}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{D9420C8C-8D8F-4500-8E0D-813452A43E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{DCDD9190-C759-46DE-B576-97C007FE9861}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DF27D0F3-2B1D-495F-B606-63BBC4672BD5}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{DFB6E3AE-F3AF-4704-B502-3D9E6802E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{E29C5FF4-6A58-4F48-8E70-46FB2A58DBED}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{E4560C4C-E7B9-4BFB-BCC8-FE88E5458F96}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{E8681331-6DEA-41EE-9EB8-AB9D8C0E76D0}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{EAAE6A74-1A56-49AD-BDDE-A8B6DBD12071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EF59237D-E24A-4E15-959A-F9CE7E008808}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{F0708F61-4C61-4B6C-95C1-DDFA9695840A}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe | 
"{F0A22330-7EE7-41A1-B960-2856F4A86C5F}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{F11C738C-4C11-4726-98FB-CD3D8A44297D}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe | 
"{F5E5673B-566E-45DF-A886-CD14048260A3}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{F972F9D6-77FD-4120-A5F0-B245AEB41688}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FA1EAAAE-D883-40AD-B484-304263CB4415}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe | 
"{FE5AD9D2-0D9F-446F-A309-051BAE358B54}" = protocol=6 | dir=out | app=system | 
"{FE7916AA-5C5F-4856-AFE7-350B53FC6562}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{16FE1040-395B-44AE-975A-FAC82B4E1698}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{1DD18B8F-6081-47D2-9B83-01279FF8EBAC}C:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe | 
"TCP Query User{1E3BC40D-FF7A-4779-A554-51F3AAD43854}E:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{217898EF-70F7-4736-97F5-7EF03E3DA321}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{23C9C9CF-F915-4ED7-90CD-B235097CA957}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{2759EFEC-7BD4-4F1A-80C2-52CA77AA603A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"TCP Query User{2EA84010-7011-4DE5-AA0B-E70BC191DD46}E:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{49D9CC1C-16CE-45F8-AA93-3F14A2BFB405}E:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{4C00B47E-5272-44CC-89FF-FD3A75B74616}E:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe | 
"TCP Query User{4C77765D-C99A-433E-BAF0-984DA0612844}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{4D69F569-1FE0-4CAB-B37A-DC11F7D7D5D4}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{51E4F43B-D6E6-43F3-AB02-DF63889B60AB}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{5EABBEE1-38D5-4BDA-BD4B-B635CC2EA9D4}E:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\blizzard downloader.exe | 
"TCP Query User{6415E3DC-6443-4280-A51D-1B347986F6C0}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{901B7E10-51F9-474A-B615-CB41A350C170}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe | 
"TCP Query User{9AB5B951-9C49-446E-8954-193F490879A6}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{AA11E205-B7F0-4350-93B0-A789FAD9CE03}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{ACD821E2-86BC-43A8-8192-46C3E24CD5C0}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{AD8ECCCE-D018-4E60-B1A9-0822BAAEC43F}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{AFEC8B82-A948-43F8-B307-111619454E60}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{B70A5157-A3C4-49FC-9E99-4F23A34FC17D}E:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{BF93D70F-135F-46FB-81ED-A86E71B1C874}C:\users\maki\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\maki\downloads\starcraft_2_eu_de-de.exe | 
"TCP Query User{BFEBF612-9498-4990-A88B-F8FA1A4B43A3}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{CE903C5A-F256-420E-A4A0-E5D350F96E9D}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{CF9D3D88-26C9-4ADA-82CB-B27F81547BAE}E:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{D01BAA9B-81BD-4A4E-8292-F58680DB2D55}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{D993C068-0722-4F76-811E-4C1D1EE7B07B}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | 
"TCP Query User{DC48E084-EE8F-4BA7-8A95-355522694B35}E:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{E3A5C123-5C38-4600-A1E6-86B5599B19DC}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"TCP Query User{E94D7D63-EBF2-414C-97DC-B2DB7B16C9F5}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EE663DCF-3594-4C43-B1FE-5B0E456895DC}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{EF7A8780-D2B2-49EF-AF69-AE1314CCEAB4}E:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{F1021219-4991-45D9-9ACE-71FA551E95D6}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
"TCP Query User{F3781D47-9E57-43CE-8974-038E7A550AEE}E:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{008A63AD-AA38-491F-A6EC-E25F8D707968}E:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\team fortress 2\hl2.exe | 
"UDP Query User{021D78C9-C74D-4A86-AB6C-962AAE98F90D}E:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{03253933-9422-48F9-88CB-EC873F6F4CD6}E:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{07F97C36-53B2-4755-A126-7A8223F919E9}E:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{0845C00D-526B-42A3-A593-F0FC37AAC594}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{08F74434-C870-4B1B-A27F-C64E9335C0FB}E:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{0AA1F2E0-E554-4D19-9BAC-BBA6B91E3E82}E:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{209320CC-16FF-44DC-A4DC-BB2A1BDA632D}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{3B988D18-B2DA-4F3D-BAA8-D9A32D58700D}C:\users\maki\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\maki\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{43A4B2C2-05C9-4B7B-8081-FED47ED89512}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{51D38C14-7ED7-4138-8B29-152898EDA0A5}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{527BE6B7-44F9-4E23-B229-0F5E364A1EDF}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{563C2772-DF4E-46B5-8EB5-8A0777940BB5}E:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{5DDFDB42-FF21-4139-8605-E2B175D72104}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"UDP Query User{72413AC5-D162-4B26-8D4A-2710A433E892}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{78548A1A-8C30-409B-B89E-98D599C1730D}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{7B7C621B-9BA1-497F-8D08-2992CD3EFE55}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe | 
"UDP Query User{84FFF629-8834-4C58-BF0A-868CA6239133}E:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{89F233B7-2996-47F3-904E-70BE187E781B}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{97D0BEF5-8225-44E3-A934-99F04AEB1B11}E:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{98A98762-422F-4C6F-9EE1-23E2BE49823D}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{AB7B1780-9C9B-4ECE-8B75-67D621EBB483}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{AD208A88-C402-49A6-8941-E6ECD284B145}C:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\maki\appdata\local\temp\nsi1778.tmp\setup.exe | 
"UDP Query User{ADC4BB8F-7E4F-4090-9F04-E39251D504F5}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{AF8EE3E6-1A6C-417E-8D24-74ECF5534938}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
"UDP Query User{BC518AED-B957-4968-A2A3-E532D7B0ED8C}E:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{C1B6FDAD-D268-4D8F-9CE6-0E1F4387F20A}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{DB829D66-8FA2-4C55-A25D-4D01B4C73CFA}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{DB9DBCD3-9A43-4383-B9C9-475755D46823}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{E2F3AF79-C525-4D66-87B2-439E0BD2141D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{E75115C1-9754-468A-B0D3-F936FD97C9FD}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{F2CB6110-4F18-42BD-9DE8-43B6973BF2E8}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | 
"UDP Query User{F60AC854-F0EA-401C-98AF-778146B7A697}E:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{F7F9992D-33D4-47C3-9686-A21031A8133B}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2012 21:59:00 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0x1458  Startzeit der fehlerhaften Anwendung:
 0x01cd51acc906cd0c  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 2a45d776-bda0-11e1-b8ca-20cf30958817
 
Error - 23.06.2012 23:16:43 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x624  Startzeit der fehlerhaften Anwendung: 0x01cd51550bb95001
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 056a5835-bdab-11e1-b8ca-20cf30958817
 
Error - 23.06.2012 23:43:24 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x564  Startzeit der fehlerhaften Anwendung: 0x01cd51b9e6286a09
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 bf7da8a7-bdae-11e1-84c0-20cf30958817
 
Error - 23.06.2012 23:46:48 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x570  Startzeit der fehlerhaften Anwendung: 0x01cd51bba556ee31
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 391e0711-bdaf-11e1-8550-20cf30958817
 
Error - 24.06.2012 09:20:37 | Computer Name = ma | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-1477837245-3929076867-2894469876-1000\$RJYMF32.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 24.06.2012 13:56:23 | Computer Name = ma | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 0077467drv.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 24.06.2012 13:56:23 | Computer Name = ma | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 08076179.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 24.06.2012 15:03:52 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5b8  Startzeit der fehlerhaften Anwendung: 0x01cd521f90e5a126
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 56442a4b-be2f-11e1-9125-20cf30958817
 
Error - 27.06.2012 12:26:19 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5e0  Startzeit der fehlerhaften Anwendung: 0x01cd544a0f0ee71a
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 d32df8c8-c074-11e1-a943-20cf30958817
 
Error - 28.06.2012 20:02:05 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5c4  Startzeit der fehlerhaften Anwendung: 0x01cd554876a9f474
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 a8f4043b-c17d-11e1-af55-20cf30958817
 
[ System Events ]
Error - 28.06.2012 12:09:58 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.06.2012 12:10:54 | Computer Name = ma | Source = DCOM | ID = 10010
Description = 
 
Error - 28.06.2012 20:02:06 | Computer Name = ma | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 28.06.2012 20:02:06 | Computer Name = ma | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 28.06.2012 20:02:06 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1069
 
Error - 28.06.2012 21:57:25 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.06.2012 21:59:28 | Computer Name = ma | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 28.06.2012 22:16:21 | Computer Name = ma | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 28.06.2012 22:17:15 | Computer Name = ma | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?06.?2012 um 04:16:14 unerwartet heruntergefahren.
 
Error - 28.06.2012 22:17:19 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---






ich bedanke mich schonmal für die hilfe und ich hoffe ich hab kein fehler gemacht.

und die zipdatei.

Geändert von lalalula (29.06.2012 um 04:04 Uhr)

Alt 29.06.2012, 05:03   #2
kira
/// Helfer-Team
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach installation in der Log-Datei soll etwa so aussehen:
Zitat:
Folder = C:\Users\***\Desktop
3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
nur prüfen!
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 29.06.2012, 06:06   #3
lalalula
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



also der einzige fehler der mir jetzt aufgefallen ist ist [das ich es nicht auf den destop gespeichert habt] der rest stand nicht in der hilfe.

also ihr die logs von Malwarebytes Anti-Malware
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
maki :: MA [Administrator]

Schutz: Aktiviert

25.06.2012 18:11:30
mbam-log-2012-06-25 (18-11-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 686
Laufzeit: 9 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
otl log
Code:
ATTFilter
OTL logfile created on: 29.06.2012 06:57:16 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\maki\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,87 Gb Available Physical Memory | 60,89% Memory free
15,99 Gb Paging File | 12,68 Gb Available in Paging File | 79,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 4,72 Gb Free Space | 11,81% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,86 Gb Free Space | 79,60% Space Free | Partition Type: NTFS
 
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
 
[2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions
[2012.06.21 07:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions
[2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.02 16:22:45 | 000,002,059 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml
[2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.07 15:44:06 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI
[2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.12 15:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 15:15:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 15:15:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 15:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 15:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15068 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004.08.28 15:37:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell - "" = AutoRun
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 06:41:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe
[2012.06.29 06:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.29 06:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.29 06:36:27 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe
[2012.06.29 06:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
[2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia
[2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 06:53:20 | 000,000,512 | ---- | M] () -- C:\Users\maki\Desktop\MBR.dat
[2012.06.29 06:42:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe
[2012.06.29 06:37:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.29 06:36:36 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe
[2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
[2012.06.29 04:57:16 | 000,027,861 | ---- | M] () -- C:\Users\maki\Desktop\logfiles.rar
[2012.06.29 04:47:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 04:47:06 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 04:41:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 04:41:53 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable
[2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini
[2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.24 05:19:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\loc_pyt_0_kroj.pad
[2012.06.24 05:15:17 | 000,001,895 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.20 05:47:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.17 23:40:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.17 23:40:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.17 23:40:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.17 23:40:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.17 23:40:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 13:42:01 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
 
========== Files Created - No Company Name ==========
 
[2012.06.29 06:53:20 | 000,000,512 | ---- | C] () -- C:\Users\maki\Desktop\MBR.dat
[2012.06.29 06:37:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.29 04:57:16 | 000,027,861 | ---- | C] () -- C:\Users\maki\Desktop\logfiles.rar
[2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable
[2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf
[2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.24 05:15:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad
[2012.06.24 05:15:17 | 000,001,895 | ---- | C] () -- C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
[2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg
[2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft
[2012.01.04 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Azureus
[2010.11.02 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite
[2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft
[2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ
[2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local
[2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient
[2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble
[2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin
[2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr
[2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio
[2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
der otl extra hat sich nicht verändert.

ccleaner software
Code:
ATTFilter
Adobe AIR	Adobe Systems Inc.	16.01.2011		2.5.1.17730
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	06.11.2011	6,00MB	11.0.1.152
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.06.2012	6,00MB	11.3.300.257
Adobe Reader X (10.0.1) - Deutsch	Adobe Systems Incorporated	13.02.2011	115MB	10.0.1
Alice Madness Returns	Electronic Arts	18.02.2012	64,9MB	1.0.0.0
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	29.04.2012	26,2MB	8.0.873.0
Apple Application Support	Apple Inc.	06.07.2011	52,8MB	1.4.1
Apple Software Update	Apple Inc.	06.07.2011	2,15MB	2.1.1.116
Battlefield 3™	Electronic Arts	11.11.2011		1.0.0.0
Battlelog Web Plugins	EA Digital Illusions CE AB	10.06.2012		1.122.0
CCleaner	Piriform	22.06.2012		3.20
Curse Client	Curse	29.03.2012		4.0.1.260
D-Fend Reloaded 1.2.1 (deinstallieren)	Alexander Herzog	06.02.2012		1.2.1
DAEMON Tools Toolbar	DT Soft Ltd	02.11.2010		1.1.2.0185
Diablo III	Blizzard Entertainment	23.06.2012		1.0.3.10057
DivX-Setup	DivX, LLC	21.01.2011		2.3.0.20
Edna Bricht Aus 6.3		12.06.2012		
ESN Sonar	ESN Social Software AB	10.06.2012		0.70.4
Fiesta Online(EU_German) 1.04.000	gamigo Games	04.09.2011		1.04.000
Free YouTube Download version 3.0.22.221	DVDVideoSoft Ltd.	12.03.2012	60,5MB	3.0.22.221
Free YouTube to MP3 Converter version 3.10.17.221	DVDVideoSoft Ltd.	12.03.2012	71,5MB	3.10.17.221
GOM Player	Gretech Corporation	01.05.2012		2.1.40.5106
GOMTV Streamer	Gretech Corporation	14.03.2012		1.0.0.26
Guitar Pro 5.2	Arobas Music	12.02.2011		
ICQ7.2	ICQ	02.11.2010		7.2
Java(TM) 6 Update 24	Oracle	15.01.2011	94,9MB	6.0.240
Kaspersky Internet Security 2012	Kaspersky Lab	24.06.2012		12.0.0.374
League of Legends	Riot Games	18.01.2011		1.02.0000
Logitech GamePanel Software 2.00	Logitech	02.11.2010	11,2MB	2.00.171
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	25.06.2012	18,0MB	1.61.0.1400
McAfee Security Scan Plus	McAfee, Inc.	06.12.2010	8,30MB	2.0.181.2
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.11.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.11.2010	2,93MB	4.0.30319
Microsoft Office Professional Edition 2003	Microsoft Corporation	13.05.2012	1,10GB	11.0.8173.0
Microsoft Silverlight	Microsoft Corporation	13.05.2012	180MB	4.1.10329.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	14.04.2011	790KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	14.04.2011	598KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	04.11.2010	252KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	31.10.2010	788KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	18.02.2012	234KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.11.2011	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	09.01.2011	594KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	12.11.2011	15,2MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	12.11.2011	15,0MB	10.0.40219
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	17.06.2012	35,8MB	13.0.1
Mozilla Maintenance Service	Mozilla	17.06.2012	309KB	13.0.1
Mumble and Murmur	Mumble	03.11.2010		1.2.2
NEC Electronics USB 3.0 Host Controller Driver	NEC Electronics Corporation	31.10.2010	993KB	1.0.19.0
Origin	Electronic Arts, Inc.	05.03.2012		8.5.0.4550
Paint.NET v3.5.10	dotPDN LLC	15.05.2012	10,6MB	3.60.0
Pando Media Booster	Pando Networks Inc.	04.09.2011	5,46MB	2.3.6.0
Pflanzen gegen Zombies	PopCap Games	10.04.2011		
PunkBuster Services	Even Balance, Inc.	15.02.2012		0.991
QuickTime	Apple Inc.	06.07.2011	73,6MB	7.69.80.9
Realtek Ethernet Controller Driver For Windows 7	Realtek	31.10.2010		7.15.209.2010
Skype™ 5.8	Skype Technologies S.A.	20.03.2012	19,0MB	5.8.158
Star Wars: The Old Republic	Electronic Arts, Inc.	10.01.2012	26,7MB	1.00
StarCraft II	Blizzard Entertainment	22.02.2012		1.4.3.21029
Team Fortress 2	Valve	30.06.2011		
TeamSpeak 3 Client	TeamSpeak Systems GmbH	04.11.2010		
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	31.10.2010	2,61MB	1.34
VLC media player 1.1.4	VideoLAN	02.11.2010		1.1.4
Vuze	Vuze Inc.	05.11.2010		4.5
Warcraft III		31.05.2011		
Warcraft III: All Products		31.05.2011		
Winamp (remove only)		02.11.2010		
Windows Live Anmelde-Assistent	Microsoft Corporation	23.06.2012	1,93MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	23.06.2012		14.0.8117.0416
Windows Live OneCare safety scanner	Microsoft Corporation	03.12.2010		
Windows Live-Uploadtool	Microsoft Corporation	23.06.2012	224KB	14.0.8014.1029
WinRAR		03.12.2010		
World of Warcraft	Blizzard Entertainment	18.04.2012		4.3.4.15595
Zip Motion Block Video codec (Remove Only)	DOSBox Team	06.02.2012
         
und aswmbr

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-29 06:49:37
-----------------------------
06:49:37.123    OS Version: Windows x64 6.1.7600 
06:49:37.123    Number of processors: 6 586 0xA00
06:49:37.123    ComputerName: MA  UserName: 
06:49:37.450    Initialize success
06:49:41.615    AVAST engine defs: 12062900
06:49:43.768    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:49:43.768    Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
06:49:43.784    Disk 0 MBR read successfully
06:49:43.784    Disk 0 MBR scan
06:49:43.799    Disk 0 Windows 7 default MBR code
06:49:43.815    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
06:49:43.831    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        40900 MB offset 206848
06:49:43.846    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       204800 MB offset 83970048
06:49:43.862    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS      1661927 MB offset 503400448
06:49:43.893    Disk 0 scanning C:\Windows\system32\drivers
06:49:53.643    Service scanning
06:50:09.555    Modules scanning
06:50:09.571    Disk 0 trace - called modules:
06:50:10.101    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
06:50:10.117    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bd0060]
06:50:10.117    3 CLASSPNP.SYS[fffff880019a643f] -> nt!IofCallDriver -> [0xfffffa8007b089b0]
06:50:10.132    5 ACPI.sys[fffff88000ed8781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007bc8060]
06:50:10.444    AVAST engine scan C:\Windows
06:50:12.425    AVAST engine scan C:\Windows\system32
06:52:51.062    AVAST engine scan C:\Windows\system32\drivers
06:53:03.105    AVAST engine scan C:\Users\maki
06:53:20.172    Disk 0 MBR has been saved successfully to "C:\Users\maki\Desktop\MBR.dat"
06:53:20.187    The log file has been saved successfully to "C:\Users\maki\Desktop\aswMBR.txt"
         
__________________

Alt 30.06.2012, 04:57   #4
kira
/// Helfer-Team
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



1.
Deinstalliere unter Systemsteuerung-> Software/Programme:
Code:
ATTFilter
DAEMON Tools Toolbar
         
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
ATTFilter
McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!
         
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.


3.
deinstalliere:
Code:
ATTFilter
Azureus
Vuze
         
die Nutzung der von Filesharing (Filesharing (deutsch "Dateifreigabe" oder "gemeinsamer Dateizugriff", wörtlich "Dateien teilen") )- Plattformen ...
Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du glaubst, dass Du ein „sicheres“ P2P Programm verwendest, nicht mal das Programm selbst sicher, da Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!
Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen!

4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2010.11.02 16:22:45 | 000,002,059 | ---- | M] () -- C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml
[2012.02.12 15:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 15:15:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 15:15:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 15:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 15:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004.08.28 15:37:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell - "" = AutoRun
O33 - MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE

:Files
C:\ProgramData\loc_pyt_0_kroj.pad
C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\Users\maki\AppData\Roaming\Azureus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

5.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

6.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

9.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

10.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

11.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
C:\Users\maki\Desktop\ghjghkdghkd.m3u
         
kann auch von Malware stammen..?!

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 30.06.2012, 09:57   #5
lalalula
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



die erste otl datei

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\maki\AppData\Roaming\Mozilla\FireFox\Profiles\hgob6l6f.default\user.js moved successfully.
C:\Users\maki\AppData\Roaming\Mozilla\Firefox\Profiles\hgob6l6f.default\searchplugins\daemon-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
E:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e3b4f0-e6b4-11df-b37a-20cf30958817}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\SETUP.EXE not found.
========== FILES ==========
C:\ProgramData\loc_pyt_0_kroj.pad moved successfully.
C:\Users\maki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\tmp\AZU5117626480262246311.tmp folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\hvi folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\logs\save folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\maki\AppData\Roaming\Azureus folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\maki\Desktop\cmd.bat deleted successfully.
C:\Users\maki\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: maki
->Temp folder emptied: 73720607 bytes
->Temporary Internet Files folder emptied: 102664433 bytes
->Java cache emptied: 61181 bytes
->FireFox cache emptied: 172174997 bytes
->Flash cache emptied: 192157 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316037242 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045735 bytes
RecycleBin emptied: 20778760 bytes
 
Total Files Cleaned = 688,00 mb
 
 
OTL by OldTimer - Version 3.2.53.0 log created on 06302012_065214

Files\Folders moved on Reboot...
C:\Users\maki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\maki\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
die SUPERAntiSpyware datei
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/30/2012 at 08:02 AM

Application Version : 5.5.1006

Core Rules Database Version : 8825
Trace Rules Database Version: 6637

Scan type       : Complete Scan
Total Scan Time : 00:45:15

Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 767
Memory threats detected   : 0
Registry items scanned    : 65936
Registry threats detected : 0
File items scanned        : 62670
File threats detected     : 11

Adware.Tracking Cookie
	C:\Users\maki\AppData\Roaming\Microsoft\Windows\Cookies\NJEMV0G0.txt [ /atdmt.combing.com ]
	.im.banner.t-online.de [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
	.eaeacom.112.2o7.net [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]
	insight.torbit.com [ C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Krpytik
	E:\STARCARFT SAMMLUNG\STARCRAFT\REGSETUP.EXE
	E:\STARCARFT SAMMLUNG\STARCRAFTS\REGSETUP.EXE
         

otl datei.
Code:
ATTFilter
OTL logfile created on: 30.06.2012 09:45:04 - Run 4
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\maki\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,46 Gb Available Physical Memory | 68,22% Memory free
15,99 Gb Paging File | 12,94 Gb Available in Paging File | 80,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 5,50 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS
 
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
PRC - [2012.06.17 16:16:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.13 13:43:32 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.17 16:16:11 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.13 13:43:32 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
 
[2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions
[2012.06.30 03:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions
[2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.30 03:17:36 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI
[2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15068 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.30 09:19:42 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.30 09:19:29 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.30 09:19:28 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.30 09:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.30 07:23:35 | 000,000,000 | ---D | C] -- C:\Users\maki\Desktop\d3 talente
[2012.06.30 07:16:08 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.30 07:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.30 07:01:45 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.30 07:01:45 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.30 06:59:34 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\maki\Desktop\jre-7u5-windows-x64.exe
[2012.06.30 06:52:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.29 06:41:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe
[2012.06.29 06:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.29 06:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.29 06:36:27 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe
[2012.06.29 06:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
[2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.19 16:11:33 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 16:11:33 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 16:11:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 16:11:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 16:11:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 16:11:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 16:10:51 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 16:10:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia
[2012.06.13 03:00:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 03:00:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 03:00:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 03:00:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 03:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 03:00:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 03:00:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 03:00:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 03:00:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 03:00:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 03:00:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 03:00:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 03:00:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.12 22:43:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.12 22:43:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.12 22:43:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.12 22:43:18 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.12 22:43:18 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.12 22:43:18 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.12 22:43:09 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.12 22:43:02 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.12 22:43:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.30 09:44:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 09:44:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 09:38:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.30 09:38:53 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 09:19:15 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.30 09:19:15 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.30 09:19:15 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.30 09:19:15 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.30 09:19:15 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.30 07:15:25 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.30 07:09:30 | 001,393,418 | ---- | M] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg
[2012.06.30 06:59:46 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\maki\Desktop\jre-7u5-windows-x64.exe
[2012.06.29 07:05:30 | 000,004,091 | ---- | M] () -- C:\Users\maki\Desktop\logfiles teil 2.rar
[2012.06.29 07:04:55 | 000,028,070 | ---- | M] () -- C:\Users\maki\Desktop\logfiles.rar
[2012.06.29 06:42:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe
[2012.06.29 06:37:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.29 06:36:36 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\maki\Desktop\ccsetup320.exe
[2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
[2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable
[2012.06.28 18:18:33 | 002,714,795 | ---- | M] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip
[2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini
[2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.20 05:47:48 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.20 05:47:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.17 23:40:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.17 23:40:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.17 23:40:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.17 23:40:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.17 23:40:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 13:43:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.13 13:43:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.13 13:42:01 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012.06.30 07:15:25 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.30 07:09:22 | 001,393,418 | ---- | C] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg
[2012.06.29 07:04:55 | 000,004,091 | ---- | C] () -- C:\Users\maki\Desktop\logfiles teil 2.rar
[2012.06.29 06:37:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.29 04:57:16 | 000,028,070 | ---- | C] () -- C:\Users\maki\Desktop\logfiles.rar
[2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable
[2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf
[2012.06.28 18:18:32 | 002,714,795 | ---- | C] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip
[2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
[2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg
[2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft
[2012.06.30 07:04:12 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite
[2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft
[2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ
[2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local
[2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient
[2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble
[2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin
[2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr
[2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio
[2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >
         
extras

Code:
ATTFilter
OTL Extras logfile created on: 30.06.2012 09:45:04 - Run 4
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\maki\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,46 Gb Available Physical Memory | 68,22% Memory free
15,99 Gb Paging File | 12,94 Gb Available in Paging File | 80,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 5,50 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS
 
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B12A2D-C8FD-4594-8FC2-471F8B8CD29D}" = lport=56239 | protocol=17 | dir=in | name=pando media booster | 
"{083EDC4A-F4C6-48F2-BF0B-8B52E537BAF1}" = lport=56239 | protocol=6 | dir=in | name=pando media booster | 
"{0BA61008-E65B-4860-AF91-D770F5351168}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{0C6597F9-5C2E-4A1C-B0EF-3C47B2BCCC86}" = rport=139 | protocol=6 | dir=out | app=system | 
"{120D1015-9D15-49FA-949E-DFE83562119C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{15E25C59-FC41-4515-A405-DF3533F4EFBC}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{16E8224A-5A5D-4E4C-9BED-48114D4CFEF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20AFCAC8-E3D4-4930-AB67-6D0447544DDD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{220B76DC-D36B-400A-B71F-23D63A8FDD01}" = lport=56239 | protocol=6 | dir=in | name=pando media booster | 
"{2F43D689-3C6A-49FA-AEAF-FC5A9487F35D}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher | 
"{334D3E8D-FEA3-4806-B514-22BB352861FC}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher | 
"{36551E85-BEE0-44E6-B97E-8FED5A28148E}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher | 
"{3922FE1B-ECCF-4C7D-A643-EDC0A2DBB747}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher | 
"{3A8BF361-66F8-4C64-A440-562ED1703C66}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{44A30F58-3D9B-4CDB-8B32-3975E0C5DDAC}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher | 
"{475893E4-6A19-4DAA-A214-843647129EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D6B2B78-6A13-4F4E-B51A-519F5590B5ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4E391BCB-81A3-4138-9E22-927D520825E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50F892AD-D87E-4EB8-9A5E-1F49E405F95A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{54AFEC8B-34B9-4FDE-A364-542DF3ABBCE7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5A8F34B8-2DFC-494E-9B12-C488B78B57AD}" = lport=56943 | protocol=6 | dir=in | name=pando media booster | 
"{5C8E93CF-82BE-46DD-B2F1-626FEAD64ED5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5DCF2294-3975-456B-92DD-75EFBA3FD38D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6168711C-4B11-4EA9-8EF1-657B66C28D40}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | 
"{61F21FE5-CAC6-4A12-ACC1-7F250C465141}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{637F9A14-8175-4EDB-8B1F-2327DABC3C23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6C6C16C9-AC75-4BA8-8294-65055B8AF122}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher | 
"{6D4C8F5E-BA7B-47D3-88D7-0BFAB1426DDD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{70BE25A6-9F35-4E9B-A147-EF68BAEFDEE4}" = lport=56943 | protocol=6 | dir=in | name=pando media booster | 
"{859271AA-1A71-4C8A-B9FA-1B90BD6C1DAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88674E82-8429-4E11-AB90-04533865A181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A969E20-9782-41BD-A965-E3874EF39FE7}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | 
"{9D41D45C-2389-4D71-B5A1-86D276CCDB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A055A39B-8C9A-4FE5-BF44-27B3E0B47290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A0F53810-E536-4D8B-8E0A-9E8D9E0BF10C}" = lport=56943 | protocol=17 | dir=in | name=pando media booster | 
"{A1D68B97-E6F2-40E5-B561-95414BC457B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAC08E18-43F1-44AC-ADDA-7E552A848BEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACD11528-3788-4007-AB63-EFEC6F8626B6}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{B11927D1-1F72-4ED1-9455-D5277C877FC8}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | 
"{B4726FE4-067B-471E-A991-E982C54E35F9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BA270A0A-1BCF-4B72-B731-FCC242909FD9}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher | 
"{BD923188-0C37-45D5-9C83-217641FCE076}" = lport=56943 | protocol=17 | dir=in | name=pando media booster | 
"{C0E7FDCB-0EA2-4DEE-B564-6A7D2CE94DC7}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher | 
"{C18963F2-514A-4558-BBD3-23F50DB1667A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C1ABE3BA-E479-4944-B5CD-6E1F581840A1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C464B320-8A9F-4BD8-A9EF-267B28C9356A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{C6141466-1FDB-47C2-9A44-782D54D3D3B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7CCF420-3921-41CC-898F-C9E64838055F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB85EABF-4727-488C-8DA3-371F548F4AD1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CBE31870-E69F-4DDB-AF50-5B63E0D3FC78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CE2B3187-219D-4B91-9962-195B6DE1FBF3}" = lport=56239 | protocol=17 | dir=in | name=pando media booster | 
"{CFE0B770-24FA-4326-9D8B-09FC173AE7F4}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher | 
"{D229929A-9A76-4920-96DA-BAD4B7E63376}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher | 
"{D2F9E3A6-3AFB-4810-AA19-57F403FD59BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB2BCE3B-332D-4CB1-9B77-B8D18D10D943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB7E4DC1-B9BB-4112-8959-D40F33F0CC65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DE7BC26E-5B80-412F-AB6D-075DF6CCA598}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher | 
"{DEAE600E-FBA3-4B2E-9701-00D223DC760D}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher | 
"{DF266C9A-1AAC-421C-B4F1-47314DD41EEB}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher | 
"{DFA810AB-04DA-437D-86CB-60E1C1A1A2B4}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher | 
"{E0CBCA70-CC77-48AA-911B-D7D647EF1109}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | 
"{EA263BE0-285A-4D56-AA9A-80167E508F94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FC1EE431-D9E2-404D-88D9-0BD9037C3113}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEFCD2BA-0D89-46EA-8C95-B0B23623BF0F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FF05DF33-FF09-4208-8896-4EDE63A7680A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00188318-3434-4561-AB62-8E4B257B686A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1079138B-F054-44B7-8B51-7EDCF4F0702D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10D70222-8747-4D25-AB3C-656B2F3819C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1A7958F4-96CA-4D22-B4A6-C70908352D3D}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe | 
"{1D1DFF57-E8B7-4F79-990B-EB9CB90A33E6}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{1D5187BE-1470-45AB-A8D3-B219B68A1BBA}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe | 
"{2339FE7C-7530-46B9-BE31-1867E2FC9BE6}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{25D75D12-F54A-4894-BD13-0AA208C66D63}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe | 
"{2FAFA836-C346-4AAF-AFB8-67EB9FCEA65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{342D8C0D-397B-4BBE-90A1-268F2EFAF0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3678F865-7B44-4511-9AE9-B7440BADF9C8}" = protocol=6 | dir=in | app=e:\valve\steam.exe | 
"{3C3DC46A-A6D2-4154-A088-85ED8B911491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{42EAEBC4-FB70-4AF3-AA33-02097CB77BD8}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe | 
"{4397F01D-62DE-4E25-876E-339646BB94B7}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe | 
"{48EB54D3-24F1-40FE-9B6E-75D01D8A879E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{4A9019EA-0EA2-4D43-8CBF-FC961589D46A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{51661261-393D-4D87-A5DB-000A4E47D3D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{52A37D89-6E08-4B21-970A-E643ACB0823A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{543D2457-F83F-4559-B840-A1398DACBEC5}" = dir=in | app=d:\skype\phone\skype.exe | 
"{586C605C-9C69-44D6-BA7D-7B7047142D4A}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe | 
"{5D64EE52-65A8-4EB4-9388-DADE998B2EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5EE0D5D2-0F06-4829-B43C-F71AA4B34028}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{690194C0-23E0-40EA-BB54-C4E311719EFB}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{6C73A531-C280-4782-BC43-0562AE17B971}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6DD0311F-47FB-454C-9E46-EDDF98405691}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{7104320D-59DE-4F8D-B59A-7692081DC74B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{755832E1-00DF-4518-8835-12984B2CA9C3}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{7817D259-95C2-47E7-90DE-F215337B8006}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe | 
"{79228880-ECB4-45E7-A587-F77D72676861}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe | 
"{7A737697-9819-4165-A350-C1F6BD5A129F}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{816D1808-EB8F-4B28-99C0-BB5CE05C5F7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81F7693D-9870-46F8-A36C-A0139783304F}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe | 
"{823DE03C-FBDF-4FD4-96C3-E152FE1E4360}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe | 
"{8947B655-0002-469F-8745-BADFD9C35B3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9034D00C-A69E-4319-95AB-8C5B425B9D2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{91B953C5-AEAB-4C51-AD3A-1C6497929B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{982A40E9-6134-479A-8D09-069C3C5716AF}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe | 
"{985BB86E-BFAA-424D-A773-31F7C9D4CA9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99955B47-9206-4815-94A7-F809FC0D0EE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9AAD7561-0DAD-41B6-8713-58E83B4F5C3B}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{9FD1B678-E526-4193-8DA2-F123EA9DA252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0F1F88A-C62D-462D-BC4F-BF806117EB88}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe | 
"{A81F2578-EEAE-4959-B879-4411EB384A0F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A94B9C9F-936E-4244-AFC5-72174AB6A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BAEF82C4-835F-4367-A516-DB91E81CE7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD85C7D2-AD4B-4AF6-978A-BFA095396C53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{C7D2BCFE-CA0F-480D-B651-3E7822173AD4}" = protocol=17 | dir=in | app=e:\valve\steam.exe | 
"{C867EAEA-383B-409F-BA1D-18DCE0F757F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CF5E2B61-5895-43E3-9AEA-63E2E57C7799}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe | 
"{D0AE6C02-42B3-46EA-9E17-1B6B35F71FC6}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{D9420C8C-8D8F-4500-8E0D-813452A43E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{DCDD9190-C759-46DE-B576-97C007FE9861}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DF27D0F3-2B1D-495F-B606-63BBC4672BD5}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{DFB6E3AE-F3AF-4704-B502-3D9E6802E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{E29C5FF4-6A58-4F48-8E70-46FB2A58DBED}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{E4560C4C-E7B9-4BFB-BCC8-FE88E5458F96}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{EAAE6A74-1A56-49AD-BDDE-A8B6DBD12071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EF59237D-E24A-4E15-959A-F9CE7E008808}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{F0708F61-4C61-4B6C-95C1-DDFA9695840A}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe | 
"{F11C738C-4C11-4726-98FB-CD3D8A44297D}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe | 
"{F5E5673B-566E-45DF-A886-CD14048260A3}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{F972F9D6-77FD-4120-A5F0-B245AEB41688}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FA1EAAAE-D883-40AD-B484-304263CB4415}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe | 
"{FE5AD9D2-0D9F-446F-A309-051BAE358B54}" = protocol=6 | dir=out | app=system | 
"{FE7916AA-5C5F-4856-AFE7-350B53FC6562}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{16FE1040-395B-44AE-975A-FAC82B4E1698}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{217898EF-70F7-4736-97F5-7EF03E3DA321}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{23C9C9CF-F915-4ED7-90CD-B235097CA957}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{2759EFEC-7BD4-4F1A-80C2-52CA77AA603A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"TCP Query User{4C77765D-C99A-433E-BAF0-984DA0612844}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{6415E3DC-6443-4280-A51D-1B347986F6C0}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{901B7E10-51F9-474A-B615-CB41A350C170}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe | 
"TCP Query User{9AB5B951-9C49-446E-8954-193F490879A6}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{ACD821E2-86BC-43A8-8192-46C3E24CD5C0}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{AFEC8B82-A948-43F8-B307-111619454E60}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{BFEBF612-9498-4990-A88B-F8FA1A4B43A3}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{CE903C5A-F256-420E-A4A0-E5D350F96E9D}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{D01BAA9B-81BD-4A4E-8292-F58680DB2D55}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{D993C068-0722-4F76-811E-4C1D1EE7B07B}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | 
"TCP Query User{E3A5C123-5C38-4600-A1E6-86B5599B19DC}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"TCP Query User{E94D7D63-EBF2-414C-97DC-B2DB7B16C9F5}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EE663DCF-3594-4C43-B1FE-5B0E456895DC}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{0845C00D-526B-42A3-A593-F0FC37AAC594}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{209320CC-16FF-44DC-A4DC-BB2A1BDA632D}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{51D38C14-7ED7-4138-8B29-152898EDA0A5}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{527BE6B7-44F9-4E23-B229-0F5E364A1EDF}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{5DDFDB42-FF21-4139-8605-E2B175D72104}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"UDP Query User{72413AC5-D162-4B26-8D4A-2710A433E892}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{78548A1A-8C30-409B-B89E-98D599C1730D}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{7B7C621B-9BA1-497F-8D08-2992CD3EFE55}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe | 
"UDP Query User{89F233B7-2996-47F3-904E-70BE187E781B}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{98A98762-422F-4C6F-9EE1-23E2BE49823D}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{AB7B1780-9C9B-4ECE-8B75-67D621EBB483}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{C1B6FDAD-D268-4D8F-9CE6-0E1F4387F20A}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{DB9DBCD3-9A43-4383-B9C9-475755D46823}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{E2F3AF79-C525-4D66-87B2-439E0BD2141D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{E75115C1-9754-468A-B0D3-F936FD97C9FD}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{F2CB6110-4F18-42BD-9DE8-43B6973BF2E8}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | 
"UDP Query User{F7F9992D-33D4-47C3-9686-A21031A8133B}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.06.2012 01:11:36 | Computer Name = ma | Source = ESENT | ID = 455
Description = Windows (3040) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00442.log.
 
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 30.06.2012 01:11:37 | Computer Name = ma | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 30.06.2012 01:11:39 | Computer Name = ma | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 30.06.2012 01:12:00 | Computer Name = ma | Source = DCOM | ID = 10005
Description = 
 
Error - 30.06.2012 01:12:00 | Computer Name = ma | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 30.06.2012 01:12:00 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 30.06.2012 02:03:58 | Computer Name = ma | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 30.06.2012 02:04:59 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.06.2012 02:05:02 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.06.2012 02:20:31 | Computer Name = ma | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 30.06.2012 03:39:04 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.06.2012 03:39:09 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
so zu den problemen:
also beim windowsstart kommt nicht mehr die fehlermeldung das jork_0_typ_col.exe
fehlt.
und sonst hab ich nicht mitbekommen das ich was schädliches oder nicht brauchbares in meine systemsteuerung drin hab.
bin nicht so gut in otl lesen aber is das nicht noch was schlimmes?
Code:
ATTFilter
O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
         
2. daemontools kann ich nicht deinstallieren weil ich drauf angewiesen bin ich hab kein cd/dvd laufwerk und ich hab windows oder spiele nur als img.

3. zu
Code:
ATTFilter
C:\Users\maki\Desktop\ghjghkdghkd.m3u
         
das ist eine playlist aus winamp.
4. und sorry aber ich konnte kaum was lesen was du mir geschrieben hast, ich glaub du bist nicht so gut in deutsch oder? ein paar anweisungen hab ich auch so mit nicht verstanden.

ja mehr fällt mir gerade nicht ein hoffe ich hab nichts vergessen
hier noch der anhang


Alt 01.07.2012, 04:38   #6
kira
/// Helfer-Team
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



Zitat:
Zitat von lalalula Beitrag anzeigen
4. und sorry aber ich konnte kaum was lesen was du mir geschrieben hast, ich glaub du bist nicht so gut in deutsch oder? ein paar anweisungen hab ich auch so mit nicht verstanden.
Tatsache ist, das Kann Doch jeden Mal Passieren, dass er die entsprechenden Anweisungen nicht richtig versteht.. Was ist daran nicht zu verstehen? Stell deine Frage konkret, wenn eine Stelle nicht klar beschrieben ist und die Aufgaben nicht konkret dargestellt wurden!

Zitat:
Zitat von lalalula Beitrag anzeigen

2. daemontools kann ich nicht deinstallieren weil ich drauf angewiesen bin ich hab kein cd/dvd laufwerk und ich hab windows oder spiele nur als img.
zu DaemonTools:
unter Software/Programme nicht installiert und selbst die Toolbar unnötig, hättest du beim Installieren von DaemonTools abwählen können

zu Spybot - O1 HOSTS File:
Überreste von Spybot. das Programm wurde installiert und wieder deinstalliert?

Zitat:
Zitat von lalalula Beitrag anzeigen
2. daemontools kann ich nicht deinstallieren weil ich drauf angewiesen bin ich hab kein cd/dvd laufwerk und ich hab windows oder spiele nur als img.
Image-Dateien kann man ohne DAEMON Tools auch jederzeit zurückspielen!
► Hast du eine Original-Windwos?
► Wenn ja, frage an dich: wieso hast Du nicht schon dein System aufgrüstet?!
Zitat:
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
für Win 7 das Service Pack 1 (SP1) fehlt:
das SP1 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen.
__________________
--> nach gema trojaner der den pc sperrt fehler beim systemstart

Geändert von kira (01.07.2012 um 04:59 Uhr)

Alt 01.07.2012, 12:24   #7
lalalula
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



Zitat:
Tatsache ist, das Kann Doch jeden Mal Passieren, dass er die entsprechenden Anweisungen nicht richtig versteht.. Was ist daran nicht zu verstehen? Stell deine Frage konkret, wenn eine Stelle nicht klar beschrieben ist und die Aufgaben nicht konkret dargestellt wurden!
ich sag ja nicht das es schlimm ist aber für mich klingt das so als wenn man englisch zu deutsch übersetzt hat


zu daemontools die toolbar hab ich entfernt
ja die hatte ich nicht gesehen

zu Spybot da hab ich keine ahnung wo der rest sein kann

zu den Image-Dateien
image-dateien kann man doch nur mit daemontools oder co. auf machen?
und ja ich hab windows nur als image

die frage die ich noch hab is den mein rechner jetzt sauber?

Geändert von lalalula (01.07.2012 um 12:35 Uhr)

Alt 02.07.2012, 08:10   #8
kira
/// Helfer-Team
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



Zitat:
ich sag ja nicht das es schlimm ist aber für mich klingt das so als wenn man englisch zu deutsch übersetzt hat
Ich kann dir versichern, du liegst mit deiner Vermutung total falsch, wenn auch ich NICHT in Deutschland geboren bin.
Andererseits hier bekommst Du und viele andere auch rund um die Uhr kostenlose Hilfe, bezahlst für diese Dienstleistung nicht, also sollte eigentlich kein Thema sein!
Ich denke nur das zählt und damit das Thema ist vom Tisch!

Zitat:
und ja ich hab windows nur als image
also wenn ich richtig verstanden habe, quasi hast Du keine Seriennummer für die Win7 64bit- Ultimate Edition Version?

Zitat:
die frage die ich noch hab is den mein rechner jetzt sauber?
dementsprechend die Antwort ist: NEIN
ohne Original-Windows, das dazugehörige Service Pack 1 und jegliche Patches/Sicherheitsupdates geht garnix!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 03.07.2012, 17:16   #9
lalalula
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



hi zu ersten ja ich weiss das es kostenlos ist ich hatte ja gesagt es ist nicht so schlim ich find es gut das es ein kostenloseforum zu sowas gibt
udn danke für die arbeit bisher.

und ja ich hab window nur als image
und ja ich hab jetzt sp1 drauf udn scheint so als wenn ich orginal windows hab

den stell ich mal meine frage nochmal könnte den mein pc jetzt sauber sein ?
ich mach mir da gedanken wegen
Code:
ATTFilter
O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
         

Alt 04.07.2012, 08:37   #10
kira
/// Helfer-Team
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 05.07.2012, 20:50   #11
lalalula
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



otl
Code:
ATTFilter
OTL logfile created on: 04.07.2012 16:36:45 - Run 5
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\maki\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 70,82% Memory free
15,99 Gb Paging File | 12,86 Gb Available in Paging File | 80,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 5,30 Gb Free Space | 13,28% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS
 
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
PRC - [2012.06.17 16:16:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.13 13:43:32 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007.07.17 17:32:56 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.17 16:16:11 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.13 13:43:32 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2011.09.04 20:00:01 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 16:16:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.15 21:08:22 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.23 23:37:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\05120458.sys -- (05120458)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.02 16:22:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.09 05:42:14 | 000,325,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 9A 90 96 B7 51 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110904
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\DivX\DivX Plus Web Player\firefox\html5video [2011.01.21 13:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\DivX\DivX Plus Web Player\firefox\wpa [2011.01.21 13:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.24 21:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 16:16:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2011.11.06 22:59:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2011.11.01 15:04:44 | 000,000,000 | ---D | M]
 
[2010.11.01 20:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Extensions
[2012.07.04 15:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions
[2011.03.11 20:50:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 14:11:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\maki\AppData\Roaming\mozilla\Firefox\Profiles\hgob6l6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.06 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.04 15:45:33 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.21 07:10:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011.11.01 15:11:21 | 000,075,438 | ---- | M] () (No name found) -- C:\USERS\MAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGOB6L6F.DEFAULT\EXTENSIONS\UPLOADER@ADBLOCKFILTERS.MOZDEV.ORG.XPI
[2012.06.17 16:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.12 15:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2011.11.04 02:19:25 | 000,438,159 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15068 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78888C1-45FE-420A-A855-67032247E0B1}: NameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 15:32:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%Report%
[2012.07.03 17:54:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.07.03 17:53:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.06.30 09:19:42 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.30 09:19:29 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.30 09:19:28 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.30 09:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.30 07:23:35 | 000,000,000 | ---D | C] -- C:\Users\maki\Desktop\d3 talente
[2012.06.30 07:16:08 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.30 07:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.30 07:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.30 07:01:45 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.30 07:01:45 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.30 06:52:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.29 06:41:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe
[2012.06.29 06:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.29 06:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.29 06:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
[2012.06.25 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Roaming\Malwarebytes
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 18:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 18:09:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.06.24 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.06.24 21:08:37 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 17:37:03 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.24 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.06.23 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.23 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2012.06.23 18:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.06.23 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.06.23 18:04:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.19 16:11:33 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 16:11:33 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 16:11:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 16:11:12 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 16:11:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 16:11:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 16:10:51 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 16:10:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.13 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\maki\AppData\Local\Macromedia
[2012.06.13 03:00:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 03:00:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 03:00:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 03:00:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 03:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 03:00:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 03:00:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 03:00:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 03:00:41 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 03:00:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 03:00:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 03:00:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 03:00:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.12 22:43:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.12 22:43:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.12 22:43:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.12 22:43:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profprov.dll
[2012.06.12 22:43:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.12 22:43:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.12 22:43:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.12 22:43:10 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.06.12 22:43:09 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.12 22:43:02 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.12 22:43:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.12 20:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 15:40:10 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 15:40:10 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 15:40:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 15:40:10 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 15:40:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 15:38:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 15:38:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 15:33:21 | 000,364,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.04 15:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 15:32:49 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.03 18:49:33 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.03 18:49:33 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.03 18:49:08 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.03 18:00:32 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.07.03 18:00:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.06.30 10:56:23 | 000,028,517 | ---- | M] () -- C:\Users\maki\Desktop\logfiles3.rar
[2012.06.30 09:19:15 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.06.30 09:19:15 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.06.30 09:19:15 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.06.30 09:19:15 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.06.30 09:19:15 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.06.30 07:15:25 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.30 07:09:30 | 001,393,418 | ---- | M] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg
[2012.06.29 06:42:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maki\Desktop\aswMBR.exe
[2012.06.29 06:37:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.29 06:35:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\maki\Desktop\OTL.exe
[2012.06.29 04:15:53 | 000,000,148 | ---- | M] () -- C:\Users\maki\defogger_reenable
[2012.06.28 18:18:33 | 002,714,795 | ---- | M] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip
[2012.06.25 18:09:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 06:14:21 | 000,000,155 | ---- | M] () -- C:\Windows\winamp.ini
[2012.06.24 21:11:00 | 000,017,408 | ---- | M] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.24 21:08:37 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.06.24 18:42:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\05120458.sys
[2012.06.13 13:43:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.13 13:43:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.12 20:18:43 | 000,000,835 | ---- | M] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | M] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
 
========== Files Created - No Company Name ==========
 
[2012.06.30 10:56:23 | 000,028,517 | ---- | C] () -- C:\Users\maki\Desktop\logfiles3.rar
[2012.06.30 07:15:25 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.30 07:09:22 | 001,393,418 | ---- | C] () -- C:\Users\maki\Desktop\cc_20120630_070914.reg
[2012.06.29 06:37:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.29 04:15:53 | 000,000,148 | ---- | C] () -- C:\Users\maki\defogger_reenable
[2012.06.28 18:18:55 | 002,714,627 | ---- | C] () -- C:\Users\maki\Desktop\Questguide_Xenoblade_Chronicles.pdf
[2012.06.28 18:18:32 | 002,714,795 | ---- | C] () -- C:\Users\maki\Desktop\questguide_xenoblade_chronicles.zip
[2012.06.25 18:09:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 21:10:58 | 000,017,408 | ---- | C] () -- C:\Users\maki\AppData\Local\WebpageIcons.db
[2012.06.24 21:09:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.06.24 21:09:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.06.12 20:18:43 | 000,000,835 | ---- | C] () -- C:\Users\maki\Desktop\Edna Bricht Aus.lnk
[2012.06.04 22:40:52 | 000,962,079 | ---- | C] () -- C:\Users\maki\Desktop\ghjghkdghkd.m3u
[2012.05.12 00:36:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.19 16:48:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.19 16:48:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.19 15:57:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.22 11:04:55 | 000,007,597 | ---- | C] () -- C:\Users\maki\AppData\Local\Resmon.ResmonCfg
[2011.05.31 18:17:46 | 000,044,448 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.11.17 14:16:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.02 02:20:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2010.10.31 17:23:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.31 16:27:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.10.31 16:27:27 | 000,031,115 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2011.06.26 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\.minecraft
[2012.06.30 07:04:12 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DAEMON Tools Lite
[2012.03.12 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoft
[2012.03.12 10:11:57 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.29 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\ICQ
[2011.01.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Local
[2011.01.18 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient
[2011.01.18 01:53:06 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.01.06 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Mumble
[2011.11.10 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Origin
[2010.11.05 16:46:04 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Raptr
[2011.12.20 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\maki\AppData\Roaming\Rovio
[2012.06.08 16:20:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >
         

extras
Code:
ATTFilter
OTL Extras logfile created on: 04.07.2012 16:36:45 - Run 5
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\maki\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 70,82% Memory free
15,99 Gb Paging File | 12,86 Gb Available in Paging File | 80,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,94 Gb Total Space | 5,30 Gb Free Space | 13,28% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 191,48 Gb Free Space | 95,74% Space Free | Partition Type: NTFS
Drive E: | 1622,98 Gb Total Space | 1291,77 Gb Free Space | 79,59% Space Free | Partition Type: NTFS
 
Computer Name: MA | User Name: maki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\office2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\office2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B12A2D-C8FD-4594-8FC2-471F8B8CD29D}" = lport=56239 | protocol=17 | dir=in | name=pando media booster | 
"{083EDC4A-F4C6-48F2-BF0B-8B52E537BAF1}" = lport=56239 | protocol=6 | dir=in | name=pando media booster | 
"{0BA61008-E65B-4860-AF91-D770F5351168}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{0C6597F9-5C2E-4A1C-B0EF-3C47B2BCCC86}" = rport=139 | protocol=6 | dir=out | app=system | 
"{120D1015-9D15-49FA-949E-DFE83562119C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{15E25C59-FC41-4515-A405-DF3533F4EFBC}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{16E8224A-5A5D-4E4C-9BED-48114D4CFEF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20AFCAC8-E3D4-4930-AB67-6D0447544DDD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{220B76DC-D36B-400A-B71F-23D63A8FDD01}" = lport=56239 | protocol=6 | dir=in | name=pando media booster | 
"{2F43D689-3C6A-49FA-AEAF-FC5A9487F35D}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher | 
"{334D3E8D-FEA3-4806-B514-22BB352861FC}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher | 
"{36551E85-BEE0-44E6-B97E-8FED5A28148E}" = lport=6930 | protocol=6 | dir=in | name=league of legends launcher | 
"{3922FE1B-ECCF-4C7D-A643-EDC0A2DBB747}" = lport=6959 | protocol=17 | dir=in | name=league of legends launcher | 
"{3A8BF361-66F8-4C64-A440-562ED1703C66}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{44A30F58-3D9B-4CDB-8B32-3975E0C5DDAC}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher | 
"{475893E4-6A19-4DAA-A214-843647129EF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D6B2B78-6A13-4F4E-B51A-519F5590B5ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4E391BCB-81A3-4138-9E22-927D520825E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50F892AD-D87E-4EB8-9A5E-1F49E405F95A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{54AFEC8B-34B9-4FDE-A364-542DF3ABBCE7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5A8F34B8-2DFC-494E-9B12-C488B78B57AD}" = lport=56943 | protocol=6 | dir=in | name=pando media booster | 
"{5C8E93CF-82BE-46DD-B2F1-626FEAD64ED5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5DCF2294-3975-456B-92DD-75EFBA3FD38D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6168711C-4B11-4EA9-8EF1-657B66C28D40}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | 
"{61F21FE5-CAC6-4A12-ACC1-7F250C465141}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{637F9A14-8175-4EDB-8B1F-2327DABC3C23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6C6C16C9-AC75-4BA8-8294-65055B8AF122}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher | 
"{6D4C8F5E-BA7B-47D3-88D7-0BFAB1426DDD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{70BE25A6-9F35-4E9B-A147-EF68BAEFDEE4}" = lport=56943 | protocol=6 | dir=in | name=pando media booster | 
"{859271AA-1A71-4C8A-B9FA-1B90BD6C1DAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88674E82-8429-4E11-AB90-04533865A181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A969E20-9782-41BD-A965-E3874EF39FE7}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | 
"{9D41D45C-2389-4D71-B5A1-86D276CCDB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A055A39B-8C9A-4FE5-BF44-27B3E0B47290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A0F53810-E536-4D8B-8E0A-9E8D9E0BF10C}" = lport=56943 | protocol=17 | dir=in | name=pando media booster | 
"{A1D68B97-E6F2-40E5-B561-95414BC457B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAC08E18-43F1-44AC-ADDA-7E552A848BEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACD11528-3788-4007-AB63-EFEC6F8626B6}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{B11927D1-1F72-4ED1-9455-D5277C877FC8}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | 
"{B4726FE4-067B-471E-A991-E982C54E35F9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BA270A0A-1BCF-4B72-B731-FCC242909FD9}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher | 
"{BD923188-0C37-45D5-9C83-217641FCE076}" = lport=56943 | protocol=17 | dir=in | name=pando media booster | 
"{C0E7FDCB-0EA2-4DEE-B564-6A7D2CE94DC7}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher | 
"{C18963F2-514A-4558-BBD3-23F50DB1667A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C1ABE3BA-E479-4944-B5CD-6E1F581840A1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C464B320-8A9F-4BD8-A9EF-267B28C9356A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{C6141466-1FDB-47C2-9A44-782D54D3D3B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7CCF420-3921-41CC-898F-C9E64838055F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB85EABF-4727-488C-8DA3-371F548F4AD1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CBE31870-E69F-4DDB-AF50-5B63E0D3FC78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CE2B3187-219D-4B91-9962-195B6DE1FBF3}" = lport=56239 | protocol=17 | dir=in | name=pando media booster | 
"{CFE0B770-24FA-4326-9D8B-09FC173AE7F4}" = lport=6959 | protocol=6 | dir=in | name=league of legends launcher | 
"{D229929A-9A76-4920-96DA-BAD4B7E63376}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher | 
"{D2F9E3A6-3AFB-4810-AA19-57F403FD59BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB2BCE3B-332D-4CB1-9B77-B8D18D10D943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB7E4DC1-B9BB-4112-8959-D40F33F0CC65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DE7BC26E-5B80-412F-AB6D-075DF6CCA598}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher | 
"{DEAE600E-FBA3-4B2E-9701-00D223DC760D}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher | 
"{DF266C9A-1AAC-421C-B4F1-47314DD41EEB}" = lport=6930 | protocol=17 | dir=in | name=league of legends launcher | 
"{DFA810AB-04DA-437D-86CB-60E1C1A1A2B4}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher | 
"{E0CBCA70-CC77-48AA-911B-D7D647EF1109}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | 
"{EA263BE0-285A-4D56-AA9A-80167E508F94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FC1EE431-D9E2-404D-88D9-0BD9037C3113}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEFCD2BA-0D89-46EA-8C95-B0B23623BF0F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FF05DF33-FF09-4208-8896-4EDE63A7680A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00188318-3434-4561-AB62-8E4B257B686A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1079138B-F054-44B7-8B51-7EDCF4F0702D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10D70222-8747-4D25-AB3C-656B2F3819C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1A7958F4-96CA-4D22-B4A6-C70908352D3D}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe | 
"{1D1DFF57-E8B7-4F79-990B-EB9CB90A33E6}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{1D5187BE-1470-45AB-A8D3-B219B68A1BBA}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe | 
"{2339FE7C-7530-46B9-BE31-1867E2FC9BE6}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | 
"{25D75D12-F54A-4894-BD13-0AA208C66D63}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe | 
"{2FAFA836-C346-4AAF-AFB8-67EB9FCEA65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{342D8C0D-397B-4BBE-90A1-268F2EFAF0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3678F865-7B44-4511-9AE9-B7440BADF9C8}" = protocol=6 | dir=in | app=e:\valve\steam.exe | 
"{3C3DC46A-A6D2-4154-A088-85ED8B911491}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{42EAEBC4-FB70-4AF3-AA33-02097CB77BD8}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe | 
"{4397F01D-62DE-4E25-876E-339646BB94B7}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe | 
"{48EB54D3-24F1-40FE-9B6E-75D01D8A879E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{4A9019EA-0EA2-4D43-8CBF-FC961589D46A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{51661261-393D-4D87-A5DB-000A4E47D3D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{52A37D89-6E08-4B21-970A-E643ACB0823A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{543D2457-F83F-4559-B840-A1398DACBEC5}" = dir=in | app=d:\skype\phone\skype.exe | 
"{586C605C-9C69-44D6-BA7D-7B7047142D4A}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\condition zero\hl.exe | 
"{5D64EE52-65A8-4EB4-9388-DADE998B2EB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5EE0D5D2-0F06-4829-B43C-F71AA4B34028}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{690194C0-23E0-40EA-BB54-C4E311719EFB}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{6C73A531-C280-4782-BC43-0562AE17B971}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6DD0311F-47FB-454C-9E46-EDDF98405691}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{7104320D-59DE-4F8D-B59A-7692081DC74B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{755832E1-00DF-4518-8835-12984B2CA9C3}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{7817D259-95C2-47E7-90DE-F215337B8006}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe | 
"{79228880-ECB4-45E7-A587-F77D72676861}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe | 
"{7A737697-9819-4165-A350-C1F6BD5A129F}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{816D1808-EB8F-4B28-99C0-BB5CE05C5F7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81F7693D-9870-46F8-A36C-A0139783304F}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe | 
"{823DE03C-FBDF-4FD4-96C3-E152FE1E4360}" = protocol=6 | dir=in | app=d:\icq7.2\aolload.exe | 
"{8947B655-0002-469F-8745-BADFD9C35B3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9034D00C-A69E-4319-95AB-8C5B425B9D2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{91B953C5-AEAB-4C51-AD3A-1C6497929B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{982A40E9-6134-479A-8D09-069C3C5716AF}" = protocol=17 | dir=in | app=d:\icq7.2\aolload.exe | 
"{985BB86E-BFAA-424D-A773-31F7C9D4CA9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99955B47-9206-4815-94A7-F809FC0D0EE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9AAD7561-0DAD-41B6-8713-58E83B4F5C3B}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{9FD1B678-E526-4193-8DA2-F123EA9DA252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0F1F88A-C62D-462D-BC4F-BF806117EB88}" = protocol=6 | dir=in | app=d:\icq7.2\icq.exe | 
"{A81F2578-EEAE-4959-B879-4411EB384A0F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A94B9C9F-936E-4244-AFC5-72174AB6A0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BAEF82C4-835F-4367-A516-DB91E81CE7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD85C7D2-AD4B-4AF6-978A-BFA095396C53}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{C7D2BCFE-CA0F-480D-B651-3E7822173AD4}" = protocol=17 | dir=in | app=e:\valve\steam.exe | 
"{C867EAEA-383B-409F-BA1D-18DCE0F757F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CF5E2B61-5895-43E3-9AEA-63E2E57C7799}" = protocol=17 | dir=in | app=d:\icq7.2\icq.exe | 
"{D0AE6C02-42B3-46EA-9E17-1B6B35F71FC6}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{D9420C8C-8D8F-4500-8E0D-813452A43E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{DCDD9190-C759-46DE-B576-97C007FE9861}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DF27D0F3-2B1D-495F-B606-63BBC4672BD5}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{DFB6E3AE-F3AF-4704-B502-3D9E6802E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{E29C5FF4-6A58-4F48-8E70-46FB2A58DBED}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{E4560C4C-E7B9-4BFB-BCC8-FE88E5458F96}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{EAAE6A74-1A56-49AD-BDDE-A8B6DBD12071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EF59237D-E24A-4E15-959A-F9CE7E008808}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe | 
"{F0708F61-4C61-4B6C-95C1-DDFA9695840A}" = protocol=17 | dir=in | app=e:\valve\steamapps\knallteufel_pg\half-life\hl.exe | 
"{F11C738C-4C11-4726-98FB-CD3D8A44297D}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\counter-strike\hl.exe | 
"{F5E5673B-566E-45DF-A886-CD14048260A3}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{F972F9D6-77FD-4120-A5F0-B245AEB41688}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FA1EAAAE-D883-40AD-B484-304263CB4415}" = protocol=6 | dir=in | app=e:\valve\steamapps\knallteufel_pg\codename gordon\cg.exe | 
"{FE5AD9D2-0D9F-446F-A309-051BAE358B54}" = protocol=6 | dir=out | app=system | 
"{FE7916AA-5C5F-4856-AFE7-350B53FC6562}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{16FE1040-395B-44AE-975A-FAC82B4E1698}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{217898EF-70F7-4736-97F5-7EF03E3DA321}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{23C9C9CF-F915-4ED7-90CD-B235097CA957}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{2759EFEC-7BD4-4F1A-80C2-52CA77AA603A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"TCP Query User{4C77765D-C99A-433E-BAF0-984DA0612844}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{6415E3DC-6443-4280-A51D-1B347986F6C0}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{901B7E10-51F9-474A-B615-CB41A350C170}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe | 
"TCP Query User{9AB5B951-9C49-446E-8954-193F490879A6}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{ACD821E2-86BC-43A8-8192-46C3E24CD5C0}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{AFEC8B82-A948-43F8-B307-111619454E60}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{BFEBF612-9498-4990-A88B-F8FA1A4B43A3}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{CE903C5A-F256-420E-A4A0-E5D350F96E9D}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{D01BAA9B-81BD-4A4E-8292-F58680DB2D55}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{D993C068-0722-4F76-811E-4C1D1EE7B07B}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | 
"TCP Query User{E3A5C123-5C38-4600-A1E6-86B5599B19DC}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"TCP Query User{E94D7D63-EBF2-414C-97DC-B2DB7B16C9F5}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{EE663DCF-3594-4C43-B1FE-5B0E456895DC}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{0845C00D-526B-42A3-A593-F0FC37AAC594}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{209320CC-16FF-44DC-A4DC-BB2A1BDA632D}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{51D38C14-7ED7-4138-8B29-152898EDA0A5}E:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{527BE6B7-44F9-4E23-B229-0F5E364A1EDF}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{5DDFDB42-FF21-4139-8605-E2B175D72104}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"UDP Query User{72413AC5-D162-4B26-8D4A-2710A433E892}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{78548A1A-8C30-409B-B89E-98D599C1730D}E:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{7B7C621B-9BA1-497F-8D08-2992CD3EFE55}E:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii daten sammlung\warcraft iii 25.7.08\warcraft iii\war3.exe | 
"UDP Query User{89F233B7-2996-47F3-904E-70BE187E781B}E:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{98A98762-422F-4C6F-9EE1-23E2BE49823D}E:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{AB7B1780-9C9B-4ECE-8B75-67D621EBB483}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{C1B6FDAD-D268-4D8F-9CE6-0E1F4387F20A}E:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{DB9DBCD3-9A43-4383-B9C9-475755D46823}E:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{E2F3AF79-C525-4D66-87B2-439E0BD2141D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{E75115C1-9754-468A-B0D3-F936FD97C9FD}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{F2CB6110-4F18-42BD-9DE8-43B6973BF2E8}E:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=e:\alice madness returns\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe | 
"UDP Query User{F7F9992D-33D4-47C3-9686-A21031A8133B}E:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base16939\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 12:10:32 | Computer Name = ma | Source = ESENT | ID = 215
Description = WinMail (2584) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 03.07.2012 12:11:24 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.07.2012 12:11:24 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.07.2012 12:15:06 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.07.2012 12:16:22 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.07.2012 17:14:18 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.07.2012 17:14:36 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.07.2012 17:18:12 | Computer Name = ma | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.07.2012 20:56:25 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0x4dc  Startzeit der fehlerhaften Anwendung:
 0x01cd5937449951f2  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 1403178f-c573-11e1-b4a2-20cf30958817
 
Error - 04.07.2012 09:31:44 | Computer Name = ma | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x63c  Startzeit der fehlerhaften Anwendung: 0x01cd59e951bf1ffe
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 97ed9e76-c5dc-11e1-899a-20cf30958817
 
[ System Events ]
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 03.07.2012 12:08:47 | Computer Name = ma | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 04.07.2012 09:31:23 | Computer Name = ma | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 03:57:13 unerwartet heruntergefahren.
 
Error - 04.07.2012 09:31:30 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 04.07.2012 09:31:44 | Computer Name = ma | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 04.07.2012 09:33:04 | Computer Name = ma | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 15:31:23 unerwartet heruntergefahren.
 
Error - 04.07.2012 09:33:11 | Computer Name = ma | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 04.07.2012 09:39:14 | Computer Name = ma | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         

Alt 06.07.2012, 06:19   #12
kira
/// Helfer-Team
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



- Von welchem Hersteller ist dein PC / Notebook?

1.
-> So können Sie die Hostdatei auf die Standardeinstellung zurücksetzen.

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :
Code:
ATTFilter
:OTL
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

:Reg
"{C0EC28F9-B757-4B54-A12E-65E4944218C9}" =-
"{E1F000E3-BD2A-46F6-9EF6-2209FD3C07BB}" =-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 06.07.2012, 13:36   #13
lalalula
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



hi mein pc hab ich selber zusammen gestellt.
und danke ich denke jetzt geht alles bisher hab ich keine probleme klappt alles
hostdateien sind auch weg

danke

ps: hast du vll eine ahung wo man ein gutes kostenlose virusprogramm her kriegt ?
antivir ist ja nicht gut.

Alt 06.07.2012, 23:39   #14
kira
/// Helfer-Team
 
nach gema trojaner der den pc sperrt fehler beim systemstart - Standard

nach gema trojaner der den pc sperrt fehler beim systemstart



"Perfekte" Programm gegen die Viren & Co gibt es sowieso nicht! sonst wärst Du und auch noch viele anderen betroffenen Mituser nicht hier
► Ein Anti-Viren-Programm bzw. Spezial-Tool,kann nur vor jenen Viren schützen bzw. entfernen, die es auch kennt. Leider sehr oft Virenprogrammierer sind schneller auf dem Markt mit ihrem Produkt als Antivirenprogrammierer mit dem Gegenmittel. Es ist daher ganz natürlich, dass vom Zeitpunkt des Auftretens eines neuen Virus eine bestimmte Zeit vergeht,bis der Antivirenhersteller ein Gegenmittel in Form von Virendefinitionsfiles bereithält.[/quote]

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!


Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu nach gema trojaner der den pc sperrt fehler beim systemstart
avp.exe, battle.net, bho, converter, curse, error, excel, fehler, firefox, firefox 13.0.1, flash player, helper, install.exe, kaspersky, langs, launch, league of legends, libusb0.sys, logfile, mozilla, mp3, object, pando media booster, problem, realtek, recycle.bin, registry, richtlinie, scan, searchscopes, security, security scan, software, svchost.exe, system error, tastatur, teamspeak, trojaner, usb 3.0, vdeck.exe, zipdatei



Ähnliche Themen: nach gema trojaner der den pc sperrt fehler beim systemstart


  1. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls
    Log-Analyse und Auswertung - 01.09.2014 (13)
  2. Fehlermeldung bei Systemstart von WINDOWS 7 64-bit: RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 17.08.2014 (10)
  3. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Alles rund um Windows - 12.08.2014 (18)
  4. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 16.06.2014 (11)
  5. Dll Fehler beim Systemstart|Grafikkarte wird nicht erkannt|keine Installationen möglich
    Alles rund um Windows - 11.05.2014 (1)
  6. RUNDLL Fehler nach Systemstart[2]
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (13)
  7. RUNDLL Fehler nach Systemstart
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (16)
  8. beim Systemstart Rundll fehler
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (3)
  9. GVU Trojaner-Infizierung; dll-Fehler beim Systemstart
    Log-Analyse und Auswertung - 21.11.2012 (17)
  10. RunDLL Fehler nach Systemstart (guv-Virus-Verdacht)
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  11. gema trojaner - kommt direkt nach Systemstart
    Log-Analyse und Auswertung - 03.05.2012 (5)
  12. Gema Trojaner sperrt mein Windows
    Log-Analyse und Auswertung - 18.03.2012 (1)
  13. Fehler in Anwendung (Prozesse beenden sich beim Systemstart)
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (0)
  14. "Fehler beim Laden von C:\Windows\system32\sshnas.dll" bei jedem Systemstart
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (7)
  15. "Fehler beim Laden von C:\Windows\system32\sshnas21.dll" bei Systemstart
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (0)
  16. DLL-Fehler beim Vista Systemstart, sidebar.VIR
    Log-Analyse und Auswertung - 13.11.2008 (5)
  17. ibm00001.exe Fehler beim Systemstart
    Log-Analyse und Auswertung - 07.03.2008 (12)

Zum Thema nach gema trojaner der den pc sperrt fehler beim systemstart - hallo, ich hab ein problem ich hatte den Gema trojaner drauf, der den pc sperrt. Und jetzt kommt beim windowsstart c:\users\maki\appdata\local\temp\jork_0_typ_col.exe könnte nicht gestartet werden. ich konnte den trojaner in - nach gema trojaner der den pc sperrt fehler beim systemstart...
Archiv
Du betrachtest: nach gema trojaner der den pc sperrt fehler beim systemstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.