Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ihr computer wurde durch das system der automatischen informationskontrolle gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.08.2012, 15:56   #1
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Ich hab mir, wie scheinbar einige andere, den im Titel beschriebenen Trojaner eingefangen.

Hier meine Logs

Code:
ATTFilter
OTL logfile created on: 8/20/2012 4:48:40 PM - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 7.23 Gb Available Physical Memory | 90.55% Memory free
15.96 Gb Paging File | 15.23 Gb Available in Paging File | 95.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.53 Gb Total Space | 1.45 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
Drive D: | 891.00 Gb Total Space | 622.75 Gb Free Space | 69.89% Space Free | Partition Type: NTFS
Drive E: | 40.51 Gb Total Space | 22.02 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/20 16:48:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/18 14:23:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 16:28:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 16:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/14 22:04:21 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/13 21:44:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/08 16:28:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 16:28:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/06/02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/06/02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 02:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 09:46:48 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/20 12:59:28 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/09/23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010/07/01 04:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/02/06 16:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/16 16:58:46 | 000,031,248 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynasUSB)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {88D66088-9AA2-4E51-BBC2-531DC80741EF}
IE - HKCU\..\SearchScopes\{2D5266FA-E190-4503-BD4A-7CDF772455DF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=BB04F0DD-7321-4569-9488-C78E7AA763CE&apn_sauid=D92E8379-47E0-419E-955F-1C0133D63077
IE - HKCU\..\SearchScopes\{88D66088-9AA2-4E51-BBC2-531DC80741EF}: "URL" = hxxp://findgala.com/?&uid=3127&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: D:\Sony Reader\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: D:\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/07 18:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Firefox\components [2012/07/18 14:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Firefox\plugins [2012/08/16 17:44:39 | 000,000,000 | ---D | M]
 
[2011/05/30 21:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions
[2012/07/25 15:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\zappub05.default\extensions
[2012/06/20 17:20:58 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\zappub05.default\extensions\toolbar@ask.com
[2011/07/29 22:02:18 | 000,002,333 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\searchplugins\askcom.xml
[2012/08/14 09:47:26 | 000,001,210 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\searchplugins\search.xml
[2012/02/07 18:16:27 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/06/20 14:37:35 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\TOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZAPPUB05.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://start.facemoods.com/?a=ddrnw
CHR - Extension: Skype Click to Call = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Skype Click to Call = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2011/07/18 22:49:06 | 000,434,670 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14957 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Reader Application Helper] D:\Sony Reader\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKCU..\Run: [KiesHelper] D:\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [yfmolxdvcmepvkj] C:\ProgramData\yfmolxdv.exe ()
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.55.5 212.33.32.160
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE7BB5D-4BFC-4465-BD17-DDE4C7AF17B2}: DhcpNameServer = 212.33.55.5 212.33.32.160
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 17:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/15 18:17:45 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/03/23 17:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/20 16:48:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012/08/20 16:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\nasuzozvcxleiog
[2012/08/19 08:07:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\DeadIsland
[2012/08/14 08:16:26 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012/08/14 08:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/08/14 08:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/08/13 22:18:35 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{D7B242FC-952F-4749-B7FC-61BD46687AC9}
[2012/08/13 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{68C8D199-67A3-4E3E-821F-861F419B35D5}
[2012/08/13 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{1D70913B-6037-4462-8338-120348A468AB}
[2012/08/13 22:17:46 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{7345A72B-0248-4A0D-BCA5-78B39E452584}
[2012/08/13 22:14:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{F8989C18-1764-4FC8-9652-AAE54AC63773}
[2012/08/13 22:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.1.1 Home Edition
[2012/08/13 21:54:01 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{8089A168-5353-452A-9A6D-23CB913003C6}
[2012/08/13 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{609C7F39-CED3-47C8-BBBD-C1B44B5EFD05}
[2012/08/13 21:53:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{BE1B60E5-E3DC-44AB-88B2-ECB186F257F0}
[2012/08/13 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{5A640B31-6CF0-4621-9FB5-D6D1B3F023C8}
[2012/08/13 21:44:23 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/08/13 21:44:20 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2012/08/13 21:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/08/13 21:38:20 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\CyberLink
[2012/08/13 20:39:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{508C848F-C2BB-4266-B021-5B22E0BB04D8}
[2012/08/13 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{D43B3731-E7E5-493F-803B-9CFDBCEF6E3D}
[2012/08/13 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{8D902ED0-D20F-4FE4-8A8D-0CFCDB565BA5}
[2012/08/13 20:23:01 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{91E6C1A3-9752-45AE-AFDA-DBDD482019B2}
[2012/08/13 20:22:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{A9B34539-5829-43C3-8FBD-496EA37B6088}
[2012/08/13 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{29B8F54F-337C-4CF0-9BF6-6567297A992A}
[2012/08/13 20:21:54 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{1C2127C1-51C5-4896-874F-CAD644F7939B}
[2012/08/13 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{901E6EBB-C6BE-4D6D-9659-DA0D611E4265}
[2012/08/13 18:54:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{80B307AF-704C-41FF-98D2-84EA28DD9E01}
[2012/08/12 19:10:47 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\DDMSettings
[2012/07/31 07:43:19 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Square Enix
[2012/07/28 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{7D4C1A41-6F8A-41B6-B4CB-11EAD53F03CD}
[2012/07/22 11:39:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\KRISTAL Media Files
[2012/07/22 11:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2012/07/22 11:23:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALionOne
[2012/07/22 11:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2012/07/22 11:22:59 | 000,909,824 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysNative\synsoacc.dll
[2012/07/22 11:22:52 | 000,031,248 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysNative\drivers\synUSB64.sys
[2012/07/22 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Steinberg
[2012/07/22 11:20:19 | 000,765,952 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SYNSOACC.dll
[2012/07/22 11:20:19 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SynsoLChk.dll
[2012/07/22 11:20:19 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\Synsopos.exe
[2012/07/22 11:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncrosoft
[2012/07/22 11:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syncrosoft
[2011/03/24 12:37:25 | 019,786,880 | ---- | C] (Electronic Arts, Inc.) -- C:\Program Files (x86)\eadm-installer.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/20 16:48:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012/08/20 16:48:11 | 000,000,128 | ---- | M] () -- C:\Users\Tom\defogger_reenable
[2012/08/20 16:48:02 | 003,260,406 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/08/20 16:48:02 | 001,413,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/20 16:48:02 | 000,846,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/20 16:48:02 | 000,829,498 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/08/20 16:48:02 | 000,006,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/20 16:47:54 | 000,050,477 | ---- | M] () -- C:\Users\Tom\Desktop\Defogger.exe
[2012/08/20 16:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/20 16:43:31 | 2133,086,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/20 16:41:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 16:23:40 | 000,000,051 | ---- | M] () -- C:\ProgramData\iwwzcpxiiimzhbw
[2012/08/20 16:23:35 | 000,057,344 | ---- | M] () -- C:\ProgramData\yfmolxdv.exe
[2012/08/20 16:23:35 | 000,057,344 | ---- | M] () -- C:\Users\Tom\0.13143651877043583.exe
[2012/08/20 15:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/20 15:00:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 15:00:36 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 20:49:15 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/18 20:49:15 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/18 20:48:51 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/17 11:13:13 | 000,291,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 08:16:21 | 000,000,020 | ---- | M] () -- C:\Windows\°ô±
[2012/08/14 08:14:30 | 000,000,020 | ---- | M] () -- C:\Windows\Ø÷b
[2012/08/13 21:44:23 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/20 16:48:11 | 000,000,128 | ---- | C] () -- C:\Users\Tom\defogger_reenable
[2012/08/20 16:47:54 | 000,050,477 | ---- | C] () -- C:\Users\Tom\Desktop\Defogger.exe
[2012/08/20 16:23:40 | 000,057,344 | ---- | C] () -- C:\ProgramData\yfmolxdv.exe
[2012/08/20 16:23:36 | 000,000,051 | ---- | C] () -- C:\ProgramData\iwwzcpxiiimzhbw
[2012/08/20 16:23:35 | 000,057,344 | ---- | C] () -- C:\Users\Tom\0.13143651877043583.exe
[2012/08/14 08:16:24 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/08/14 08:16:22 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/08/14 08:16:21 | 000,000,020 | ---- | C] () -- C:\Windows\°ô±
[2012/08/14 08:14:29 | 000,000,020 | ---- | C] () -- C:\Windows\Ø÷b
[2012/08/13 22:10:08 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2012/08/13 22:10:08 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/08/13 22:10:08 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2012/08/13 22:10:08 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/08/13 22:10:08 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/08/13 22:10:08 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2012/08/13 22:10:08 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2012/08/13 22:10:08 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/08/13 22:10:08 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2012/08/13 22:10:08 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/07/22 11:37:56 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KRISTAL.lnk
[2012/07/22 11:22:59 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2012/07/22 11:22:59 | 000,147,425 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Aide.chm
[2012/07/22 11:22:59 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2012/07/22 11:22:59 | 000,120,468 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Hilfe.chm
[2012/07/22 11:22:59 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2012/07/22 11:22:59 | 000,114,279 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Help.chm
[2012/05/03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/02/14 21:55:51 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/11/25 21:51:29 | 000,064,847 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/11 10:45:03 | 000,092,504 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/19 20:24:23 | 001,509,020 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/05/30 23:04:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/30 23:04:24 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/05/30 23:04:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/30 22:10:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/30 22:10:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/30 22:10:35 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/30 22:10:35 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/30 22:10:35 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/05/30 22:10:35 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/30 22:04:11 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== LOP Check ==========
 
[2011/06/26 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bioshock2
[2011/07/31 15:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Blender Foundation
[2011/07/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2012/08/13 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2012/03/26 19:48:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DVDVideoSoft
[2011/11/28 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\LolClient
[2011/09/19 18:26:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Miranda
[2012/08/18 20:36:26 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Origin
[2011/07/25 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Samsung
[2012/08/14 13:16:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SoftGrid Client
[2012/07/22 11:24:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Steinberg
[2011/06/19 20:25:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TP
[2012/01/31 00:26:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TS3Client
[2011/06/26 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Windows Live Writer
[2011/08/22 10:24:06 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
[2012/06/30 08:18:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         



Code:
ATTFilter
OTL Extras logfile created on: 8/20/2012 4:48:40 PM - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 7.23 Gb Available Physical Memory | 90.55% Memory free
15.96 Gb Paging File | 15.23 Gb Available in Paging File | 95.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.53 Gb Total Space | 1.45 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
Drive D: | 891.00 Gb Total Space | 622.75 Gb Free Space | 69.89% Space Free | Partition Type: NTFS
Drive E: | 40.51 Gb Total Space | 22.02 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive F: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0995E239-8B22-4661-87DB-E628350A527F}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{0BE296A5-6E05-4776-BD51-F4ACC1522363}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher | 
"{0C7C7529-D15A-41C8-931A-955441642AAB}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{14C3A41D-E397-4D64-B64B-A85BDE049ACE}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{14F3D3C5-A401-45ED-9C9A-4963D581D10F}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher | 
"{15271EF8-4AFC-4075-AA72-D5204B502690}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
"{1974EC09-426D-4E0E-96E2-00718A0747E3}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{24E9C5D6-7C1B-46F9-A1EA-B46530AFA004}" = rport=139 | protocol=6 | dir=out | app=system | 
"{26CA8CE5-1D9C-4C7A-9659-5F343F6F4FAD}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{2F1AB5D0-6BA8-4F2A-B6DD-957BD07CAD37}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | 
"{356BE518-1FF0-487E-852A-EF48E85CE006}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher | 
"{3AB87B00-52BC-4921-B70E-34B016BB3A89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EC9D057-0F20-461B-9DF5-DFEF17A52EAA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3F67A294-3208-403C-A26B-A4B95B81E8A7}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | 
"{41E740B6-5ED8-43E7-B1D6-E852553CC1A5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{452827CD-991E-4F6A-9F3D-76AAA688A514}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C38AD6F-4454-4EDE-8349-DCA842AC1276}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C6847F7-604A-4EA6-A5D8-7450E1C50E21}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4E515EE4-B6E0-41DB-AD5C-FA5355859B06}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5174FB1D-1CEA-4CE4-A255-2A550CBA5CFF}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher | 
"{52A49710-29C6-477A-9D9F-0D5C18BE5E2D}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{60B1C5DE-56C7-4A84-ADC2-07FAA511B3A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{67EC05DD-93FB-433F-A27E-25EBC5E4B9D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{73EFD601-E7F5-4534-83BD-3190604667EC}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{7574BC20-1DF4-47CD-BF92-50C5E18E721B}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher | 
"{786F54AE-E290-49FD-829D-04C922E551C5}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{7F551D95-D81F-4F6D-B0B1-A23A469F7753}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{85169BD1-C325-454A-B747-9481B8C07C5D}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{85D5E523-845F-4C04-AB59-5C3309C5F1EE}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{85DAF5B2-7433-47DA-B85E-DD040F976DDB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90B998A5-4F87-4FFB-B418-1121E5EC56F6}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher | 
"{91FAE325-7255-48ED-95AF-940A9E437DF1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A5DD4D85-762C-4CA6-9F35-52EB5E86F381}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{A82D1B39-7005-4792-B28E-3F9F9932E8D0}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher | 
"{AA5FE847-52F8-44C9-897E-23BDEC0EC16E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB148E7E-2698-41DA-9714-7D41F1FF7DAF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B179DF0C-6814-415F-8C32-158D8CB2151F}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{B52B4FB8-EAB6-4031-9BA4-834B95384F46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BBF64092-9ECF-489A-A593-57EA0A85B4B5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BED6B1AB-F254-4FD0-B559-2ED13D5FB74F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C4ECF004-C34D-4726-8807-F7981B0E99CF}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher | 
"{CD2AFD58-158B-492E-85D0-B691DFF8CA21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CED04863-FB09-4A99-A578-9B6BF0F8E61E}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher | 
"{D2E373F1-D97C-477B-8A16-8DE5424093B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E1CD96C1-C557-4716-8438-A4A9C9573E52}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3E40A21-A7DA-486D-9493-28CADDDD92BD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E6A9D89F-86E3-47F3-952D-DDFABE668B44}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{EB679C56-C1C2-48CC-A41E-8A4C89F22B92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{ED38815C-3BB4-452B-BD49-4FFD8CA8E882}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{ED838194-D85D-4EAA-B21A-32D68ABC93EA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EE270DFF-ACCF-4B77-B628-C2CECE4CD312}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher | 
"{F3B266F9-1D98-4002-ADB3-E05A98B08B5B}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | 
"{F46488E2-9163-4E14-87FA-5F9C2E15D18D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F7D21B25-B2A1-4C26-BA9E-E5A68A0EE5FC}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher | 
"{F8510055-6516-424E-AA79-64A002E90DCD}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher | 
"{FA0F0422-5EBD-4E28-B08F-95A46B8677AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FFA3D77A-D291-439F-B5B2-879A84EEBAE2}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000FBCD6-73FC-42D5-ACE1-0D1AB31C4B4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{0122DD08-6AC0-4A8A-A7BA-821496DD8F3D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{07C5E397-EDE0-423A-9E9D-ED846EE0D08A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{07EF5A4E-5EB8-4BB0-A945-80F89B542B6B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{095EC975-FBAC-4885-B198-AA9686466D2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B27F249-E9AC-427E-8026-6F224E9E9A74}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0B3650C5-0BCA-439D-980F-48F7B5BFF9B9}" = protocol=6 | dir=in | app=d:\mass effect\masseffectlauncher.exe | 
"{0D9B4C79-20EE-48F6-873D-CA451DC70BA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0DD89B95-2AAC-49C0-8287-BFED94CF2154}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E73E8B9-1D0B-4CD8-A282-0066B69F5800}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0F895225-266A-4DF2-831C-8318030A0325}" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.patch.exe | 
"{0FD8CF54-A08B-4C5D-B2E7-568A7534237C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{138D56AD-6427-455E-AE4E-933F5B316CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{14B5A5D5-A067-4614-9CEA-E9A4E794AA3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{14D45B60-519F-4782-A25D-798DFDC7CD94}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1869CB4E-50F3-42F8-A260-B8DEA3E96E4F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\risen 2\system\risen2.exe | 
"{1BA1645E-44FF-45C6-938B-7EF3E87DC46D}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{230B4329-2121-4F49-8FE1-4CEB9BBB257D}" = protocol=6 | dir=in | app=d:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"{231D6CE2-8896-479E-8220-6D53ACF4F901}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{27294FD4-109F-4BD5-BEB0-714653A298B0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{2938BBAA-76A1-4D57-820D-CBBD650EE9B9}" = protocol=6 | dir=in | app=d:\league of legends\game\league of legends.exe | 
"{2B40A2A4-641A-495C-8BDA-3E37DA1CB3A0}" = protocol=6 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe | 
"{330C82AF-94D2-44D5-8505-5AE370327B3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{34487EAE-D5E1-4B00-BA1E-6FF252FBE5D6}" = protocol=17 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 
"{37734135-B799-4437-90E6-429DBEF37D77}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{37A4B594-2ED5-42B4-857A-FB89D489FA70}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{3A611D60-FE17-44C6-83A2-57C1D0C17110}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3AC17A2D-9799-40F4-94CE-1532C3896D03}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{3CD54F0C-5D0E-492E-BA7F-EF7912D311FA}" = protocol=17 | dir=in | app=c:\users\tom\downloads\diablo-iii-beta-enus-setup.exe | 
"{3F557DE4-EAAA-4BBD-9A86-99BBDCB11106}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3FAB4B97-EC36-4B2F-98D6-F4F871E4DA2B}" = protocol=17 | dir=in | app=d:\mass effect\binaries\masseffect.exe | 
"{3FFFF63C-72C3-4BB8-B4CB-327C281C1C00}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{40D389EF-64C6-402D-9BB6-985CEE05B51D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{4358B259-6B2E-4880-9A58-8E4294DBB01C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{44561D2E-74EC-42E0-BFED-51DB03C06ADC}" = protocol=6 | dir=in | app=c:\users\tom\downloads\diablo-iii-beta-enus-setup.exe | 
"{47B4897A-5AA3-44C0-AE4E-A19D37C2DA40}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\risen 2\system\risen2.exe | 
"{47C34667-68A7-4272-AC87-8FE9D862F561}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4ED6E6CE-2390-41D9-BE26-834767CCEAD8}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | 
"{50457AB4-7C9B-4A3F-A155-D5346792473D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{51B6CA96-1D58-45D3-AAD9-6006ACEE37B9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5355AB16-DA90-4721-943C-41FB572FD023}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{5A323F5B-2414-432E-A7B4-FC87B8B0E88D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{5C27E424-C52F-4E9B-AFDD-72C3A4824C96}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5C388080-8CAD-43E5-AA18-91A24E3C772B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D590DD0-0D87-43DD-9A65-FAFAE70133C3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5E7AF9A9-2237-4566-BBE5-68E88058DF34}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{600B1A08-C5EB-40AB-B535-58C330F35292}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62791FA1-91C4-467B-BB13-0B44AF39A963}" = protocol=17 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{650ADC52-D86E-4BBD-9E1F-81A609960204}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{699583BF-AB66-49C8-A075-A8A8591B2993}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{6BBAADB6-C479-4D01-A8C2-A651FFD4FFBD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6C2DDEA7-9CCB-40AE-B472-AB04000AB29E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{6D459283-B86A-4FC8-9361-F234D0793EFE}" = dir=in | app=d:\itunes\itunes.exe | 
"{6E706643-3FD5-4C97-9EBF-30BEAD7DDFC1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{7137A373-A212-491B-9D49-7ED70A27706A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{7465CE64-2CE4-4ED8-8BC6-104ABDC2FDC4}" = protocol=17 | dir=in | app=d:\dragon age\daoriginslauncher.exe | 
"{78D863D9-597D-4054-BD2E-81068BC6EA61}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{79C9D7A5-3AA0-4710-A2D6-0B2A6CA22388}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7AFF2ACE-A84C-48D0-9847-F029D03D3850}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{7C383153-0C59-4A9A-AD79-C9531B5F6C3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7DDC6B1C-5D2E-40D3-A5D4-19D09868B2CB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7E4D32E1-826B-4323-AFE4-73E3A6F40398}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7FA33CAE-2EEA-4C6E-AAA0-F83D442F9765}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{830FB5BB-5599-4F56-9974-71B480CEFCC8}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{8CB1B1B4-E2D9-46C0-B1CB-C8B340694B75}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{911EBF2B-C154-457D-AB98-16AC2EF14F3F}" = protocol=17 | dir=in | app=d:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"{914DCC15-834D-4581-977F-5552FC05C054}" = protocol=6 | dir=in | app=d:\league of legends\air\lolclient.exe | 
"{9299C433-E99C-4F53-9C6E-1C7B80D8C3EC}" = protocol=6 | dir=in | app=d:\battlefield bad company 2\bfbc2updater.exe | 
"{940C9CAC-65BF-4964-B52E-7ADEC7B33110}" = protocol=6 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe | 
"{94E759D7-5812-4F71-AC76-247A0657F67D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9599A406-3AF7-4BA8-992D-E3B9BB4C2B48}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{9B1B4F79-591A-401C-B229-FD27EF2BD6C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9B64B8AC-1303-47F1-A48F-342D60603FDD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9C0D776B-3F98-4276-B741-749C9CFF6AB3}" = protocol=17 | dir=in | app=d:\diablo iii beta\diablo iii.exe | 
"{9D7EFFFA-08CC-4F2C-9BA1-207E6B4FFB93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E7BDD82-F30E-4A7F-8CB5-D0694C53918D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{9EF2B9AC-8504-40D1-AE6B-D8950A926851}" = protocol=6 | dir=in | app=d:\dragon age\daoriginslauncher.exe | 
"{A03E075B-9A52-4C7B-8FCC-9FBFF0D29A7B}" = protocol=17 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe | 
"{A3C4F899-083F-4114-95C3-9AE2E6F2DC68}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{A4FD3C96-D1DD-4902-AB7B-3F94A184AEDA}" = protocol=17 | dir=in | app=d:\mass effect\masseffectlauncher.exe | 
"{AC22D08F-C02A-486C-BF9C-11E120C9D80D}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{AE7120C9-8BC0-488F-9C4C-53FFBEBF140C}" = protocol=6 | dir=in | app=d:\star wars-the old republic\swtor\retailclient\swtor.exe | 
"{B0BA0244-332D-4614-810F-64852CD62C3C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{B0BC6CCA-CBB5-4CA4-8B84-D5393528DD1B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{B1B3216D-5A49-4D5A-866B-54102E375C86}" = protocol=6 | dir=in | app=d:\gta episodes from liberty city\eflc\launcheflc.exe | 
"{B1EDDFB5-683E-4369-BDA5-9791122CF82B}" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.exe | 
"{B2688685-75E7-4483-8335-192768084851}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{B27549AC-0A9C-49BA-B1F3-957AC1D18711}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{B45B006B-0ED1-4947-A285-ACE93B014B73}" = protocol=17 | dir=in | app=d:\league of legends\game\league of legends.exe | 
"{B463993C-05F6-4163-8999-2E0973EF9DBA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BA391E6C-52C5-46DC-8334-0940255E85F0}" = protocol=17 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 
"{BED9A562-809F-4040-A926-53A6A1C1B039}" = protocol=6 | dir=out | app=system | 
"{C107EB16-375F-4260-88B0-31A1DC690A59}" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.exe | 
"{C20354D6-ED93-4BFE-9080-F28148C63929}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{C24D7484-DA8A-4127-9ED5-25FB7935CA80}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{C9CADF55-3B08-493D-AC12-8ADDE9E0C3BB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{CA365B20-C05A-479A-B56B-5DC46ADC9732}" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.patch.exe | 
"{CD9E1B56-8536-447C-BEAD-5DFD1DE316E1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{CDCD0D3C-C26E-493D-8136-FE6158C36C72}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\star trek online\star trek online.exe | 
"{D1BE8E84-B7E7-4C3F-AC29-2A33B552EE8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D4487E64-FDA5-4301-A0CE-67A00EF3685F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5728299-9CBD-4883-9206-5FD3B1735879}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{D61A37B8-29D7-4E86-99F9-25CFB83AF0DD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D6780D63-17CF-4539-84F7-EAB0A43DD63F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D6AC9B92-B7C1-4D0B-9848-5317D9998823}" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.exe | 
"{D8338432-1AFA-4523-A771-1C789B9A2602}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D86C5DF9-0146-4113-A744-A04650A11B98}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{DA8B6358-8B27-4880-A37F-1F8786E18A18}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DB3B6B71-ABDF-423A-9196-417D93DE77BF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\star trek online\star trek online.exe | 
"{DD6374B3-77AB-48B1-BCC1-1E09B448AA86}" = protocol=17 | dir=in | app=d:\battlefield bad company 2\bfbc2updater.exe | 
"{DDC5B810-324F-4286-BAF9-050D25A7DACE}" = protocol=6 | dir=in | app=d:\veetle\player\veetlenet.exe | 
"{DE5DC9FF-9D42-4720-9935-300E8A0CEE06}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E2554300-D05F-4DA7-B526-B3D689B2A718}" = protocol=6 | dir=in | app=d:\mass effect\binaries\masseffect.exe | 
"{E262C753-1D5A-4D92-95A1-6988B6EC37F2}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{E42ADC9D-2B26-4667-8E60-188E88B6A65F}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{E46AD9D9-752D-4B7E-9CB9-CA5BEF8C959A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E49336DB-AAF7-4C37-BCF6-77535A847486}" = protocol=6 | dir=in | app=d:\diablo iii beta\diablo iii.exe | 
"{EBB7F1F6-9DDC-470D-957E-4444DB0BD488}" = protocol=17 | dir=in | app=d:\league of legends\air\lolclient.exe | 
"{EBF7FBF3-08A2-45FF-ADFA-97C52C1ED2ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{ED38AA3E-DB0C-4D23-973A-430DA177C74C}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{ED46F7E9-D66D-4656-A8F5-C1FEFC084344}" = protocol=6 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 
"{F388F008-2AE1-42EC-9923-5D5E9AF361F6}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{F3DBB4CD-098C-461C-82D6-24689406CBEF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{F4121930-7ACF-42A9-A563-5E1DE9DD779E}" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.exe | 
"{F65DC79C-00C0-4405-B123-74A0FDEADFC3}" = protocol=17 | dir=in | app=d:\gta episodes from liberty city\eflc\launcheflc.exe | 
"{F77CE72C-25FF-4788-B3D8-0E24D0ACBD29}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | 
"{F8DE48C4-0B31-4FCA-AF19-174311F7415B}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{F96F5545-9E97-4D24-B45F-ACD1175C19BD}" = protocol=6 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe | 
"{FA001D81-32B8-4C5B-87B9-6A1E18C56839}" = protocol=17 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe | 
"TCP Query User{02D802CA-D4F0-4D73-BC19-8D6B9673DE0C}D:\miranda\miranda32.exe" = protocol=6 | dir=in | app=d:\miranda\miranda32.exe | 
"TCP Query User{175F0CC2-B6FA-465E-A4EC-F5FDCF4D544F}H:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{2B8F17ED-36AC-471C-9174-3D48BC9FA627}H:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{7B5CE8F4-65B1-4D31-8129-083C244893FC}H:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.patch.exe | 
"TCP Query User{7D29F2EB-86AF-469F-B724-758773D285ED}D:\gta episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\gta episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{8829F7DD-4464-4FF8-9D0E-C4B87AABAFF6}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{8C8EFAF8-38D3-416A-A3D5-A2A048697ADA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{8EC935D6-C0CA-4918-810C-5BBFAA02EBAB}D:\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\xfire\xfire.exe | 
"TCP Query User{9E3D1C1B-DA1F-40EC-99FB-373E04FA39F5}D:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{AAB070B2-ED66-428D-B99F-4AE22F3084A2}D:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=d:\league of legends\lol.launcher.exe | 
"TCP Query User{AC5D7DE6-B8AF-485C-9627-A26F261CA9E4}D:\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\the witcher 2\bin\witcher2.exe | 
"TCP Query User{B31F5B6C-24BE-4B8A-8F3A-A3590FC3AAB2}D:\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\dc universe\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{B7043927-D18D-4666-8A09-5FFB43A24075}D:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{B78DB930-3DAD-45D3-BE44-D1898168150F}H:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{DA4C664E-EE1D-4A0C-BAE2-BDCC109811F9}D:\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\xfire\xfire.exe | 
"TCP Query User{DA97B1CE-1EB4-4389-BBCA-507295962653}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe | 
"TCP Query User{E98FCE74-44E8-40E7-9416-BC1315E4BC85}D:\firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\firefox\plugin-container.exe | 
"TCP Query User{EBE2C4B2-6586-4144-B2FF-097FB937E4A3}D:\gta episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\gta episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{F90A4A56-9BC7-4644-8764-BB0699F4E290}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0660C8A9-8A9E-42BB-9DC9-C021DBB9D1FE}D:\firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\firefox\plugin-container.exe | 
"UDP Query User{11F74080-72F7-4846-B8DC-3E7353AC1BD7}D:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{140DD4B6-0823-4891-A21E-158BDB6A6C96}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{19A5550A-A49B-43D2-8326-E9AC731806DF}H:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{35C0BC8B-5D89-4BC8-A93A-CA45A90D72EF}H:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.patch.exe | 
"UDP Query User{39187E47-AFC6-4B32-A9D2-5AC6B9789AEC}H:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{40231BA6-FD1A-4068-978B-750E1A122BF3}D:\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\the witcher 2\bin\witcher2.exe | 
"UDP Query User{44114A35-0EE7-4CB8-B96A-1DFD3ED4520E}D:\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\xfire\xfire.exe | 
"UDP Query User{4A9FD5EA-CF51-45BF-B9BF-8837A4EE5AD7}D:\gta episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\gta episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{6AD1321A-1256-47C9-9AFC-477D9DBFB4F8}D:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=d:\league of legends\lol.launcher.exe | 
"UDP Query User{79EA56AC-DCFD-4553-A065-FE133D79DE95}D:\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\xfire\xfire.exe | 
"UDP Query User{87789EEE-C92F-4E17-8B12-8E5E64101D17}D:\gta episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\gta episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{91EDE294-20A4-4F09-ABAB-8FCBC8D4B456}H:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{9F137B9F-EA2D-45D1-A953-3F29679E5D2E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{A22003B0-196C-4815-9511-20518C145B49}D:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{A7516CBD-8E42-41C4-9466-1DF069021CF2}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe | 
"UDP Query User{ADCFBDF7-8895-4437-A160-E121ED5CBCB5}D:\miranda\miranda32.exe" = protocol=17 | dir=in | app=d:\miranda\miranda32.exe | 
"UDP Query User{EA52712C-DAFA-433F-BD3F-0501F4C99849}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{FCE2AECD-240B-42C4-AAC0-E15FF4ABF3D5}D:\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\dc universe\unreal3\binaries\win32\dcgame.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.1.3.1
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"1489-3350-5074-6281" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"dcmsvc_is1" = dcmsvc 1.0
"Diablo III" = Diablo III
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX-Setup
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition
"Erazer Control Center_is1" = Erazer Control Center
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.60
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.6.221
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"League of Legends_is1" = League of Legends
"Miranda IM" = Miranda IM 0.9.30
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 22380" = Fallout: New Vegas
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 91310" = Dead Island
"Steam App 9900" = Star Trek Online
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Veetle TV" = Veetle TV
"Warcraft III" = Warcraft III
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/20/2012 10:17:14 AM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00367ca9  ID des fehlerhaften Prozesses: 0xf0c  Startzeit der fehlerhaften Anwendung:
 0x01cd7ed2af8a9f3c  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 bcdbfda6-ead1-11e1-a2ec-6c626d461cd0
 
Error - 8/20/2012 10:35:44 AM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/20/2012 10:38:35 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 8/20/2012 10:38:35 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 8/20/2012 10:38:35 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 8/20/2012 10:41:50 AM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/20/2012 10:45:26 AM | Computer Name = Tom-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/20/2012 10:47:59 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 8/20/2012 10:47:59 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 8/20/2012 10:47:59 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 8/20/2012 10:40:29 AM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 8/20/2012 10:41:22 AM | Computer Name = Tom-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 8/20/2012 10:41:23 AM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Upgrade Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 8/20/2012 10:43:33 AM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1068
 
Error - 8/20/2012 10:43:33 AM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avipbb  avkmgr  discache  spldr  Wanarpv6
 
Error - 8/20/2012 10:43:38 AM | Computer Name = Tom-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 8/20/2012 10:43:43 AM | Computer Name = Tom-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 8/20/2012 10:43:44 AM | Computer Name = Tom-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 8/20/2012 10:43:45 AM | Computer Name = Tom-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 8/20/2012 10:50:02 AM | Computer Name = Tom-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
         


Ich hoffe ich habe alles richtig gemacht, und warte sehnlichst auf Hilfe.

Vielen Dank im Voraus!

Geändert von dawnflame (20.08.2012 um 16:07 Uhr)

Alt 20.08.2012, 17:57   #2
t'john
/// Helfer-Team
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=1586&gct=hp 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\SearchScopes,DefaultScope = {88D66088-9AA2-4E51-BBC2-531DC80741EF} 
IE - HKCU\..\SearchScopes\{2D5266FA-E190-4503-BD4A-7CDF772455DF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=BB04F0DD-7321-4569-9488-C78E7AA763CE&apn_sauid=D92E8379-47E0-419E-955F-1C0133D63077 
IE - HKCU\..\SearchScopes\{88D66088-9AA2-4E51-BBC2-531DC80741EF}: "URL" = http://findgala.com/?&uid=3127&q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" 
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found 
CHR - default_search_provider: facemoods (Enabled) 
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 
CHR - homepage: http://start.facemoods.com/?a=ddrnw 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKCU..\Run: [yfmolxdvcmepvkj] C:\ProgramData\yfmolxdv.exe () 
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found 
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found 
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) 
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) 
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) 
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2010/03/15 18:17:45 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ] 
O33 - MountPoints2\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/03/23 17:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) 

[2012/08/20 16:23:35 | 000,057,344 | ---- | M] () -- C:\ProgramData\yfmolxdv.exe 
[2012/08/20 16:23:35 | 000,057,344 | ---- | M] () -- C:\Users\Tom\0.13143651877043583.exe 

 
[2012/08/20 16:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\nasuzozvcxleiog 
[2012/08/20 16:23:40 | 000,000,051 | ---- | M] () -- C:\ProgramData\iwwzcpxiiimzhbw 

[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 20.08.2012, 18:57   #3
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D5266FA-E190-4503-BD4A-7CDF772455DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D5266FA-E190-4503-BD4A-7CDF772455DF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88D66088-9AA2-4E51-BBC2-531DC80741EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D66088-9AA2-4E51-BBC2-531DC80741EF}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://start.facemoods.com/?a=ddrnw" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4\ deleted successfully.
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yfmolxdvcmepvkj deleted successfully.
C:\ProgramData\yfmolxdv.exe moved successfully.
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f5cf826-8b34-11e0-9189-806e6f6e6963}\ not found.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
File C:\ProgramData\yfmolxdv.exe not found.
C:\Users\Tom\0.13143651877043583.exe moved successfully.
C:\ProgramData\nasuzozvcxleiog folder moved successfully.
C:\ProgramData\iwwzcpxiiimzhbw moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Tom\Desktop\cmd.bat deleted successfully.
C:\Users\Tom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Carina
->Temp folder emptied: 343623055 bytes
->Temporary Internet Files folder emptied: 22748835 bytes
->Java cache emptied: 1530542 bytes
->FireFox cache emptied: 342867350 bytes
->Flash cache emptied: 61087 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 993812 bytes
->Temporary Internet Files folder emptied: 9229865 bytes
->Java cache emptied: 3567859 bytes
->FireFox cache emptied: 343486831 bytes
->Google Chrome cache emptied: 21656237 bytes
->Flash cache emptied: 188007 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52314 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,040.00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08202012_195135

Files\Folders moved on Reboot...
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\Autorun.exe scheduled to be moved on reboot.
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Hat funktioniert Vielen, vielen Dank für die kompetente, und schnelle Hilfe!
__________________

Alt 20.08.2012, 22:22   #4
t'john
/// Helfer-Team
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 13:27   #5
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tom :: TOM-PC [Administrator]

21.08.2012 13:40:38
mbam-log-2012-08-21 (13-40-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 482347
Laufzeit: 39 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/21/2012 at 14:26:10
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tom - TOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Tom\AppData\Local\APN
Folder Found : C:\Users\Tom\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Tom\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Tom\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Carina\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\extensions\toolbar@ask.com
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\ProgramData\Partner
File Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\prefs.js

Found : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "31");

Profile name : default 
File : C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\3igot4kv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :       "icon_url": "hxxp://facemoods.com/favicon.ico",
Found :       "keyword": "facemoods.com",
Found :       "name": "facemoods",
Found :       "search_url": "hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4",
Found :    "homepage": "hxxp://start.facemoods.com/?a=ddrnw",

*************************

AdwCleaner[R1].txt - [5298 octets] - [21/08/2012 14:26:10]

########## EOF - C:\AdwCleaner[R1].txt - [5426 octets] ##########
         

Der Rechner rennt wieder exakt so wie vorher


Alt 21.08.2012, 14:57   #6
t'john
/// Helfer-Team
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> ihr computer wurde durch das system der automatischen informationskontrolle gesperrt

Alt 21.08.2012, 16:49   #7
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/21/2012 at 16:57:17
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tom - TOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Tom\AppData\Local\APN
Folder Deleted : C:\Users\Tom\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Tom\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Tom\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Carina\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\extensions\toolbar@ask.com
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\zappub05.default\prefs.js

Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "31");

Profile name : default 
File : C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\3igot4kv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "icon_url": "hxxp://facemoods.com/favicon.ico",
Deleted :       "keyword": "facemoods.com",
Deleted :       "name": "facemoods",
Deleted :       "search_url": "hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4",
Deleted :    "homepage": "hxxp://start.facemoods.com/?a=ddrnw",

*************************

AdwCleaner[R1].txt - [5391 octets] - [21/08/2012 14:26:10]
AdwCleaner[R2].txt - [5451 octets] - [21/08/2012 16:57:09]
AdwCleaner[S1].txt - [4275 octets] - [21/08/2012 16:57:17]

########## EOF - C:\AdwCleaner[S1].txt - [4403 octets] ##########
         

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 8/21/2012 5:06:30 PM

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	8/21/2012 5:06:42 PM

C:\_OTL\MovedFiles\08202012_195135\C_ProgramData\yfmolxdv.exe 	gefunden: Trojan.Win32.Weelsof!E2
C:\_OTL\MovedFiles\08202012_195135\C_Users\Tom\0.13143651877043583.exe 	gefunden: Trojan.Win32.Weelsof!E2

Gescannt	720440
Gefunden	2

Scan Ende:	8/21/2012 5:48:42 PM
Scan Zeit:	0:42:00

C:\_OTL\MovedFiles\08202012_195135\C_ProgramData\yfmolxdv.exe	Quarantäne Trojan.Win32.Weelsof!E2
C:\_OTL\MovedFiles\08202012_195135\C_Users\Tom\0.13143651877043583.exe	Quarantäne Trojan.Win32.Weelsof!E2

Quarantäne	2
         

Alt 21.08.2012, 17:42   #8
t'john
/// Helfer-Team
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 21:14   #9
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fe849fea4cc1f34ab93f99a65093005f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-21 08:12:49
# local_time=2012-08-21 10:12:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 37159950 97204313 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=312418
# found=1
# cleaned=1
# scan_time=5505
C:\_OTL\MovedFiles\08202012_195135\C_ProgramData\nasuzozvcxleiog\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 22.08.2012, 00:00   #10
t'john
/// Helfer-Team
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.08.2012, 14:33   #11
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 14.0.1 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java (1,7,0,6) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.

Alt 22.08.2012, 17:46   #12
t'john
/// Helfer-Team
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.08.2012, 17:11   #13
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Ich habe die Registry jetzt mehrmals bearbeitet, aber ein Fehler taucht immer und immer wieder auf.

Folgender:

Ungenutzte Datei-Endungen {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

Alt 24.08.2012, 17:54   #14
t'john
/// Helfer-Team
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Das ist OK, der gehoert zu Avira.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.08.2012, 06:37   #15
dawnflame
 
ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Standard

ihr computer wurde durch das system der automatischen informationskontrolle gesperrt



Ok, dann noch mal vielen Dank für die umfassende und kompetente Hilfe

Antwort

Themen zu ihr computer wurde durch das system der automatischen informationskontrolle gesperrt
antivir, audacity, automatischen informationskontrolle, avira, battle.net, bho, bonjour, clipgrab, computer, converter, error, firefox, flash player, format, grand theft auto, home, install.exe, jdownloader, launch, league of legends, logfile, microsoft office starter 2010, mozilla, mp3, msvcrt, realtek, registry, rundll, safer networking, scan, security, software, svchost.exe, system, teamspeak, trojaner, usb 3.0, windows



Ähnliche Themen: ihr computer wurde durch das system der automatischen informationskontrolle gesperrt


  1. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 17.10.2012 (9)
  2. Ihr Computer wurde durch das system der automatischen Informationskontrolle gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (13)
  3. Trojaner :Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 05.10.2012 (1)
  4. Trojaner: "ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  5. Virus: Durch automatischen Informationskontrolle wurde Ihr Computer gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (4)
  6. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  7. computer wurde durch das system der automatischen informationskontrolle gesperrt
    Log-Analyse und Auswertung - 28.09.2012 (1)
  8. Folgende Fehlermeldung legt meinen LapTop lahm: "ihr computer wurde durch das system der automatischen informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 28.09.2012 (32)
  9. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 24.09.2012 (3)
  10. "Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 19.09.2012 (1)
  11. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 30.08.2012 (17)
  12. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 18.08.2012 (8)
  13. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 16.08.2012 (20)
  14. Virus: Durch das System der automatischen Informationskontrolle wurde Ihr Computer gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (4)
  15. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt - Trojaner?!!
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (2)
  16. Ihr Computer wurde durh das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 20.06.2012 (5)
  17. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt - Bundespolizei
    Log-Analyse und Auswertung - 15.06.2012 (1)

Zum Thema ihr computer wurde durch das system der automatischen informationskontrolle gesperrt - Ich hab mir, wie scheinbar einige andere, den im Titel beschriebenen Trojaner eingefangen. Hier meine Logs Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 8/20/2012 4:48:40 PM - Run - ihr computer wurde durch das system der automatischen informationskontrolle gesperrt...
Archiv
Du betrachtest: ihr computer wurde durch das system der automatischen informationskontrolle gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.