Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Weißer Bildschirm"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.09.2012, 15:45   #1
sharpe
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Hallo Leute,

ich habe mir diesen "Weißer Bildschirm" Plagegeist eingefangen. Ich war auf Google und habe mir Bilder über Japanische Tätowierungen angeschaut. Ein Bilder Link muss mich dann zu einer infizierten Seite geschickt haben. Die Yakuza lässt sich auch immer was neues einfallen Nun Ja. Jedenfalls startete der Rechner von selbst neu und es war nach der Anmeldung nur noch dieser weiße Bildschirm zu sehen. Ich hab dann die Internetverbindung gekappt und mich mit meinem MACBOOK auf Lösungssuche begeben.

Nun bin ich hier.
Ich hab den Rechner im Abgesicherten Modus mit Eingabeaufforderung starten können und habe das OTL Programm laufen lassen. Das sind die Ergebnisse.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 01.09.2012 16:18:03 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Daniel\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,00% Memory free
8,00 Gb Paging File | 7,34 Gb Available in Paging File | 91,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 2,68 Gb Free Space | 3,43% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1133,77 Gb Free Space | 60,86% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 126,99 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
Drive F: | 118,21 Gb Total Space | 2,37 Gb Free Space | 2,01% Space Free | Partition Type: NTFS
Drive G: | 214,74 Gb Total Space | 64,36 Gb Free Space | 29,97% Space Free | Partition Type: FAT32
Drive H: | 4,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BEATRICE | User Name: Daniel | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.01 15:57:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.03 16:06:39 | 000,582,144 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV:64bit: - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.29 15:43:12 | 000,545,792 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2008.11.06 13:37:22 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite (Testversion) 2012\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2012.09.01 12:44:29 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.25 08:37:23 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.22 09:49:50 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () [Auto | Stopped] -- E:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.12 18:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.04.28 20:54:03 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.08.28 00:00:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.20 10:03:41 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.03.11 11:51:06 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2010.03.11 11:50:40 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009.11.11 16:47:18 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.08.20 19:00:10 | 000,664,576 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite (Testversion) 2012\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 18:00:32 | 000,025,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009.05.28 17:47:38 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2007.12.12 14:11:06 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV:64bit: - [2006.12.08 08:06:34 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2005.08.03 18:37:58 | 000,676,864 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2005.08.03 18:37:56 | 000,695,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2005.08.03 18:37:56 | 000,208,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2005.08.03 18:37:54 | 000,356,864 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2005.08.03 18:37:54 | 000,151,552 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2005.08.03 18:37:52 | 000,316,928 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2005.08.03 18:37:52 | 000,169,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2010.10.22 11:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 11:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.12.30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=16596&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 97 DC 93 23 2C CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF-DL&o=16596&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=1A&apn_dtid=YYYYYYYYDE&apn_uid=673C7292-BB48-4FC1-8DEE-BEA571691BD1&apn_sauid=AEEB6F18-577A-4C4F-9553-8C845C04C4C5&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.01 12:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.29 10:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.09.13 21:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.16 17:19:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.29 10:04:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.01 12:44:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.29 10:04:45 | 000,000,000 | ---D | M]
 
[2010.08.15 22:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2010.02.08 22:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.15 22:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010.01.02 23:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\celtx@celtx.com
[2012.07.15 20:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions
[2011.08.23 16:42:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.15 20:02:52 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\ich@maltegoetz.de
[2012.05.30 17:55:37 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com
[2011.06.15 11:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Sunbird\Profiles\hjc8mnyt.default\extensions
[2010.08.15 22:26:51 | 000,000,000 | ---D | M] ("Automatic Export") -- C:\Users\Daniel\AppData\Roaming\mozilla\Sunbird\Profiles\hjc8mnyt.default\extensions\{A79E82DD-9CE6-87C7-0006-87D0FD2FCD42}
[2012.06.24 14:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.18 17:46:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.10.10 12:32:16 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010.10.10 12:32:16 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010.10.10 12:32:16 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010.10.10 12:32:16 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010.10.10 12:32:16 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010.10.10 12:32:16 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010.10.10 12:32:16 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2012.09.01 12:44:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.22 15:39:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.07 19:08:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 12:44:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.07 19:08:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.12 22:08:08 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.07.07 19:08:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.07 19:08:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.07 19:08:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Daniel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Daniel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AsioReg] C:\Windows\SysNative\CTASIO.DLL (Creative Technology Ltd)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1 File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [rfxsrvtray] E:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = C:\Users\Daniel\AppData\Roaming\1.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8:64bit: - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.12.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D8EF790-B444-4F03-AE9A-C356ECBF2A7F}: DhcpNameServer = 192.168.12.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A9FCF8-A0B6-4BF1-91B0-4134040BFA28}: DhcpNameServer = 192.168.57.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C39342A-D344-40FF-9B53-9C261C2E1AAC}: DhcpNameServer = 192.168.57.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E20B210-D2AD-41B6-88FD-AF64FFBADE5D}: DhcpNameServer = 192.168.57.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D2440B8-D8B3-4AB4-AE09-F446635AA74C}: DhcpNameServer = 192.168.57.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AC4E94-1C0E-4041-AB1C-ADA7C589C4BD}: DhcpNameServer = 192.168.57.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Daniel\AppData\Roaming\1.exe) - C:\Users\Daniel\AppData\Roaming\1.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.31 15:58:42 | 000,000,044 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{f13b223d-933a-11de-af63-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f13b223d-933a-11de-af63-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2010.05.11 15:49:56 | 000,345,896 | R--- | M] (Valve Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 15:58:09 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012.08.29 10:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 64-bit fixes
[2012.08.29 10:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Reader 64-bit fixes
[2012.08.29 10:04:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.21 19:34:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Artisteer Templates
[2012.08.21 19:33:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Artisteer
[2012.08.21 19:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2012.08.20 15:38:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Sniper - Ghost Warrior
[2012.08.20 15:00:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.08.20 14:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.08.20 14:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.08.15 15:22:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 15:22:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 15:22:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 15:22:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 15:22:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 15:22:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 15:22:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 15:22:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 15:22:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 15:22:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 15:22:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 15:22:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 15:22:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 11:14:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 11:14:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 11:14:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 11:14:17 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.01 16:19:48 | 006,553,600 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT
[2012.09.01 15:58:58 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.01 15:58:58 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.01 15:58:58 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.01 15:58:58 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.01 15:58:58 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.01 15:57:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012.09.01 15:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.01 15:47:33 | 3220,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.01 15:34:26 | 000,000,258 | ---- | M] () -- C:\Windows\win.ini
[2012.09.01 15:34:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.01 15:34:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.09.01 15:30:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.01 14:56:23 | 000,009,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 14:56:23 | 000,009,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 14:44:54 | 005,986,642 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2012.09.01 14:44:47 | 000,000,650 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.09.01 14:44:42 | 000,391,533 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\1.exe
[2012.09.01 14:37:21 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.01 14:36:20 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3753493768-2596447732-2270907031-1000UA.job
[2012.08.31 20:23:21 | 001,343,148 | ---- | M] () -- C:\Users\Daniel\Desktop\IOGraphica - 1.2 hours (from 19-05 to 20-23).png
[2012.08.30 18:39:04 | 000,000,218 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel
[2012.08.25 23:36:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3753493768-2596447732-2270907031-1000Core.job
[2012.08.22 09:49:50 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.22 09:49:50 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.21 12:08:37 | 000,005,619 | ---- | M] () -- C:\Windows\SysWow64\Utility.xml
[2012.08.19 14:43:22 | 005,085,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.01 14:44:47 | 000,000,650 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012.09.01 14:44:42 | 000,391,533 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\1.exe
[2012.08.31 20:23:18 | 001,343,148 | ---- | C] () -- C:\Users\Daniel\Desktop\IOGraphica - 1.2 hours (from 19-05 to 20-23).png
[2012.08.30 18:39:04 | 000,000,218 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2012.08.29 10:04:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.18 17:39:11 | 000,000,165 | ---- | C] () -- C:\Windows\wiso.ini
[2012.01.14 13:11:41 | 000,001,657 | ---- | C] () -- C:\Users\Daniel\Giarre Kopi.2012_01_14_12_11_41.0
[2012.01.11 20:36:24 | 000,844,288 | ---- | C] () -- C:\Windows\RmTablet.exe
[2011.11.25 11:32:39 | 011,272,192 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Sandra.mdb
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.03 12:58:47 | 000,000,337 | ---- | C] () -- C:\Windows\ATB_Prec.Ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.23 15:19:21 | 000,000,040 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\cdr.ini
[2011.09.09 14:22:06 | 000,026,946 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\OFMissionEditorConfig.xml
[2011.07.28 23:15:45 | 000,003,072 | -H-- | C] () -- C:\Users\Daniel\photothumb.db
[2011.07.02 10:13:07 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011.03.20 10:04:21 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2011.03.20 10:04:21 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2010.12.24 13:26:01 | 000,003,741 | ---- | C] () -- C:\Users\Daniel\Neues Dokument 2.2010_12_24_12_26_01.0
[2010.08.23 19:59:38 | 000,000,355 | ---- | C] () -- C:\Users\Daniel\Computer - Verknüpfung.lnk
[2010.06.27 21:59:32 | 000,047,374 | ---- | C] () -- C:\Users\Daniel\Finnland_liniie.png
[2010.06.27 21:59:19 | 000,047,374 | ---- | C] () -- C:\Users\Daniel\Finnland.png
[2010.06.27 21:39:24 | 000,358,593 | ---- | C] () -- C:\Users\Daniel\patheuropa.png
[2010.02.22 21:37:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\EF6753E0D4.sys
[2010.02.22 21:37:54 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.19 17:09:20 | 000,007,602 | ---- | C] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg
[2009.10.03 18:42:55 | 000,011,264 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.14 20:16:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.12 18:14:59 | 005,986,642 | -H-- | C] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2009.09.12 18:12:15 | 000,415,592 | ---- | C] () -- C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.09.12 17:59:37 | 000,000,020 | -HS- | C] () -- C:\Users\Daniel\ntuser.ini
[2009.09.12 17:19:06 | 006,553,600 | -HS- | C] () -- C:\Users\Daniel\NTUSER.DAT
[2009.09.12 17:19:06 | 000,524,288 | -HS- | C] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.09.12 17:19:06 | 000,524,288 | -HS- | C] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.09.12 17:19:06 | 000,065,536 | -HS- | C] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
 
========== LOP Check ==========
 
[2011.10.14 23:42:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.kde
[2011.08.28 13:47:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Amazon
[2012.08.21 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Artisteer
[2011.08.11 03:39:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus
[2012.03.14 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bioshock
[2012.07.10 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bioshock2
[2012.04.15 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Buhl Data Service
[2010.12.27 13:42:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canneverbe Limited
[2011.07.19 22:14:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\de.txptr.googleplus
[2009.09.12 17:39:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DeepBurner Pro
[2012.09.01 13:55:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox
[2012.02.12 21:24:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft
[2011.08.07 09:25:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.02 11:11:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\EAC
[2010.11.28 15:39:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileZilla
[2010.01.02 23:05:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Greyfirst
[2012.08.30 18:37:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2010.10.12 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Gutscheinmieze
[2011.12.19 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\HTC
[2011.03.16 21:36:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009.09.12 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2009.09.12 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Inkscape
[2011.10.27 22:55:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2011.10.15 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenCandy
[2009.09.12 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2009.09.12 17:40:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Opera
[2011.02.13 20:05:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Participatory Culture Foundation
[2011.10.12 14:26:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PCF-VLC
[2011.10.12 17:07:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\pdfforge
[2011.04.27 16:38:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\phonostar GmbH
[2011.07.28 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PhotoScape
[2009.09.17 14:18:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2010.06.30 12:45:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Scribus
[2009.09.12 17:40:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Sony
[2010.02.05 19:23:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Stereoscopic Player
[2010.02.08 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2011.07.02 10:13:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tobit
[2009.09.17 12:28:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Trillian
[2012.08.12 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TV-Browser
[2010.01.30 14:49:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Wargaming.Net
[2010.07.18 12:36:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Wireshark
[2011.08.11 00:46:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Xi
[2012.05.09 18:42:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 01.09.2012 16:18:03 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Daniel\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,00% Memory free
8,00 Gb Paging File | 7,34 Gb Available in Paging File | 91,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 2,68 Gb Free Space | 3,43% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1133,77 Gb Free Space | 60,86% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 126,99 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
Drive F: | 118,21 Gb Total Space | 2,37 Gb Free Space | 2,01% Space Free | Partition Type: NTFS
Drive G: | 214,74 Gb Total Space | 64,36 Gb Free Space | 29,97% Space Free | Partition Type: FAT32
Drive H: | 4,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BEATRICE | User Name: Daniel | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Users\Daniel\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\Users\Daniel\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe ()
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\Daniel\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\Daniel\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074AD529-098D-4B7B-8A9A-6E3D0FD3AE91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1259A347-0EE6-4883-B1DB-26239166B59F}" = lport=5375 | protocol=6 | dir=in | name=jaxer | 
"{172D3076-BB54-435C-859A-44BC6514F6A6}" = lport=8081 | protocol=6 | dir=in | name=apache | 
"{175D2F83-29AC-487E-B495-6EA8BD4E801D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite (testversion) 2012\rpcagentsrv.exe | 
"{1C7B05B0-5E92-4ABC-BF00-3239C4EDA172}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2749F954-E5AD-48AC-B824-2606C25C591C}" = lport=5377 | protocol=6 | dir=in | name=jaxer | 
"{2A52BDB6-D376-4BFE-8446-B312C908DFD3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2A7D63CC-5A53-4DA4-A88F-F9454A68A7BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3AE6EF3F-0E5B-418C-8C35-59C6CF3D5633}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3BF3FB88-5A5F-4DB7-9BA2-4E49130C662F}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{43B00DD1-484E-436E-9D30-E5F1A1E3C9D6}" = lport=5370 | protocol=6 | dir=in | name=jaxer | 
"{481494AB-FB84-42EE-A042-B2E245C7C90F}" = lport=5379 | protocol=6 | dir=in | name=jaxer | 
"{48AE86A5-658E-4C3D-A2C5-6436339B57AF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite (testversion) 2012\wnt500x64\rpcsandrasrv.exe | 
"{49255277-D033-4B09-956A-AD5AB86CA478}" = lport=5371 | protocol=6 | dir=in | name=jaxer | 
"{4D1F8253-E1E2-4256-B158-1168849E30A2}" = lport=5374 | protocol=6 | dir=in | name=jaxer | 
"{6D4AA323-AEE2-4385-B5C5-59677FC3445B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74E54009-08EE-40D9-A1C6-C5E32A390B96}" = lport=5381 | protocol=6 | dir=in | name=jaxer | 
"{81D1B60B-1201-473E-9660-531AD60BA291}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D0F6BDC-3E39-4674-98FD-76999E45B7DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BEB521F4-B41F-42DB-B191-BE1336BD0F14}" = lport=5380 | protocol=6 | dir=in | name=jaxer | 
"{CBE2A8FF-15C7-4DEA-B279-C9C1ABF94A05}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{CE9B2C61-8F39-4811-8243-A9F272A4C8BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3FEE82D-A91F-4E4F-8ACD-B2DBC2D03F29}" = lport=5383 | protocol=6 | dir=in | name=jaxer | 
"{E376F83D-8328-4E50-A11F-430C2D754655}" = lport=5376 | protocol=6 | dir=in | name=jaxer | 
"{E86344A4-98B9-4B30-8005-E984B1C18430}" = lport=5378 | protocol=6 | dir=in | name=jaxer | 
"{EDDC939A-6336-401E-A34F-5D243C93E845}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{F2C8F956-5182-4713-9BD1-B600487F9AF3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F93C842F-7101-4D14-B1EB-8E1855753830}" = lport=5382 | protocol=6 | dir=in | name=jaxer | 
"{FDA98629-610C-4994-8319-84730CA569DB}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B9295F-0C7E-4DE0-B0C1-2C55027DC4CC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{0C15D042-754D-4A4A-BFE4-31CCDBBDE252}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{0FD08CEC-70E0-474D-9223-01BDB84E5B37}" = protocol=6 | dir=in | app=d:\program files\bohemia interactive\arma\arma.exe | 
"{11D237C4-C879-4F9D-92A2-3EC8C30DF314}" = protocol=6 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe | 
"{130DCB55-A00A-4613-9599-0A91DC8C1C71}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{164A42C3-A8D7-4EC6-89FF-061304DF2E54}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"{1870A4B8-C955-4F76-8C6A-BBDE92A32E62}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{1CBCBC06-8456-402D-8DD1-7535CDC61916}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{227F8FE1-96BA-461A-8D50-FC357DB568C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{237B7D65-5B67-435A-B7FA-61FDF8B65B8C}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{275DCBAE-479B-465A-8B3F-E928D4287E44}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{28641EA3-8DE6-4515-9892-D93CDC0A74C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2B2E7ADD-8C16-450B-B9D7-BCA26E8249F0}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{2C177A96-6383-4222-94B1-DE911078FA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2DD2E5F6-8549-4EA6-89AE-48688A4A7091}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{31082E56-BF78-4E74-AB46-B3F11549FDB4}" = protocol=6 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe | 
"{32C03411-D723-485C-AE3C-1652E9C55579}" = protocol=6 | dir=in | app=d:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault.exe | 
"{331D401F-4F88-49D6-B464-50BB9D8AA7CE}" = protocol=6 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe | 
"{44E86163-6E06-4928-9D17-FF705FFA60D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{49854442-A8BE-4CED-8700-E7B16DE80B62}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{4AB84589-0112-447F-B3EF-039DB132632D}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{4D772118-BEDA-4C4B-9A1D-29EF1CFD0F33}" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{50F3FD40-8112-4B69-A1BB-4EA19B8BE7E2}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{560EAE4C-A8F0-4EBA-BDE8-153D2DEA9680}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5D62FB89-0225-47CB-A0D5-4E9810F70724}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{5EDEB806-58F9-48EC-9CB0-00452B3F31C6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5F979056-37DC-4FB5-9634-164C298DFEE9}" = protocol=17 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe | 
"{6886759E-D5D6-47DB-B39C-77F3628589B7}" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{6DA88BB7-1917-48D2-A1C1-25CAE447AE57}" = protocol=17 | dir=in | app=d:\program files\bohemia interactive\arma\arma.exe | 
"{7BDAD282-5626-43D8-A624-0222F13EC052}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{7D839585-01D4-4214-BAF0-574E20DA108B}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{7E2B0DE5-1868-4352-AD9B-92997DBEA86F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{837E0F7E-522A-472F-B832-42806FF767BC}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8529CCE3-41FA-4516-9875-00F79A47D302}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8596D72F-E9C2-4352-8136-6874A5390B58}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"{89961CD1-0D40-423A-8D8E-4D26009D0029}" = protocol=17 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe | 
"{8AE75A0A-6487-4800-95A1-A7769AE88925}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{8F258A10-2930-4279-97C6-2B27D2ED4D78}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{8F8C52F9-813E-4BA9-91CD-C7FD6571257F}" = protocol=17 | dir=in | app=d:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault.exe | 
"{989253E8-8F82-4407-A784-266BCC1EF70C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9C6EB5AF-FCBE-4618-84E3-DB8B60B472B3}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{9D009CE2-1FCB-43F4-813D-79A6AD41A6B6}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{9F7E85A8-AEA2-4917-BAC4-630ED10C8643}" = protocol=6 | dir=in | app=d:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault_server.exe | 
"{A1AD30D5-5C1A-427B-B61B-72F8C0084DDC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{A53BEC9E-9584-484B-9C0F-41B936E2BE9B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A9D8958B-23A4-43CD-9956-67D4D6B69F90}" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | 
"{AA629A1E-0AD2-4C47-A611-23159529E636}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{AA776F29-D389-46BE-A94D-203E4FF367E8}" = protocol=17 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe | 
"{AB7897B6-3778-429C-A256-6840CC238D7A}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD09BF0E-6DFD-4D9B-A9E0-FC5F5E1E8C3A}" = protocol=17 | dir=in | app=d:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault_server.exe | 
"{B1A457EF-A777-48D9-A573-F4D49BB0A31D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B1D209D9-572A-4947-A83D-AAC362EBEE99}" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | 
"{B24A3506-3C60-4BFA-8322-CB7FD96C4774}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{B37F79CB-3E31-4658-9D20-C56DE3B17300}" = protocol=17 | dir=in | app=c:\users\daniel\downloads\sro_l5_full_client_downloader.exe | 
"{B42A34E0-AFB3-4CB7-B47B-C763C78CC491}" = protocol=6 | dir=in | app=c:\users\daniel\downloads\sro_l5_full_client_downloader.exe | 
"{BA4B27C1-D5D8-459F-8BBF-250949EBC8A8}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{CC8229FD-59D9-4DFB-9110-27A42E077A8F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DD723204-8778-4410-81A1-61219CCA060D}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{DED7B9AF-582F-4855-AE9A-E12F036602FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E33CD37C-79DB-4A00-98E6-07E469A14C29}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{E37B22BE-6592-43BF-8D7A-C04740148A43}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{E670EDA9-FD2D-41FF-8180-B314C1536FDE}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{EBF8731B-E842-46C9-A3CB-20D19DDAB165}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{F0C8C397-CE42-42F5-94F0-D21618B519F6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{F4D2A478-22AE-4D6A-A45D-DC22E235A973}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F4F2FF2F-3179-4CCC-9031-D4D5C987D6F1}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{FDE775D3-5C54-42D4-A0DF-F25FC00BE297}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"TCP Query User{0BD4CAA0-3CD3-460D-94E5-9A8AEBBF0C2C}C:\program files\xi\netxfer\nettransport.exe" = protocol=6 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe | 
"TCP Query User{1062864A-3AD3-4217-8870-FC1BFF74D1C1}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{1670E719-DBA3-416E-BF2D-DC2997BEDBBD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{2EC03884-BA88-49A7-8A97-F415F46CC477}C:\users\daniel\appdata\local\aptana studio 1.5\aptanastudio.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\aptana studio 1.5\aptanastudio.exe | 
"TCP Query User{37DC6271-37FC-4AAC-BF46-5291CFF6D446}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{3971384D-6484-4CFE-82B2-5C98AD510B2B}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe | 
"TCP Query User{3C02FDFE-0925-443B-AF2E-214E939C6DCD}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{3D3AE252-AF89-4F56-912C-0B622FC31283}C:\program files (x86)\usarmy\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\usarmy\america's army 3\binaries\aa3game.exe | 
"TCP Query User{41664D75-E893-453F-875C-7FD22359FB97}G:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=g:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{51E3C42F-C2E2-4EBA-9204-5EFF64D271B8}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | 
"TCP Query User{64031C18-8149-4576-8ADF-DC9A80A3ACF7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{65F79A2C-FBDF-4EA0-BFF7-32E284A2F57B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{6E7F349F-E80C-460E-9278-5FE1E13CAA5E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{9020A745-2E26-4C72-BBC7-387EBAF350A3}D:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault.exe | 
"TCP Query User{92A0D36E-B06F-4A99-BDEA-016919EAF804}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{A0545716-AE09-4204-B0F5-AEB36E3332F6}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{A8BE6187-FAAF-4BE9-8D21-C4DC59B103F1}C:\users\daniel\downloads\sro_l5_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\daniel\downloads\sro_l5_full_client_downloader.exe | 
"TCP Query User{B9399F55-A413-474A-838B-032B6AB990F8}D:\program files (x86)\operationflashpoint\flashpointresistance.exe" = protocol=6 | dir=in | app=d:\program files (x86)\operationflashpoint\flashpointresistance.exe | 
"TCP Query User{BFCECE35-344B-4894-970E-430FFD249A26}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{CD52F49C-659B-4420-AB7E-CC6EBE0786E8}C:\program files (x86)\realvnc\vnc4\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realvnc\vnc4\vncviewer.exe | 
"TCP Query User{D15A7AAE-0EEB-40F0-B059-232AC80404EE}C:\program files (x86)\square enix\order of war (demo)\oow_final.bin" = protocol=6 | dir=in | app=c:\program files (x86)\square enix\order of war (demo)\oow_final.bin | 
"TCP Query User{D9CB78A5-128D-4F77-8B91-1CF2D158C600}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"TCP Query User{DB65A469-0171-423F-AA17-58587F1A7F0A}D:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"TCP Query User{F5FCB6D5-A140-41F6-9977-DD8E5B93E073}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{16B75576-4AF8-4B7F-B96A-606B40FEAD48}C:\program files (x86)\square enix\order of war (demo)\oow_final.bin" = protocol=17 | dir=in | app=c:\program files (x86)\square enix\order of war (demo)\oow_final.bin | 
"UDP Query User{228B305E-5EAA-41EC-A9E2-EF5BF3ACCD2D}C:\users\daniel\downloads\sro_l5_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\daniel\downloads\sro_l5_full_client_downloader.exe | 
"UDP Query User{22CAE831-D521-418C-84EA-255C950D7929}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{33623787-0FD6-4EDF-8FBE-74AFCC8B1E9E}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe | 
"UDP Query User{3A0B9CE0-3A34-462F-8CA5-A676813368C8}C:\program files (x86)\realvnc\vnc4\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realvnc\vnc4\vncviewer.exe | 
"UDP Query User{4456E71F-865B-4B9F-BC49-2E6BA8140ACB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{4784F295-FF47-44BA-9854-0FED525976E4}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"UDP Query User{540BC255-C012-4178-A8D1-60322397CC2B}D:\program files (x86)\operationflashpoint\flashpointresistance.exe" = protocol=17 | dir=in | app=d:\program files (x86)\operationflashpoint\flashpointresistance.exe | 
"UDP Query User{57BCDE5C-47F2-43B0-9264-E47BA3F0ED28}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{5FE050E7-6E2D-4E32-A926-0E8DFE6E80D2}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | 
"UDP Query User{65533CD6-78F2-4A68-A587-1775117E5287}G:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=g:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{7B321398-5D2B-48AC-A9AC-BCDF456BB7BB}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{8765BBDB-1FB4-4804-8696-777D1B54F7E9}D:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"UDP Query User{A9910DA8-425B-46D2-B205-9666A57EAB2F}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{AF744906-0BB5-4CCC-B842-F95F08CAB9D4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{B18E1FF6-AF87-4101-86A5-D358E855D846}D:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bohemia interactive\arma cold war assault\coldwarassault.exe | 
"UDP Query User{BB02C8EA-8657-42E3-8148-95B50F542F5E}C:\users\daniel\appdata\local\aptana studio 1.5\aptanastudio.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\aptana studio 1.5\aptanastudio.exe | 
"UDP Query User{C5CB39A5-431B-46ED-904C-EE4D55E2ABC2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{C5E31424-1799-4740-822E-2352EF3DEA6D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{CEF918AB-2A8C-4D6E-80AF-890E7AD1FB65}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{D4BBB6F1-65CA-420F-992E-A32DE9EBB520}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{D593EB32-1A49-4CCC-95BC-7F4E030F352A}C:\program files (x86)\usarmy\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\usarmy\america's army 3\binaries\aa3game.exe | 
"UDP Query User{E69D72B5-2FE8-41F5-8D1D-5C23F5D86DAE}C:\program files\xi\netxfer\nettransport.exe" = protocol=17 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe | 
"UDP Query User{F4D3471F-0B26-4559-80FF-8D192C0BD03E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{38B4E24E-4F6E-4A6C-A414-F956FC35F376}" = NVIDIA CUDA Toolkit v4.0 (64 bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17 (64-bit)
"{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1" = Adobe Reader 64-bit fixes
"{78D2B9D0-E680-4295-9830-6B23397B474F}_is1" = NetTransport 2.96b.615
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite (Testversion) 2012
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"RmTablet" = Macro Key Manager
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 3.0.3.21
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{37B1F7CD-13E4-47DA-9E84-51AD6972ADC5}" = Stereoscopic Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66EDE2D1-F70E-CF05-4D1F-FCA3A9690588}" = Google+ RegHelper
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A413CBEB-11C1-45B5-91B2-EB7AB8AF5E0C}" = ULTRA Program Files
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A56C2090-F03D-40F5-A4DC-1A75291B2833}" = Operation Flashpoint BAS Addon Pack
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED34DBF1-8C99-40BD-A571-B4002A73EB00}" = A.C.Ryan MovieJukebox
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F6C5F1A1-F459-498F-A50A-EE6C80799D3B}" = Cinescore Studio 1.0
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"ACEMod" = ACEMod
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"AkAbak_is1" = AkAbak 2.1
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AppInventor Extras" = AppInventor Extras
"Aptana Studio 1.5" = Aptana Studio 1.5
"Aptana Studio 2.0" = Aptana Studio 2.0
"ArmA" = ArmA Uninstall
"Arma Cold War Assault" = Arma Cold War Assault Uninstall
"Artisteer 3" = Artisteer 3
"ASIO4ALL" = ASIO4ALL
"ATB_PC_is1" = ATB_PC
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"BattlEye" = BattlEye Uninstall
"Celtx (2.7)" = Celtx (2.7)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"de.txptr.googleplus" = Google+ RegHelper
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Edraw Mind Map_is1" = Edraw Mind Map V4
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"fc-prints" = fc-prints 
"FFUR '85 (2008 Edition)" = FFUR '85 (2008 Edition) 1.0
"FileZilla Client" = FileZilla Client 3.2.4.1
"Flashpoint" = Flashpoint uninstall
"FormatFactory" = FormatFactory 2.80
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free Studio_is1" = Free Studio version 5.1.5
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"Harry's Filters 3" = Harry's Filters 3
"Inkscape" = Inkscape 0.46
"InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"jMax_is1" = jMax 4.1.0_WIN32
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"Knoll 3D Flare" = Knoll 3D Flare
"LastFM_is1" = Last.fm 1.5.4.27091
"McAfee Security Scan" = McAfee Security Scan Plus
"Miro" = Miro
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.2
"RocketDock_is1" = RocketDock 1.3.5
"Ruby-186-27" = Ruby-186-27
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Scribus 1.3.6" = Scribus 1.3.6
"SimpleScreenshot" = SimpleScreenshot 1.30
"SMPlayer" = SMPlayer 0.6.9
"Steam App 34830" = Sniper: Ghost Warrior
"TightVNC_is1" = TightVNC 1.3.10
"TmNationsForever_is1" = TmNationsForever
"Tobit Radio.fx Server" = Radio.fx
"Trapcode Particular v2" = Trapcode Particular v2
"Trillian" = Trillian
"tvbrowser" = TV-Browser 3.0.2
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinISD beta" = WinISD beta
"WinISD Pro [alpha]" = WinISD Pro [alpha]
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.9
"XMind" = XMind
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2011 04:39:26 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 15.08.2011 05:00:48 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 15.08.2011 05:39:26 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 15.08.2011 06:00:48 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 15.08.2011 13:20:34 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 15.08.2011 13:33:48 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 15.08.2011 13:39:14 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 16.08.2011 03:50:38 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
Error - 16.08.2011 03:58:02 | Computer Name = Beatrice | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SSMMgr.exe, Version: 2.7.8.0, Zeitstempel:
 0x45700e44  Name des fehlerhaften Moduls: SSMMgr.exe, Version: 2.7.8.0, Zeitstempel:
 0x45700e44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e651  ID des fehlerhaften Prozesses:
 0xd14  Startzeit der fehlerhaften Anwendung: 0x01cc5be914bef420  Pfad der fehlerhaften
 Anwendung: C:\Windows\Samsung\PanelMgr\SSMMgr.exe  Pfad des fehlerhaften Moduls: 
C:\Windows\Samsung\PanelMgr\SSMMgr.exe  Berichtskennung: 76a77e18-c7dd-11e0-8bad-0019dbd1a348
 
Error - 16.08.2011 03:59:35 | Computer Name = Beatrice | Source = Google Update | ID = 20
Description = 
 
[ OSession Events ]
Error - 20.05.2010 12:05:25 | Computer Name = Beatrice | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5695
 seconds with 2340 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.09.2012 09:49:54 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:55 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:55 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:56 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:56 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:56 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:56 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:56 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 09:49:56 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.09.2012 10:16:55 | Computer Name = Beatrice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Danke schonmal im vorraus.

Gruß

Daniel

Alt 02.09.2012, 08:22   #2
t'john
/// Helfer-Team
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=16596&l=dis&gct=hp 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF-DL&o=16596&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=1A&apn_dtid=YYYYYYYYDE&apn_uid=673C7292-BB48-4FC1-8DEE-BEA571691BD1&apn_sauid=AEEB6F18-577A-4C4F-9553-8C845C04C4C5& 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9 
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0 
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1 
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0 
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5 
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1 
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) 
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Daniel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) 
O4:64bit: - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = C:\Users\Daniel\AppData\Roaming\1.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] 
O8:64bit: - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files\Xi\NetXfer\NXAddList.html () 
O8:64bit: - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html () 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files\Xi\NetXfer\NXAddList.html () 
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html () 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found 
O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) 
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKCU Winlogon: Shell - (C:\Users\Daniel\AppData\Roaming\1.exe) - C:\Users\Daniel\AppData\Roaming\1.exe () 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O31 - SafeBoot: UseAlternatShell - 1 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.12.31 15:58:42 | 000,000,044 | R--- | M] () - H:\autorun.inf -- [ UDF ] 
O33 - MountPoints2\{f13b223d-933a-11de-af63-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{f13b223d-933a-11de-af63-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2010.05.11 15:49:56 | 000,345,896 | R--- | M] (Valve Corporation) 

[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] 
[2012.09.01 14:44:47 | 000,000,650 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk 
[2012.09.01 14:44:42 | 000,391,533 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\1.exe 
[2012.05.30 17:55:37 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com 
[2012.07.07 19:08:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.07.07 19:08:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2012.07.07 19:08:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.07.07 19:08:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.07.07 19:08:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 
[2010.10.12 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Gutscheinmieze 
 
[2012.08.29 10:04:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi 

[2009.09.14 20:16:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
:Files

C:\Users\Daniel\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Daniel\AppData\Local\Temp\*.exe
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 02.09.2012, 10:25   #3
sharpe
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Moin t`John,

danke für die Hilfe. Der Rechner läuft wieder. Und so wie ich das beurteilen kann wieder wie vorher.

Die Log files:

OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: messagestyle-blackened@addons.instantbird.org:0.9 removed from extensions.enabledItems
Prefs.js: default-palette@celtx.com:1.0 removed from extensions.enabledItems
Prefs.js: messagestyle-depth@addons.instantbird.org:1.1 removed from extensions.enabledItems
Prefs.js: inspector@mozilla.org:2.0.0 removed from extensions.enabledItems
Prefs.js: messagestyle-minimal20@addons.instantbird.org:1.5 removed from extensions.enabledItems
Prefs.js: emoticons-msn-smileys@m513901.de:0.1 removed from extensions.enabledItems
Prefs.js: calendar-timezones@mozilla.org:0.1.2008d removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Daniel\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk moved successfully.
C:\Users\Daniel\AppData\Roaming\1.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Alles mit NetXfer herunterladen\ deleted successfully.
C:\Program Files\Xi\NetXfer\NXAddList.html moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Herunterladen mit NetXfer\ deleted successfully.
C:\Program Files\Xi\NetXfer\NXAddLink.html moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Alles mit NetXfer herunterladen\ not found.
File C:\Program Files\Xi\NetXfer\NXAddList.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Herunterladen mit NetXfer\ not found.
File C:\Program Files\Xi\NetXfer\NXAddLink.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7B499570-29C5-4a80-9F57-94A420D140CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B499570-29C5-4a80-9F57-94A420D140CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7B499570-29C5-4a80-9F57-94A420D140CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B499570-29C5-4a80-9F57-94A420D140CE}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Daniel\AppData\Roaming\1.exe deleted successfully.
File C:\Users\Daniel\AppData\Roaming\1.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. H:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f13b223d-933a-11de-af63-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f13b223d-933a-11de-af63-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f13b223d-933a-11de-af63-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f13b223d-933a-11de-af63-806e6f6e6963}\ not found.
File move failed. H:\Setup.exe scheduled to be moved on reboot.
C:\Windows\SysNative\drivers\~GLH0015.TMP deleted successfully.
C:\Windows\SysNative\drivers\~GLH0017.TMP deleted successfully.
File C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk not found.
File C:\Users\Daniel\AppData\Roaming\1.exe not found.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-30-May-2012-15-55-37-GMT folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-24-Jun-2012-12-36-23-GMT folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-31-Oct-2011-10-18-19-GMT folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-07-Nov-2011-18-17-07-GMT folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-18-Nov-2011-15-36-37-GMT folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\ewbqbfy5.default\extensions\toolbar@ask.com folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Users\Daniel\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Config.Msi folder moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Daniel\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Daniel\AppData\Local\Temp\asdasd.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\BingBarSetup-Partner.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\GoogleUpdateSetup.exe250dd moved successfully.
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\install_flashplayer11x32_chra_au_aih (1).exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\nvStInst.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\setup.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\setup_3.0.5579.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\setup_3.0.5606.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\setup_v3.0.5517.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\_is5070.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\_isA766.exe moved successfully.
C:\Users\Daniel\AppData\Local\Temp\_isC023.exe moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-1538c201-n folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-3abded0c-n folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4b47d8e7-n folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-4d3f1140-n folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Daniel\Desktop\cmd.bat deleted successfully.
C:\Users\Daniel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniel
->Temp folder emptied: 396805858 bytes
->Temporary Internet Files folder emptied: 391527504 bytes
->FireFox cache emptied: 418505547 bytes
->Google Chrome cache emptied: 23352699 bytes
->Opera cache emptied: 25906885 bytes
->Flash cache emptied: 67118 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13449820 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46374170 bytes
RecycleBin emptied: 9756245547 bytes
 
Total Files Cleaned = 10.560,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 09022012_093534

Files\Folders moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.
File move failed. H:\Setup.exe scheduled to be moved on reboot.
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

adw R1:

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/02/2012 um 11:09:06 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzer : Daniel - BEATRICE
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Daniel\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ewbqbfy5.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\Daniel\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Daniel\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Daniel\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Daniel\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-3753493768-2596447732-2270907031-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ewbqbfy5.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gefunden : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gefunden : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gefunden : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gefunden : user_pref("extensions.asktb.cbid", "1A");
Gefunden : user_pref("extensions.asktb.config-updated", true);
Gefunden : user_pref("extensions.asktb.crumb", "2010.10.14+13.15.49-toolbar004iad-DE-S2FybHNydWhlLEdlcm1hbnk%3D[...]
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gefunden : user_pref("extensions.asktb.displaybehavior", "");
Gefunden : user_pref("extensions.asktb.displaytext", "");
Gefunden : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gefunden : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gefunden : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0063");
Gefunden : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...]
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "673C7292-BB48-4FC1-8DEE-BEA571691BD1");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "su");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1346431495181");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.location", "Karlsruhe,Germany");
Gefunden : user_pref("extensions.asktb.lstation", "");
Gefunden : user_pref("extensions.asktb.o", "16596");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.pstate", "");
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "7");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "AEEB6F18-577A-4C4F-9553-8C845C04C4C5");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Gefunden : user_pref("extensions.asktb.socialmini-first", true);
Gefunden : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gefunden : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gefunden : user_pref("extensions.asktb.socialmini-max-items", "30");
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.socialmini-speed", "10000");
Gefunden : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "30.10.2011 15:05:27");
Gefunden : user_pref("extensions.asktb.v", "3.13.1.100013");
Gefunden : user_pref("extensions.asktb.version", "5.13.1.18107");
Gefunden : user_pref("extensions.asktb.volume", "");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Daniel\AppData\Roaming\Opera\Opera\operaprefs.ini

Gefunden : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gefunden : application/x-winampx-1.0.0.1=,0

*************************

AdwCleaner[R1].txt - [7627 octets] - [02/09/2012 11:09:06]

########## EOF - C:\AdwCleaner[R1].txt - [7687 octets] ##########
         

adw S1:

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/02/2012 um 11:10:46 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzer : Daniel - BEATRICE
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Daniel\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ewbqbfy5.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\Daniel\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Daniel\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKU\S-1-5-21-3753493768-2596447732-2270907031-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ewbqbfy5.default\prefs.js

C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ewbqbfy5.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "1A");
Gelöscht : user_pref("extensions.asktb.config-updated", true);
Gelöscht : user_pref("extensions.asktb.crumb", "2010.10.14+13.15.49-toolbar004iad-DE-S2FybHNydWhlLEdlcm1hbnk%3D[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Gelöscht : user_pref("extensions.asktb.displaytext", "");
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0063");
Gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "673C7292-BB48-4FC1-8DEE-BEA571691BD1");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "su");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1346431495181");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.location", "Karlsruhe,Germany");
Gelöscht : user_pref("extensions.asktb.lstation", "");
Gelöscht : user_pref("extensions.asktb.o", "16596");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.pstate", "");
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "7");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "AEEB6F18-577A-4C4F-9553-8C845C04C4C5");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "10000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "30.10.2011 15:05:27");
Gelöscht : user_pref("extensions.asktb.v", "3.13.1.100013");
Gelöscht : user_pref("extensions.asktb.version", "5.13.1.18107");
Gelöscht : user_pref("extensions.asktb.volume", "");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Daniel\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gelöscht : application/x-winampx-1.0.0.1=,0

*************************

AdwCleaner[R1].txt - [7748 octets] - [02/09/2012 11:09:06]
AdwCleaner[S1].txt - [8446 octets] - [02/09/2012 11:10:46]

########## EOF - C:\AdwCleaner[S1].txt - [8506 octets] ##########
         
Nochmals Danke

Gruß

Daniel
__________________

Alt 02.09.2012, 10:45   #4
t'john
/// Helfer-Team
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 11:01   #5
sharpe
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Hi,

hier das fehlende Logfile

Code:
ATTFilter
2012/09/02 09:40:38 +0200	BEATRICE	Daniel	MESSAGE	Starting protection
2012/09/02 09:40:43 +0200	BEATRICE	Daniel	MESSAGE	Protection started successfully
2012/09/02 09:40:46 +0200	BEATRICE	Daniel	MESSAGE	Starting IP protection
2012/09/02 09:40:50 +0200	BEATRICE	Daniel	MESSAGE	IP Protection started successfully
2012/09/02 09:42:21 +0200	BEATRICE	Daniel	MESSAGE	Starting database refresh
2012/09/02 09:42:21 +0200	BEATRICE	Daniel	MESSAGE	Stopping IP protection
2012/09/02 09:46:07 +0200	BEATRICE	Daniel	MESSAGE	IP Protection stopped
2012/09/02 09:46:10 +0200	BEATRICE	Daniel	MESSAGE	Database refreshed successfully
2012/09/02 09:46:10 +0200	BEATRICE	Daniel	MESSAGE	Starting IP protection
2012/09/02 09:46:14 +0200	BEATRICE	Daniel	MESSAGE	IP Protection started successfully
2012/09/02 10:33:35 +0200	BEATRICE	Daniel	MESSAGE	Executing scheduled update:  Daily
2012/09/02 10:33:35 +0200	BEATRICE	Daniel	ERROR	Scheduled update failed:  I/O error failed with error code 0
2012/09/02 11:08:25 +0200	BEATRICE	Daniel	MESSAGE	Stopping IP protection
2012/09/02 11:15:25 +0200	BEATRICE	Daniel	MESSAGE	Starting protection
2012/09/02 11:15:30 +0200	BEATRICE	Daniel	MESSAGE	Protection started successfully
2012/09/02 11:15:33 +0200	BEATRICE	Daniel	MESSAGE	Starting IP protection
2012/09/02 11:15:37 +0200	BEATRICE	Daniel	MESSAGE	IP Protection started successfully
         
uuups...

ich hab erst jetzt bemerkt, dass es das falsche log ist. sorry.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.02.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: BEATRICE [Administrator]

Schutz: Aktiviert

02.09.2012 13:04:50
mbam-log-2012-09-02 (14-47-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 703187
Laufzeit: 1 Stunde(n), 42 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)


(Ende)
         


Alt 02.09.2012, 14:23   #6
t'john
/// Helfer-Team
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Das ist nicht das Logfile. (Reiter Logberichte)
__________________
--> "Weißer Bildschirm"

Alt 02.09.2012, 15:18   #7
sharpe
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Hi,

ich hab nur den Reiter "Logdateien". Da war das erste File drin. Sonst nichts.
Ich hatte dann nocheinmal einen Scan gemacht. Dabei kam das zweite oben gezeigte raus. Mehr finde ich nicht

Gruß

Daniel

Alt 03.09.2012, 18:43   #8
t'john
/// Helfer-Team
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.09.2012, 08:47   #9
sharpe
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Moin,

der Scan hat noch einiges zu Tage geführt.

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 03.09.2012 20:43:51

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\, G:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	03.09.2012 20:44:15

C:\_OTL\MovedFiles\09022012_093534\C_Users\Daniel\AppData\Roaming\1.exe 	gefunden: Trojan.LockScreen!E2
C:\_OTL\MovedFiles\09022012_093534\C_Users\Daniel\AppData\Local\Temp\asdasd.exe 	gefunden: Trojan.LockScreen!E2
C:\Program Files (x86)\RealVNC\VNC4\vncviewer.exe 	gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe 	gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
D:\Projekte\interessen\Handy\Nokia\MDbank.jar -> FW.class 	gefunden: Trojan.Java.SMSsend!E2
D:\Projekte\interessen\Handy\Nokia\MDbank.jar -> FS.class 	gefunden: Java.Trojan.RedBrowser.A!E2
D:\Projekte\interessen\Handy\Nokia\MDbank.jar -> S.class 	gefunden: Virus.Java.RedBrowser!E2
D:\Projekte\HTPC\lcd\lcdhype.exe 	gefunden: Win32.Delf!E2
D:\Projekte\HTPC\lcd\lcdhype_version_036.zip -> lcdhype.exe 	gefunden: Win32.Delf!E2
D:\Downloads\PDFCreator-1_2_3_setup.exe 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
G:\Projekte\interessen\Handy\Nokia\MDbank.jar -> FW.class 	gefunden: Trojan.Java.SMSsend!E2
G:\Projekte\interessen\Handy\Nokia\MDbank.jar -> S.class 	gefunden: Virus.Java.RedBrowser!E2
G:\Projekte\interessen\Handy\Nokia\MDbank.jar -> FS.class 	gefunden: Java.Trojan.RedBrowser.A!E2
G:\Projekte\HTPC\lcd\lcdhype.exe 	gefunden: Win32.Delf!E2
G:\Projekte\HTPC\lcd\lcdhype_version_036.zip -> lcdhype.exe 	gefunden: Win32.Delf!E2

Gescannt	1052325
Gefunden	15

Scan Ende:	03.09.2012 23:12:10
Scan Zeit:	2:27:55



D:\Downloads\PDFCreator-1_2_3_setup.exe	Quarantäne Riskware.Win32.Toolbar.Widgi.AMN!E1
D:\Projekte\HTPC\lcd\lcdhype.exe	Quarantäne Win32.Delf!E2
D:\Projekte\HTPC\lcd\lcdhype_version_036.zip -> lcdhype.exe	Quarantäne Win32.Delf!E2
G:\Projekte\HTPC\lcd\lcdhype.exe	Quarantäne Win32.Delf!E2
G:\Projekte\HTPC\lcd\lcdhype_version_036.zip -> lcdhype.exe	Quarantäne Win32.Delf!E2
D:\Projekte\interessen\Handy\Nokia\MDbank.jar -> S.class	Quarantäne Virus.Java.RedBrowser!E2
G:\Projekte\interessen\Handy\Nokia\MDbank.jar -> S.class	Quarantäne Virus.Java.RedBrowser!E2
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\_OTL\MovedFiles\09022012_093534\C_Users\Daniel\AppData\Roaming\1.exe	Quarantäne Trojan.LockScreen!E2
C:\_OTL\MovedFiles\09022012_093534\C_Users\Daniel\AppData\Local\Temp\asdasd.exe	Quarantäne Trojan.LockScreen!E2

Quarantäne	10
         

Alt 04.09.2012, 18:22   #10
t'john
/// Helfer-Team
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.09.2012, 07:04   #11
sharpe
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Moin,


ich hab den scanner zweimal durchlaufen lassen. (jeweils 5 Stunden puh...) Beidemale hat er nichts gefunden.

Allerdings hatte ich bei ersten ausprobieren noch die firewall an. deswegen steht im logfile,vermutlich fogendes :


Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
         
die beiden anderen male hat das Programm das logfile nicht mehr aktualisiert. Ich denke , da er aber nichts mehr gefunden hat passt das schon.

Gruß


Daniel

Alt 07.09.2012, 15:28   #12
t'john
/// Helfer-Team
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck


Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 10.09.2012, 17:56   #13
sharpe
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



Moin,

sorry, war ne Zeit lang nicht hier. Ich hab inzwischen alles geupdatet und eingestellt. Der Plug-in Check ergab:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Opera 12.02 ist aktuell
Flash (11,4,402,265) ist aktuell.
Java (1,7,0,7) ist aktuell.
Adobe Reader 10,1,4,0 ist aktuell.

Ich hoffe ich das das jetzt einigermaßen Ok ist.

Gruß

Daniel

Alt 11.09.2012, 00:30   #14
t'john
/// Helfer-Team
 
"Weißer Bildschirm" - Standard

"Weißer Bildschirm"



auch deaktiviert?

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu "Weißer Bildschirm"
2.0.7, 7-zip, adobe after effects, audacity, bho, bildschirm, bonjour, browser, converter, cs3/contributeieplugin.dll, error, firefox, flash player, google, google earth, grand theft auto, homepage, iexplore.exe, install.exe, langs, logfile, mozilla, mp3, nvidia update, office 2007, programm, realtek, recuva, registry, scan, security, senden, server, software, starten, svchost.exe, third party, windows



Ähnliche Themen: "Weißer Bildschirm"


  1. "BKA-Trojaner" auf Windows Vista - weißer Bildschirm nach dem Booten
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (12)
  2. Weißer Bildschirm und:"es konnte keine Internetverbindung hergestellt werden"
    Log-Analyse und Auswertung - 24.10.2012 (1)
  3. weißer bildschirm und:"es konnte keine Internetverbindung hergestellt werden"
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (19)
  4. "Weißer Bildschirm Trojaner", Nach dem Windowsstart nur weißer Bildschirm!
    Log-Analyse und Auswertung - 01.09.2012 (1)
  5. Blauer Bildschirm beim booten von USB (Bekämpfung d."Weißer Bildschirm-please wait")
    Log-Analyse und Auswertung - 08.07.2012 (6)
  6. Weißer Bildschirm "Verbindung wird aufgebaut, bitte warten"
    Log-Analyse und Auswertung - 29.06.2012 (3)
  7. weißer Bildschirm mit der Meldung "Please wait while the connection is being established"
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (6)
  8. Win Xp nach hochfahren weißer Bildschirm " Verbindung wird hergestellt"
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (6)
  9. Win Xp nach hochfahren weißer Bildschirm " Verbindung wird hergestellt"
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (9)
  10. Weißer Bildschirm "Warten sie während die Verbindung aufgebaut wird"
    Log-Analyse und Auswertung - 01.05.2012 (20)
  11. Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung"
    Log-Analyse und Auswertung - 30.04.2012 (36)
  12. Weißer Bildschirm "Warten sie während die Verbindung aufgebaut wird" u. "Please wait while the conne
    Log-Analyse und Auswertung - 24.04.2012 (9)
  13. Weißer Bildschirm: "Warten während die Verbindung hergestellt wird." Win 7
    Log-Analyse und Auswertung - 18.04.2012 (4)
  14. Fehlermeldung: "Please wait while the connection is being established" und Weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (1)
  15. Weißer Bildschirm "Please wait while the connection is beeing established"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (25)
  16. Weißer Bildschirm und :"warten sie während die verbindung hergestellt wird"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (9)
  17. Weißer Bildschirm und die Meldung "Es besteht noch keine Internetverbindung"
    Log-Analyse und Auswertung - 27.01.2012 (6)

Zum Thema "Weißer Bildschirm" - Hallo Leute, ich habe mir diesen "Weißer Bildschirm" Plagegeist eingefangen. Ich war auf Google und habe mir Bilder über Japanische Tätowierungen angeschaut. Ein Bilder Link muss mich dann zu einer - "Weißer Bildschirm"...
Archiv
Du betrachtest: "Weißer Bildschirm" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.