"Webseite kann nicht angezeigt werden" bei Windows 7 Boot

turambar · 14.10.2012, 16:57

Liebe Community,

Ich habe ein Problem das bereits in einem anderen Thread behandelt wurde: Bei meinem Windows 7-PC erscheint kurz nach Start des Betriebssystems eine bildschirmfüllende Anzeige mit "Diese Website kann nicht angezeigt werden". Ich hatte bereits einen Scan mit Malwarebytes durchgeführt und alle gefunden Infektionen gelöscht.
Alle Scans im Anhang mussten im Abgesicherten Modus von Windows durchgeführt werden; ich hoffe, das ist kein Problem.

Bin für jede Hilfe dankbar.

Mfg, Turambar

cosinus · 15.10.2012, 15:32

Ohne die Logs von Malwarebytes und Co wird das hier nichts.

Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

turambar · 16.10.2012, 20:36

Danke für die Antwort! Bin zum ersten Mal hier, ich wusste nicht, dass ich die Malwarebytes Logs auch posten muss.

Also, dann wollen wir mal:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.14.03

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.7601.17514
Friedel :: WHEATLEY [Administrator]

16.10.2012 21:20:13
mbam-log-2012-10-16 (21-20-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214362
Laufzeit: 4 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:14 on 14/10/2012 (Friedel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.10.2012 16:15:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,83% Memory free
6,50 Gb Paging File | 5,99 Gb Available in Paging File | 92,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 796,43 Gb Free Space | 57,87% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
Drive G: | 488,25 Mb Total Space | 480,73 Mb Free Space | 98,46% Space Free | Partition Type: FAT
 
Computer Name: WHEATLEY | User Name: Friedel | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.14 15:49:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.01 11:15:22 | 000,268,808 | ---- | M] () -- C:\Programme\G Data\AntiVirus\AVK\ShellExt.dll
MOD - [2010.09.22 22:12:20 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 14:10:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.06 11:35:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.09.06 03:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012.06.18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012.01.14 13:00:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 19:29:46 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.09.08 13:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.04.01 11:16:44 | 000,353,288 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.04.01 11:16:02 | 000,409,608 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2011.04.01 11:15:58 | 001,430,024 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.04.01 03:28:44 | 001,368,648 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.27 18:24:52 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto | Stopped] -- C:\Windows\System32\UAService7.exe -- (UserAccess7)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.09.16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Friedel\AppData\Local\Temp\sony_ssm.sys -- (sony_ssm.sys)
DRV - [2012.05.14 14:48:51 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011.09.08 20:26:10 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.09.08 18:52:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.09.08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011.06.25 15:33:21 | 000,048,344 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2011.06.25 15:32:39 | 000,039,640 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.06.25 15:32:37 | 000,074,456 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011.06.25 15:32:37 | 000,037,720 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011.06.25 15:32:35 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
DRV - [2011.06.25 15:32:33 | 000,052,440 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.06.24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2010.11.25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2002.06.20 19:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002.06.20 19:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002.06.20 19:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002.06.20 19:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {C6FD38B5-0D2D-4DEC-A3DB-E7828C35256F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=mI-j8KbO_ixizyRHH-boFqQjMH4?q={searchTerms}
IE - HKCU\..\SearchScopes\{C6FD38B5-0D2D-4DEC-A3DB-E7828C35256F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{E4E9256C-AFF3-42A9-AA1E-FD719320B1AE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11089.229
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.15 16:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.15 16:03:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.26 10:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.10.23 19:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedel\AppData\Roaming\mozilla\Extensions
[2010.10.23 19:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.21 21:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friedel\AppData\Roaming\mozilla\Firefox\Profiles\q1xpekqa.default\extensions
[2012.09.15 16:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.25 15:32:44 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.09.21 20:54:10 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.09.21 20:54:17 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.09.06 03:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - Extension: YouTube = C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [mywmdfzslonndag] C:\ProgramData\mywmdfzs.exe ()
O4 - HKCU..\Run: [Start WingMan Profiler]  File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Friedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{479857B1-B47D-4A4A-A160-9DB2B23B5395}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5525416A-6096-4384-B2E8-4DCBE6671729}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d9a49e23-5a88-11df-9689-4061869323d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d9a49e23-5a88-11df-9689-4061869323d4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.14 14:35:40 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Roaming\Malwarebytes
[2012.10.14 14:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.14 14:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.14 14:35:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.14 14:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.14 14:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\tvmklivslpgoqej
[2012.10.13 16:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.10.13 14:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.10.13 14:52:27 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.10.13 14:31:22 | 000,000,000 | ---D | C] -- C:\Users\Friedel\Documents\StarCraft II
[2012.10.13 14:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.10.13 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2012.10.13 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.09.24 21:27:14 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Local\Eastman_Kodak_Company
[2012.09.24 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Local\Eastman Kodak Company
[2012.09.24 21:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012.09.24 21:15:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2012.09.24 21:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012.09.24 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Roaming\Temp
[2012.09.24 21:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012.09.21 20:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.09.21 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.09.21 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.09.18 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.18 21:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.18 21:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.18 21:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.16 12:23:23 | 000,000,000 | ---D | C] -- C:\Users\Friedel\Desktop\DCIM
[2012.09.15 16:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.15 16:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.15 12:41:13 | 000,000,000 | ---D | C] -- C:\Users\Friedel\AppData\Local\Macromedia
[4 C:\Users\Friedel\Documents\*.tmp files -> C:\Users\Friedel\Documents\*.tmp -> ]
[3 C:\Users\Friedel\*.tmp files -> C:\Users\Friedel\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 16:14:08 | 000,000,000 | ---- | M] () -- C:\Users\Friedel\defogger_reenable
[2012.10.14 15:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 15:53:17 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 15:49:08 | 000,050,477 | ---- | M] () -- C:\Users\Friedel\Desktop\Defogger.exe
[2012.10.14 15:38:12 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 15:38:11 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 15:35:43 | 000,001,962 | ---- | M] () -- C:\Users\Friedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
[2012.10.14 14:35:33 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.14 14:11:35 | 000,076,348 | ---- | M] () -- C:\ProgramData\uvyfebthvgndprn
[2012.10.14 14:11:29 | 000,110,592 | ---- | M] () -- C:\ProgramData\mywmdfzs.exe
[2012.10.14 14:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.14 14:01:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.10.14 13:44:06 | 000,825,283 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.10.14 13:44:06 | 000,044,928 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.10.13 20:38:02 | 000,011,851 | ---- | M] () -- C:\Users\Friedel\Desktop\1-5.jpg
[2012.10.13 16:38:04 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.10.12 20:40:23 | 000,001,882 | ---- | M] () -- C:\Users\Friedel\Desktop\Messages from Mike - Verknüpfung.lnk
[2012.10.09 20:53:10 | 000,705,696 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.09 20:53:10 | 000,666,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.09 20:53:10 | 000,150,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.09 20:53:10 | 000,126,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 10:31:10 | 000,603,710 | ---- | M] () -- C:\Users\Friedel\Desktop\Canon TS-E 24mm f_3.5 L II Objektiv 4960999635163 _ eBay.pdf
[2012.10.06 12:53:32 | 058,414,603 | ---- | M] () -- C:\Users\Friedel\Desktop\Intro_US_2.wmv
[2012.10.06 12:15:26 | 083,822,713 | ---- | M] () -- C:\Users\Friedel\Desktop\National Parks.wmv
[2012.10.06 12:06:18 | 000,107,056 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US_2.veg
[2012.10.05 00:11:04 | 000,107,152 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US_2.veg.bak
[2012.10.03 19:49:24 | 184,382,713 | ---- | M] () -- C:\Users\Friedel\Desktop\National Park_large.wmv
[2012.10.03 18:40:14 | 000,102,680 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US.veg
[2012.10.03 18:29:56 | 000,099,096 | ---- | M] () -- C:\Users\Friedel\Documents\Intro_US.veg.bak
[2012.10.01 09:35:16 | 006,187,974 | ---- | M] () -- C:\Users\Friedel\Desktop\IMG_2274.JPG
[2012.10.01 09:20:32 | 006,161,863 | ---- | M] () -- C:\Users\Friedel\Desktop\IMG_2258.JPG
[2012.09.23 22:00:19 | 141,647,184 | ---- | M] () -- C:\Users\Friedel\Desktop\Crater Lake_panoramic.bmp
[2012.09.23 18:29:24 | 019,925,705 | ---- | M] () -- C:\Users\Friedel\Desktop\Bildbeispiel_Brennweite.wmv
[2012.09.23 18:16:23 | 000,037,872 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfk0
[2012.09.23 18:11:03 | 021,773,816 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfap1
[2012.09.23 18:09:39 | 012,448,115 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv
[2012.09.23 17:37:57 | 008,766,348 | ---- | M] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1.mp4
[2012.09.23 16:28:40 | 000,307,696 | ---- | M] () -- C:\Users\Friedel\Desktop\Canon EF 100mm 2,8 L IS USM Macro Objektiv_ Amazon.de_ Elektronik.pdf
[2012.09.20 18:08:08 | 000,155,576 | ---- | M] () -- C:\Users\Friedel\Documents\US trip.veg
[2012.09.18 21:06:01 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.15 16:04:08 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[4 C:\Users\Friedel\Documents\*.tmp files -> C:\Users\Friedel\Documents\*.tmp -> ]
[3 C:\Users\Friedel\*.tmp files -> C:\Users\Friedel\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 16:14:08 | 000,000,000 | ---- | C] () -- C:\Users\Friedel\defogger_reenable
[2012.10.14 16:13:21 | 000,050,477 | ---- | C] () -- C:\Users\Friedel\Desktop\Defogger.exe
[2012.10.14 14:35:33 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.14 14:11:34 | 000,110,592 | ---- | C] () -- C:\ProgramData\mywmdfzs.exe
[2012.10.14 14:11:29 | 000,076,348 | ---- | C] () -- C:\ProgramData\uvyfebthvgndprn
[2012.10.13 20:38:02 | 000,011,851 | ---- | C] () -- C:\Users\Friedel\Desktop\1-5.jpg
[2012.10.13 14:31:22 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.10.08 10:31:07 | 000,603,710 | ---- | C] () -- C:\Users\Friedel\Desktop\Canon TS-E 24mm f_3.5 L II Objektiv 4960999635163 _ eBay.pdf
[2012.10.03 21:33:35 | 058,414,603 | ---- | C] () -- C:\Users\Friedel\Desktop\Intro_US_2.wmv
[2012.10.03 20:02:19 | 083,822,713 | ---- | C] () -- C:\Users\Friedel\Desktop\National Parks.wmv
[2012.10.03 19:50:42 | 000,107,152 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US_2.veg.bak
[2012.10.03 19:50:42 | 000,107,056 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US_2.veg
[2012.10.03 19:17:54 | 184,382,713 | ---- | C] () -- C:\Users\Friedel\Desktop\National Park_large.wmv
[2012.10.03 17:45:39 | 000,102,680 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US.veg
[2012.10.03 17:45:39 | 000,099,096 | ---- | C] () -- C:\Users\Friedel\Documents\Intro_US.veg.bak
[2012.10.01 10:17:58 | 006,187,974 | ---- | C] () -- C:\Users\Friedel\Desktop\IMG_2274.JPG
[2012.10.01 10:17:35 | 006,161,863 | ---- | C] () -- C:\Users\Friedel\Desktop\IMG_2258.JPG
[2012.09.23 22:00:17 | 141,647,184 | ---- | C] () -- C:\Users\Friedel\Desktop\Crater Lake_panoramic.bmp
[2012.09.23 18:14:03 | 019,925,705 | ---- | C] () -- C:\Users\Friedel\Desktop\Bildbeispiel_Brennweite.wmv
[2012.09.23 18:11:02 | 021,773,816 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfap1
[2012.09.23 18:11:02 | 000,037,872 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv.sfk0
[2012.09.23 18:09:16 | 012,448,115 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1 (1).wmv
[2012.09.23 17:37:49 | 008,766,348 | ---- | C] () -- C:\Users\Friedel\Desktop\LOTR_THE_FELLOWSHIP_OF_THE_RING Title 1.mp4
[2012.09.23 16:28:39 | 000,307,696 | ---- | C] () -- C:\Users\Friedel\Desktop\Canon EF 100mm 2,8 L IS USM Macro Objektiv_ Amazon.de_ Elektronik.pdf
[2012.09.18 21:06:01 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.15 16:04:08 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.28 18:01:41 | 000,029,374 | ---- | C] () -- C:\Users\Friedel\AppData\Local\recently-used.xbel
[2011.12.03 17:06:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.08.26 16:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.08.09 21:17:23 | 000,007,602 | ---- | C] () -- C:\Users\Friedel\AppData\Local\Resmon.ResmonCfg
[2011.06.25 21:28:45 | 000,825,283 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.06.15 20:17:50 | 000,001,940 | ---- | C] () -- C:\Users\Friedel\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.03.30 23:13:26 | 001,841,000 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.10.24 15:36:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.10.08 15:47:43 | 727,973,887 | ---- | C] () -- C:\Users\Friedel\thedarkknight.wtv
[2010.06.20 09:02:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.06.08 07:28:07 | 000,005,632 | ---- | C] () -- C:\Users\Friedel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.25 18:15:33 | 000,001,958 | ---- | C] () -- C:\Users\Friedel\AppData\Roaming\wklnhst.dat
[2010.05.24 17:03:55 | 000,000,026 | ---- | C] () -- C:\Users\Friedel\1103e87c128cad76bae.notes
[2010.05.24 17:03:55 | 000,000,023 | ---- | C] () -- C:\Users\Friedel\1103e87c128cad76bae.details
[2010.05.24 15:49:55 | 000,000,378 | ---- | C] () -- C:\Users\Friedel\babed1aa128ca93ac76.details
[2010.05.24 15:49:55 | 000,000,000 | ---- | C] () -- C:\Users\Friedel\babed1aa128ca93ac76.notes
[2010.05.24 15:49:19 | 000,000,016 | ---- | C] () -- C:\Users\Friedel\persistent_state
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.13 16:27:35 | 000,000,000 | -HSD | M] -- C:\Users\Friedel\AppData\Roaming\.#
[2010.05.25 19:42:37 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Ace
[2012.10.13 16:12:20 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\ALDI_SUED_Mah_Jong
[2012.05.06 17:46:05 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Audacity
[2011.12.18 11:48:32 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Blender Foundation
[2010.07.07 14:35:39 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\FreeVideoConverter
[2011.10.15 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2010.05.30 13:59:05 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Opera
[2010.05.24 08:56:29 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Petroglyph
[2011.06.26 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Publish Providers
[2011.05.27 06:37:07 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Research In Motion
[2011.08.06 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Sony
[2011.08.06 20:29:55 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Sony Creative Software Inc
[2011.05.07 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\SPORE
[2012.09.24 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Temp
[2010.05.25 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Template
[2010.10.23 19:51:12 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Thunderbird
[2010.08.11 17:19:12 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Ulead Systems
[2012.05.13 18:13:10 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\Wacom
[2012.05.13 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Friedel\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Friedel\Documents\nfv.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Friedel\Documents\Handout Physik.doc:Roxio EMC Stream

< End of report >

--- --- ---

[/code]

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.10.2012 16:15:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,83% Memory free
6,50 Gb Paging File | 5,99 Gb Available in Paging File | 92,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 796,43 Gb Free Space | 57,87% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
Drive G: | 488,25 Mb Total Space | 480,73 Mb Free Space | 98,46% Space Free | Partition Type: FAT
 
Computer Name: WHEATLEY | User Name: Friedel | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D0F78-EE6C-4A13-AC8D-20DB7121FCEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{123E6D78-0DF4-4983-A8F4-E19E1CEBFB0F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{2671F6AF-ADFC-40BA-8FB1-AC0B6C713EA4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{28E84E2E-ED98-4E59-920E-63CDF6E3E13D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2977758F-ED30-4ED9-80B6-F56223DCB1BA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{356108D1-B433-4DCD-B1A0-564DFF978186}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3865C063-7A87-4BA7-BCEF-903AD98577BC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3902AD2D-E6E9-4D41-8C4A-DCCDDB0F833D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3A76BF00-56AF-46A2-B718-6E0AAFE75E50}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5D7A9D29-934C-4A26-BB0C-9DC571592F19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{60BEC4EC-B949-4E79-BD6F-9F5B12819CFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70D79096-886D-476A-80A6-5161906F5848}" = rport=137 | protocol=17 | dir=out | app=system | 
"{71BE894C-4FF2-4408-A53D-0813E569C515}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{776BCD69-4CFB-4B0C-9574-0AC3CCBC42C6}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{888E6245-63DC-4B4C-A9D2-0B83688066D4}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{8FBEB9C1-B0E1-42AF-9A77-B14D66C85529}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{91BB2F3E-4A95-43CA-8B36-8CFA3503A2F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9FF95C27-4CA2-4610-96D6-528C1ABEAE7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1E63739-AE5C-4D2A-85F6-42EA789D6AD0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A211B0E2-C1F4-4688-9CA3-B5E920006370}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E9BD8990-E442-4B76-8712-49B1BC7D6A47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC46D91D-0F29-442D-A61D-A429BD0CDF0D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F244021E-DFDA-4C32-AC12-59711397B7C5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F2B5B887-6CBE-47D2-B02E-747A6792A779}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FC06CE37-167A-4707-979C-8C84AA7690C0}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041BC703-380B-43ED-88E9-64303008FBFE}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{0665FF0E-12AD-436F-85FB-7923DC354EDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{0B127532-63A0-4933-A00D-D92C8F774F90}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe | 
"{0BF5A7DD-ED7E-4826-A2BF-1108A3BAAE01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{0BF7BD2E-4413-48B0-B687-1D895D977088}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{17710254-3358-4B88-B901-C66AB2629244}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{1D857C44-BE50-41C5-B42C-CC7A1B09D49D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1FD774C0-D609-4C68-A72A-6392A37F714D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{331F8BC5-59F6-45E3-93D3-1F9FB1EFECF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33562258-A488-4250-B7C7-377D4EC04518}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{3A6AF93D-CE69-43AB-89E6-7299627D0014}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe | 
"{3AFF26A6-1099-4C08-ADA6-4485081DC88C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{3BE1033D-4FDA-4F96-ADB2-206E3DDE3B23}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{3F8944D1-9E4E-4670-B78A-819596C3EB3A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{42790759-8BC2-40CD-9A6D-372C940694BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{44629F49-E257-4B2F-A44E-50BDBE4D848E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{506F6ADF-7A51-45EB-BA59-764CA52FCEAA}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{5A411BA6-3DCD-4A6C-92A5-4CC2BFFEE63C}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{5A77139C-CBA1-4940-88BE-EF7EEF56A3E8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{609DF8FF-33CC-4CB8-B481-4843EE2B1C21}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{628CB2F8-2643-4ADC-A430-C84DFB9AF6C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6309A85A-AD11-4F59-9E6A-B32AEB017627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65CBD408-EF55-4055-A1AF-6FD1224F6CD6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{65D4BEED-CEFE-4E60-89AB-1754D2C323F9}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{6858D78F-EEA3-4CC8-B100-16121BD24C66}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{68EC649A-C267-4EA9-B1D9-113B20F6F078}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii public test.exe | 
"{695182FD-4D36-4EB2-BDE2-389522C95696}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{69E820C4-C504-4168-A7E5-B71B8B822685}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C40975B-6167-4B7B-8C75-E4D0F3ADADD6}" = protocol=17 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"{701EF2F3-C71C-45FD-9081-257EBEA3619A}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{725416CB-2435-4C8D-932F-7D4C23C8B5EE}" = protocol=6 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"{7B1EACE7-279C-486E-A61C-C322D117FFF3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7F493754-451B-4AB7-9F12-6B514B41CBF6}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{7F85860E-2514-4DDD-A0EB-E9DDC3B0CB66}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe | 
"{83DB4CD0-5425-4B79-A3E1-9C26F9397EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{89F4262A-2ED0-4241-A586-B4B38E56ECAC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8EED67E7-395A-44AD-AC27-F0979E613DCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9601AB55-1328-4432-AE39-2E6A6390168C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{990E32E0-DA11-4649-AE53-82C17FD46903}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{99C49217-F959-4AAB-B2EF-30E0F3E9F930}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{99CCC2E4-C54C-42F7-A1C1-8237693544EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9C0A7A1A-18EA-4568-8E4E-AE31C9635D41}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{9CE53C92-1F50-43E1-A5DB-3C3169AD1E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A4655CC6-E567-4023-B402-46E5825860D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A4C99362-0C37-482B-911B-2CB09C247E4E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{AF99EEE7-A701-4CFF-959F-962A261EC0F8}" = protocol=6 | dir=out | app=system | 
"{B09AA2C9-2733-4EEE-BE4F-3AC92C374EA9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe | 
"{B3A42B34-9638-4B86-A395-B4CC1C52E359}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B5082424-D183-49EB-9656-44E14D66770F}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{B8AB2DCE-8454-4C61-84BE-962AA6539C86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B9D0FA07-0E07-4F00-A64A-A1900C0DA37F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BE73D40D-C534-4CF2-83C9-517CDC5FFDEE}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{D60F7A2F-967E-4A3C-80FD-F044733C46F8}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{DC241C67-B9A0-4EB3-A21F-7D9C8EC1623A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC3B794A-023F-435A-BAE5-A3B427628419}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{DD6B8B0C-57D6-4D84-84B5-86E4125BA1BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DF6D4D86-78B4-4F04-98F7-90232DF973FE}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{E468080C-13F5-4D6C-A233-B6BC007472D3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | 
"{E5996A49-A109-4F12-91D4-D699F9724B82}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3.exe | 
"{EBAB9B18-6FD4-4672-A402-FB0AEC0C4A0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EE42882C-1117-4A23-A7A1-C83EB3CFFA3C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{EF0976D8-F327-42F7-9DCB-00E1566A9FE9}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{EF679C6D-77DA-444C-A4CB-36A5005DD2DD}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{F0730E2D-B132-43D2-B551-4274DA0B36C7}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{F5F6B53F-B27B-4C5E-8A09-607CFC05BD64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB6D8EBA-E0F0-4A2C-AA2C-B258148F6D15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"TCP Query User{331E9F16-6825-4C5F-B31F-252960BFDA2A}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=6 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe | 
"TCP Query User{54B25389-DE86-4EEB-A1CF-C4D9460F8D50}C:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"TCP Query User{5C30838A-C251-4FAD-BEED-03ECA0314B13}C:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{5FF66C44-3D70-4E84-BB07-D76FCD616B92}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{6985B3E7-E843-4441-98CE-E4E66D26057B}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{6B4DD065-1289-4B23-846B-EDF7CFDA22D6}C:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"TCP Query User{8C8D138E-83CE-4057-9678-D22B26EB5CA6}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"TCP Query User{9189C068-F8BB-4DEA-BCF9-B89BA8B19C64}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{D7EFE573-C049-4ACB-A107-1861DB9B9FEB}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=6 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe | 
"TCP Query User{EA09DFD7-9327-4125-A211-A87E6FED0926}C:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{0E04C3EB-4FCA-4EDF-B0BE-2C883F409487}C:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"UDP Query User{1263A2E0-CFA7-4191-A781-64EFB78AC560}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{58058209-C3A4-4AD3-B8D2-12312495818F}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=17 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe | 
"UDP Query User{6A0076B6-52F5-4983-8F77-8B8413FDE6F8}C:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{6A7F9AF6-14B4-40EF-B82E-4515FE29F1E1}C:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{7B7E9993-3F9C-4B33-AE26-B8E29080E47F}C:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=c:\program files\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"UDP Query User{9F34C78F-39C2-444D-AA1C-B8DD7E03279E}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{A8F1DDC7-0851-4EC8-9339-1BBE3ADEE778}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{D0270356-311F-459A-8B03-1AC1D26DB248}C:\users\friedel\desktop\age of e\the conquerors.exe" = protocol=17 | dir=in | app=c:\users\friedel\desktop\age of e\the conquerors.exe | 
"UDP Query User{F23EEE3A-E3B0-45CA-9E41-FF0BEC8F5E60}C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1DDBB403-693C-4922-A6DF-0B63B4D6BC88}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DACC3F4-2007-A5EE-5FFF-129338EC89E6}" = CCC Help English
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5AC11070-A1CB-11E0-A0DC-0013D3D69929}" = Vegas Pro 10.0
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{6603BC18-EEF7-7936-77BF-76861115E674}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{81E19A62-1FD2-1066-7C10-19DD3323E27F}" = AMD Media Foundation Decoders
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{840D2B01-6A05-1D0D-DCD2-59567DE0E0BC}" = AMD Fuel
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A024B9E5-7702-4556-A7BF-A04BFF2DE5D8}" = Might & Magic Heroes VI - Game Official Demo
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ADA348F3-EE4E-407D-A22D-105A9A0116BB}" = 3D-Weltatlas
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B638BA42-AE8C-4A1C-89C9-A7801F8BBBB9}" = HD Writer AE 2.6T
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar WALL-E
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}" = pdfforge Toolbar v6.3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5E0CB10-C275-11DF-B3A6-0013D3D69929}" = DVD Architect Pro 5.2
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA5207DE-C275-11DF-AC9F-0013D3D69929}" = MSVCRT Redists
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC0B3C41-FED1-4245-97CD-F03BEEBDEE89}" = Media Manager 2.4
"{CC5FA098-131A-5648-31D5-825692C72B2C}" = AMD VISION Engine Control Center
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7034A1E-E44D-4CB4-B628-CC7D728701E7}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{F99F26DF-CCDE-F5F6-02AD-ABA8AAB51ADE}" = ccc-utility
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AviSynth" = AviSynth 2.5
"Bamboo Dock" = Bamboo Dock
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"Blender" = Blender
"Celestia_is1" = Celestia 1.6.0
"Crimson Skies 1.0" = Microsoft Crimson Skies
"Fraps" = Fraps (remove only)
"Freemake Video Converter_is1" = Freemake Video Converter version 2.3.0
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.1.5
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"HP Photo Creations" = HP Photo Creations
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{ADA348F3-EE4E-407D-A22D-105A9A0116BB}" = 3D-Weltatlas
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Maxima-5.23.2_is1" = Maxima 5.23.2
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"Pen Tablet Driver" = Bamboo
"StarCraft II" = StarCraft II
"Steam App 410" = Portal: First Slice
"Steam App 42910" = Magicka
"Steam App 44320" = DiRT 3
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
"GeoGebraPrim" = GeoGebraPrim
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.10.2012 14:42:30 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Safari.exe, Version: 5.34.57.2, Zeitstempel:
 0x4f982b5e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17932,
 Zeitstempel: 0x503275ba  Ausnahmecode: 0x80000003  Fehleroffset: 0x000348be  ID des fehlerhaften
 Prozesses: 0x1674  Startzeit der fehlerhaften Anwendung: 0x01cda9727c7c02a6  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Safari\Safari.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: bdfb5e64-1565-11e2-b26e-000a3a85a4a9
 
Error - 14.10.2012 08:09:48 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WebKit2WebProcess.exe, Version: 7534.57.2.4,
 Zeitstempel: 0x4f97642d  Name des fehlerhaften Moduls: npJavaPlugin.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4f98232a  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x65ea4162  ID des fehlerhaften Prozesses: 0xf98  Startzeit der fehlerhaften Anwendung:
 0x01cdaa0429316674  Pfad der fehlerhaften Anwendung: C:\Program Files\Safari\Apple
 Application Support\WebKit2WebProcess.exe  Pfad des fehlerhaften Moduls: npJavaPlugin.dll
Berichtskennung:
 0c63de6d-15f8-11e2-9c78-000a3a85a4a9
 
Error - 14.10.2012 08:13:49 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353   18 100.2.168.192.in-addr.arpa.
 PTR Wheatley-2.local.
 
Error - 14.10.2012 08:13:49 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 100.2.168.192.in-addr.arpa.
 PTR Wheatley.local.
 
Error - 14.10.2012 08:19:14 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353   18 100.2.168.192.in-addr.arpa.
 PTR Wheatley-2.local.
 
Error - 14.10.2012 08:19:14 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 100.2.168.192.in-addr.arpa.
 PTR Wheatley.local.
 
Error - 14.10.2012 08:22:29 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353   18 100.2.168.192.in-addr.arpa.
 PTR Wheatley-2.local.
 
Error - 14.10.2012 08:22:29 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 100.2.168.192.in-addr.arpa.
 PTR Wheatley.local.
 
Error - 14.10.2012 08:34:01 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GDSC.exe, Version: 22.0.11091.238,
 Zeitstempel: 0x4d95315a  Name des fehlerhaften Moduls: GDSC.exe, Version: 22.0.11091.238,
 Zeitstempel: 0x4d95315a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000628a2  ID des fehlerhaften
 Prozesses: 0x6cc  Startzeit der fehlerhaften Anwendung: 0x01cdaa0813e81460  Pfad der
 fehlerhaften Anwendung: C:\Program Files\G Data\AntiVirus\GUI\GDSC.exe  Pfad des 
fehlerhaften Moduls: C:\Program Files\G Data\AntiVirus\GUI\GDSC.exe  Berichtskennung:
 6e4b5f99-15fb-11e2-b40b-4061869323d4
 
Error - 14.10.2012 09:34:37 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.100:5353   18 100.2.168.192.in-addr.arpa.
 PTR Wheatley-2.local.
 
Error - 14.10.2012 09:34:37 | Computer Name = Wheatley | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 100.2.168.192.in-addr.arpa.
 PTR Wheatley.local.
 
[ System Events ]
Error - 14.10.2012 09:53:40 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 09:53:40 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 09:53:41 | Computer Name = Wheatley | Source = DCOM | ID = 10005
Description = 
 
Error - 14.10.2012 09:53:41 | Computer Name = Wheatley | Source = DCOM | ID = 10005
Description = 
 
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 09:53:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

--- --- ---

[/code]

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-14 17:36:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000063 WDC_WD15 rev.80.0
Running: 0cog7507.exe; Driver: C:\Users\Friedel\AppData\Local\Temp\fxliqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         8268EA49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           826C84D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a85a4a9                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a85a4a9 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
 --- --- ---

So, ich hoffe das passt so alles

Danke schon mal im Vorraus für jede Unterstützung.

cosinus · 17.10.2012, 13:56

Wieso präsentierst du jetzt ein Malwarebytes-Log ohne Funde?!
Als Helfer muss man selbstverständlich wissen was genau gefunden und entfernt wurde!

turambar · 17.10.2012, 22:20

Ups, sorry, falscher Log. Ich machs euch nicht einfach, oder?

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.14.03

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Friedel :: WHEATLEY [Administrator]

14.10.2012 14:36:14
mbam-log-2012-10-14 (14-36-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 500826
Laufzeit: 55 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Friedel\Desktop\Age of E\Age of Empires II Portable\1000000600002i\svchost.exe (Trojan.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Friedel\Desktop\Age of E\Age of Empires II Portable\40000038600002i\empires2.exe (Trojan.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Friedel\Desktop\Age of E\Age of Empires II Portable\400000c00002i\closedpw.exe (Trojan.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Friedel\0.33022559424374165.exe (Exploit.Drop.UR.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

MfG, turambar

cosinus · 17.10.2012, 22:42

Code:

ATTFilter

C:\Users\Friedel\Desktop\Age of E\Age of Empires II Portable\1000000600002i\svchost.exe (Trojan.IRCBot)

Aus welcher Quelle ist das?

turambar · 18.10.2012, 07:44

Das ist eine Age of Empires 2 Version, die ich von einem Bekannten bekommen hab, weil meine normale Version auf Windows 7 nicht ohne Farbfehler lief. Wo er sie her hat, weiß ich nicht.

cosinus · 18.10.2012, 10:10

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

turambar · 19.10.2012, 15:56

Hier ist der ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=773713144529644998bc925e5a1b1b9d
# end=finished
 # remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-19 08:11:13
# local_time=2012-10-19 10:11:13 (+0100, Mitteleuropäische Sommerzeit)
 # country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 41619499 41619499 0 0
# compatibility_mode=5893 16776573 100 94 155 102259323 0 0
# compatibility_mode=8192 67108863 100 0 171 171 0 0
 # scanned=309923
# found=20
# cleaned=0
# scan_time=6162
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 C:\Program Files\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
C:\ProgramData\mywmdfzs.exe    Win32/Weelsof.B trojan (unable to clean)    00000000000000000000000000000000    I
 C:\Users\All Users\mywmdfzs.exe    Win32/Weelsof.B trojan (unable to clean)    00000000000000000000000000000000    I
C:\Windows\Installer\a72e1.msi    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
 ${Memory}    a variant of Win32/Toolbar.Widgi application    00000000000000000000000000000000    I

cosinus · 19.10.2012, 16:47

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

turambar · 19.10.2012, 18:26

Der Log vom adwCleaner:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 19/10/2012 um 19:20:27 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Friedel - WHEATLEY
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Friedel\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Application Updater

***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Application Updater
Ordner Gefunden : C:\Program Files\Common Files\spigot
Ordner Gefunden : C:\Program Files\pdfforge Toolbar
Ordner Gefunden : C:\Users\Friedel\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\Friedel\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Application Updater
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}
Schlüssel Gefunden : HKLM\Software\pdfforge
Schlüssel Gefunden : HKLM\Software\Search Settings
Schlüssel Gefunden : HKU\S-1-5-21-3744982105-1280326129-4264077337-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profilname : default 
Datei : C:\Users\Friedel\AppData\Roaming\Mozilla\Firefox\Profiles\q1xpekqa.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.51.1087.0

Datei : C:\Users\Friedel\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3147 octets] - [19/10/2012 19:20:27]

########## EOF - C:\AdwCleaner[R1].txt - [3207 octets] ##########

In der Zwischenzeit sag ich schonmal danke für die bisher geleistete Hilfe!

h:

cosinus · 21.10.2012, 11:03

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

turambar · 21.10.2012, 13:57

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 21/10/2012 um 14:33:31 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Friedel - WHEATLEY
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Friedel\Downloads\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Application Updater

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Application Updater
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Program Files\pdfforge Toolbar
Ordner Gelöscht : C:\Users\Friedel\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Friedel\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profilname : default 
Datei : C:\Users\Friedel\AppData\Roaming\Mozilla\Firefox\Profiles\q1xpekqa.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Friedel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.51.1087.0

Datei : C:\Users\Friedel\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3000 octets] - [21/10/2012 14:33:31]

########## EOF - C:\AdwCleaner[S1].txt - [3060 octets] ##########

cosinus · 21.10.2012, 16:19

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

turambar · 21.10.2012, 21:08

Nein, ich kann auf Windows immer noch nur über den abgesicherten Modus zugreifen. Aber im Startmenü ist nach wie vor alles vorhanden (vielleicht ja nur, weil Windows im abgesicherten Modus ist?).

17.10.2012, 13:56	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"Webseite kann nicht angezeigt werden" bei Windows 7 Boot Wieso präsentierst du jetzt ein Malwarebytes-Log ohne Funde?! Als Helfer muss man selbstverständlich wissen was genau gefunden und entfernt wurde! __________________ Logfiles bitte immer in CODE-Tags posten

17.10.2012, 22:42	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"Webseite kann nicht angezeigt werden" bei Windows 7 Boot Code: ATTFilter C:\Users\Friedel\Desktop\Age of E\Age of Empires II Portable\1000000600002i\svchost.exe (Trojan.IRCBot) Aus welcher Quelle ist das? __________________ --> "Webseite kann nicht angezeigt werden" bei Windows 7 Boot

21.10.2012, 16:19	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"Webseite kann nicht angezeigt werden" bei Windows 7 Boot Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

"Webseite kann nicht angezeigt werden" bei Windows 7 Boot

Plagegeister aller Art und deren Bekämpfung: "Webseite kann nicht angezeigt werden" bei Windows 7 Boot