Trojaner-Board - Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr (https://www.trojaner-board.de/127442-win-7-ukash-iac-virus-kein-zugriff-mehr-normalen-modus-mehr.html)

Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr

Hallo,
ich brauche unbedingt Eure Hilfe. Ich habe mir den Ukash-virus eingefangen. Bei Neustart fährt zwar Win 7 ordentlich hoch, jedoch ploppt kurz nachdem der Desktop erscheint gleich wieder das Bild der "International Police Association" ins Bild.

Habe dann den Rechner im abgesicherten Modus gestartet und er läuft soweit. Keine "Ukash-Meldung" mehr. Ein Freund von mir hat bereits Malwarebytes Anti-Malware installiert und einen kompletten Scan laufen lassen. Nur hat er alle Funde gelöscht und wenn ich das hier richtig gelesen habe sollte man das nicht tun. Besteht noch Hoffnung für meinen Rechner.

Ich komme problemlos in den abgesicherten modus und habe auch schon Malwarebytes auf dem Pc, nur keine Internetverbindung zum Updaten. Was soll Ich jetzt tun?

Danke schonmal für die Hilfe

:hallo:

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:

Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen! :kloppen:

Scan und Unlock mit SREP

Downloade dir bitte srep.exe und speichere diese auf einen USB Stick.
Wichtig: Nicht in einen Ordner speichern.

Starte den infizierten Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste. Danach solltest Du einige Optionen zur Auswahl haben. Navigiere mit den Pfeiltasten zu Abgesicherter Modus mit Eingabeaufforderung und drücke Enter
** Hinweis: Es kann sein, dass eine andere F Taste gedrückt werden muss, um in die Startoptionen zu kommen.
Logge dich nun in das infizierte Benutzerkonto ein.
Schließe den USB Stick an den infizierten Rechner an.
Nun ist etwas Handarbeit gefragt.
- Du musst zuerst heraus finden, welchen Laufwerksbuchstaben der USB Stick hat.
- Dazu gib bitte einfach E: ein und drücke Enter. Sollte folgende Meldung kommen.
  
  Zitat:
  
  Das System kann das angegeben Laufwerk nicht finden
  
  versuche einen anderen Laufwerksbuchstaben. ( zB F: )
Sobald Du den richtigen Laufwerksbuchstaben gefunden hast, gib folgendes ein und drücke Enter.
start srep.exe
Drücke nun auf Scan.
Lass das Tool in Ruhe laufen. Der Rechner wird automatisch neu starten.

Auf deinen USB Stick befindet sich eine shell.txt. Bitte poste diese in deiner nächsten Antwort.

Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.

hay ho.

Ok hab den Scan durchlaufen lassen und komme wieder normal ins Sytem. Hier die shell datei

Zitat:

Gut! Wir müssen jetzt noch dringend die Reste entfernen.

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet. Schreibe mir nur ob der Schritt geklappt hat, das anfallende Logfile brauchen wir nicht.

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.

Stelle folgendes ein:

Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"

Ausgabe: Minimal

Benutze SafeList in jedem Feld.

Haken bei "Benutze Hersteller-Whitelist"

Dateien erstellt und verändert innerhalb Datei-Alter

Haken bei LOP Prüfung und Purity Prüfung

Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex netsvcs msconfig drivers32 safebootminimal safebootnetwork %SYSTEMDRIVE%\*. %SYSTEMDRIVE%\*.* %PROGRAMFILES%\*.* %PROGRAMFILES(X86)%\*.* %appdata%\*. %appdata%\*.* %localappdata%\*. %localappdata%\*.* %allusersprofile%\*. %allusersprofile%\*.* CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Scan Button.

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Habe den ersten schritt ausgeführt. Nach dem neustart kommt jetzt wieder das IAC bild und ich kann nix machen.

Fix mit SREP

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

%USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe

und speichere es als fix.txt im selben Verzeichnis wie die srep.exe

Starte deinen Rechner bitte erneut in den Abgesicherten Modus mit Eingabeaufforderung.
Schließe deinen USB Stick erneut an den Infizierten Rechner.
Bitte nutze den selben USB Steckplatz wie beim Scan

Gib bitte folgenden Befehl ein
X:\srep.exe
Drücke den Fix Button.

Dein Rechner wird automatisch neu starten.

Berichte bitte, ob Du nun wieder auf den Infizierten Rechner zugreifen kannst.

Wir sind dann aber noch nicht fertig!

so alles gemacht und das bildkommt leider immer noch.

Dann bitte nochmal SREP mit Scan.

Leider kein erfolg.

hier die neue shell datei

Zitat:

WIN_7 X64 Service Pack 1
Running from J:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.

[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
svchost.exe
WmiPrvSE.exe
srep.exe

HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Adobe ARM] = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\..\Run [StartCCC] = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run [AMD AVT] = Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\..\Run [Garmin Lifetime Updater] = C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKCU\..\Run [KiesHelper] = C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKCU\..\Run [KiesTrayAgent] = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKCU\..\Run [KiesPDLR] = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKCU\..\Run [Steam] = "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKCU\..\Run [svñhîst] = %USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Winlogon; Shell =
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [KiesHelper] = C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [KiesTrayAgent] = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [KiesPDLR] = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [Steam] = "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [svñhîst] = %USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe

x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell =

==== FINISH 23.11-21.21 ====
WIN_7 X64 Service Pack 1
Running from J:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.

[System Process]
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
srep.exe
svchost.exe

HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Adobe ARM] = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\..\Run [StartCCC] = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run [AMD AVT] = Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\..\Run [Garmin Lifetime Updater] = C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKCU\..\Run [KiesHelper] = C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKCU\..\Run [KiesTrayAgent] = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKCU\..\Run [KiesPDLR] = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKCU\..\Run [Steam] = "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKCU\..\Run [svñhîst] = %USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Winlogon; Shell =
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [KiesHelper] = C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [KiesTrayAgent] = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [KiesPDLR] = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [Steam] = "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\Run [svñhîst] = %USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe

x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell =

==== FINISH 23.11-22.26 ====

... und das hast du hier wirklich so gemacht?

Fix mit SREP

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

%USERPROFILE%\AppData\Local\Temp\0rAFCE4.exe

Gib bitte folgenden Befehl ein
X:\srep.exe
Drücke den Fix Button.

Dein Rechner wird automatisch neu starten.

Habs ebend nochmal probiert und diesmal nur den Text kopiert der da steht. Davor habe ich auf alles kopieren geklickt. Aber es hat wieder nicht geklappt.

Also ich habe alles so gemacht wie es dort steht, nur das x bei X:srep.exe habe ich durch den laufwerksbuchstaben ersetzt.

Bitten den Text eben markieren und mit STRG C kopieren. Nochmal wiederholen bitte.

Jetzt gehts wieder. Dann mach ich weiter mit schritt 2?

genau Schritt 2 bitte. Scan mit OTL.

ok alles durch hier die OTL

OTL Logfile:

Code:

OTL logfile created on: 23.11.2012 23:11:51 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Reggi\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 69,46% Memory free

6,49 Gb Paging File | 5,07 Gb Available in Paging File | 78,03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 445,26 Gb Total Space | 256,78 Gb Free Space | 57,67% Space Free | Partition Type: NTFS

Drive D: | 20,49 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: FAT32

Drive J: | 7,23 Gb Total Space | 7,08 Gb Free Space | 97,90% Space Free | Partition Type: FAT32

 

Computer Name: REGGI-PC | User Name: Reggi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Reggi\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()

MOD - C:\Users\Reggi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()

MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)

DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)

DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 EF DE 8F 91 9A CC 01  [binary data]

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0

FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3

FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4

FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20121022

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Reggi\AppData\Roaming\5053 [2011.12.07 00:53:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.11.16 19:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Extensions

[2012.10.24 16:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions

[2012.09.23 17:23:31 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012.10.24 16:47:59 | 002,290,783 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\nasanightlaunch@example.com.xpi

[2012.10.12 12:34:34 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2012.10.27 21:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.12.07 00:53:06 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\REGGI\APPDATA\ROAMING\5053

[2012.10.27 21:19:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.26 15:33:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 17:42:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.26 15:33:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.26 15:33:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.26 15:33:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.26 15:33:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [svñhîst] C:\Users\Reggi\AppData\Local\Temp\0rAFCE4.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\tnnsq90lt.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D708A31-5936-4F72-9C6E-C9C41C34E7FB}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.06.07 11:24:12 | 000,000,000 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpFolder: C:^Users^Reggi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()

MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe ()

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()

Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()

Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()

Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()

Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: DnsCache - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: LanmanWorkstation - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.23 23:05:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe

[2012.11.22 22:22:01 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.11.20 22:03:46 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Roaming\Malwarebytes

[2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.11.20 22:03:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.11.20 22:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.11.14 18:24:16 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{73FB583C-771A-4177-96F1-116A2FB049DE}

[2012.11.11 13:45:05 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{A8FE49B8-161A-477F-8AA5-73CB06CB2F10}

[2012.10.29 01:15:04 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{9517472E-5D60-45FD-9D44-60770351836D}

[2012.10.27 21:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.27 14:29:12 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{8E60A42F-C2C3-45E7-84C2-09758DEA2791}

[2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.23 23:08:27 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.23 23:08:27 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.23 23:05:38 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.11.23 23:05:38 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.11.23 23:05:38 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.11.23 23:05:38 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.11.23 23:05:38 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.11.23 23:05:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe

[2012.11.23 23:01:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.23 23:00:59 | 2615,803,904 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.20 22:04:46 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.20 21:32:06 | 000,022,535 | ---- | M] () -- C:\Users\Reggi\Desktop\Steckbrief.odt

[2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.20 22:03:20 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.09 20:25:40 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll

[2012.10.09 20:25:40 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll

[2012.10.09 20:25:40 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll

[2012.10.09 20:25:40 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll

[2012.10.09 20:25:40 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll

[2012.10.09 20:25:40 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll

[2012.08.03 21:03:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad

[2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011.12.15 05:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2011.12.07 00:52:52 | 000,000,036 | ---- | C] () -- C:\Users\Reggi\AppData\Roaming\blckdom.res

[2011.11.16 19:48:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2011.11.16 19:07:08 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2011.11.06 17:59:13 | 000,000,093 | ---- | C] () -- C:\Users\Reggi\AppData\Local\fusioncache.dat

[2011.11.06 17:57:48 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.11.06 10:24:31 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.04 03:46:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.11.04 01:49:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-4293284574-4106077085-2191208304-1000\$46a71d9b1f14aa218d4d5b222b53bba7\n.

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.10.17 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.minecraft

[2012.05.20 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.spoutcraft

[2011.12.07 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\5053

[2012.06.22 14:01:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\BANDISOFT

[2012.09.23 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoft

[2011.11.15 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.09.23 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Garmin

[2011.11.10 20:30:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Jens Lorek

[2011.12.07 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\kock

[2012.09.27 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\LolClient

[2011.11.08 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\OpenOffice.org

[2012.08.12 22:21:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Origin

[2012.07.04 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Samsung

[2012.07.16 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-updater

[2012.07.16 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-zsync

[2012.07.16 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\SplitMediaLabs

[2011.11.07 00:30:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\TS3Client

[2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\UAs

[2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\xmldm

[2012.06.24 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\XnView

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2011.11.09 15:20:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012.08.09 08:45:53 | 000,000,000 | ---D | M] -- C:\AMD

[2011.11.04 01:45:06 | 000,000,000 | ---D | M] -- C:\ATI

[2012.01.10 18:59:19 | 000,000,000 | -HSD | M] -- C:\Boot

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2007.10.16 19:51:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2012.08.07 22:23:59 | 000,000,000 | ---D | M] -- C:\Games

[2012.11.22 22:22:58 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0

[2012.09.23 23:13:37 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.11.20 22:03:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012.11.20 22:03:20 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2007.10.16 19:51:43 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.11.03 23:32:06 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012.09.27 22:29:17 | 000,000,000 | ---D | M] -- C:\Riot Games

[2012.11.23 23:13:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.09.04 13:42:10 | 000,000,000 | ---D | M] -- C:\Temp

[2012.08.07 22:22:56 | 000,000,000 | R--D | M] -- C:\Users

[2012.11.22 17:17:25 | 000,000,000 | ---D | M] -- C:\Windows

[2011.11.04 00:17:39 | 000,000,000 | ---D | M] -- C:\Windows.old

 
 < %SYSTEMDRIVE%\*.* >

[2012.11.23 21:45:48 | 000,010,896 | ---- | M] () -- C:\AdwCleaner[S1].txt

[2009.12.26 12:34:45 | 000,425,067 | ---- | M] () -- C:\AnalysisLog.sr0

[2011.12.11 22:41:08 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp

[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2011.11.03 22:49:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010.11.05 17:37:45 | 000,000,126 | ---- | M] () -- C:\cmdlog.txt

[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007.11.07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007.11.07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007.11.07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2012.11.23 23:00:59 | 2615,803,904 | -HS- | M] () -- C:\hiberfil.sys

[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007.11.07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007.11.07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007.11.07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007.11.07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007.11.07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007.11.07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007.11.07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007.11.07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007.11.07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2008.02.18 15:50:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011.12.02 23:54:53 | 000,255,141 | RHS- | M] () -- C:\JRGFX

[2008.02.18 15:50:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012.11.23 23:01:01 | 3487,739,904 | -HS- | M] () -- C:\pagefile.sys

[2011.11.11 02:21:13 | 000,063,262 | ---- | M] () -- C:\shared.log

[2007.11.23 11:48:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2007.12.22 12:02:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2008.01.06 12:54:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2009.06.07 17:00:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2007.11.23 11:48:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2007.12.22 12:02:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2008.01.06 12:54:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009.06.07 17:00:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2007.10.28 10:46:24 | 000,638,960 | ---- | M] () -- C:\TB.log

[2007.11.07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007.11.07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007.11.07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2011.12.02 23:54:53 | 000,000,020 | RHS- | M] () -- C:\winx.ld

 
 < %PROGRAMFILES%\*.* >

[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 
 < %PROGRAMFILES(X86)%\*.* >

[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 
 < %appdata%\*.  >

[2012.10.17 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.minecraft

[2012.05.20 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.spoutcraft

[2011.12.07 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\5053

[2012.04.15 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Adobe

[2012.05.28 16:46:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Ahead

[2011.11.04 01:50:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\ATI

[2011.11.04 01:42:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Avira

[2012.06.22 14:01:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\BANDISOFT

[2012.09.23 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoft

[2011.11.15 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.09.23 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Garmin

[2011.11.03 23:33:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Identities

[2011.11.10 20:30:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Jens Lorek

[2011.12.07 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\kock

[2012.09.27 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\LolClient

[2011.11.04 02:41:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Macromedia

[2012.11.20 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Media Center Programs

[2012.04.15 23:26:09 | 000,000,000 | --SD | M] -- C:\Users\Reggi\AppData\Roaming\Microsoft

[2011.12.13 22:12:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Mozilla

[2011.11.08 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\OpenOffice.org

[2012.08.12 22:21:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Origin

[2012.07.04 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Samsung

[2012.07.16 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-updater

[2012.07.16 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-zsync

[2012.11.20 01:11:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Skype

[2012.07.16 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\SplitMediaLabs

[2011.11.07 00:30:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\TS3Client

[2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\UAs

[2012.11.20 01:11:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\vlc

[2011.12.02 23:45:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\WinRAR

[2012.01.19 22:44:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Xfire

[2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\xmldm

[2012.06.24 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\XnView

 
 < %appdata%\*.*  >

[2011.12.08 19:30:37 | 000,000,065 | ---- | M] () -- C:\Users\Reggi\AppData\Roaming\AcroIEHelpe.txt

[2011.12.09 00:58:00 | 000,000,036 | ---- | M] () -- C:\Users\Reggi\AppData\Roaming\blckdom.res

[2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ]

 
 < %localappdata%\*.  >

[2012.09.08 08:21:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\4A Games

[2012.04.15 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Adobe

[2012.05.28 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Ahead

[2011.11.03 23:32:22 | 000,000,000 | -HSD | M] -- C:\Users\Reggi\AppData\Local\Anwendungsdaten

[2012.11.20 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ApplicationHistory

[2012.07.16 00:57:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ArmA 2

[2012.07.19 13:06:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ArmA 2 OA

[2011.11.04 01:50:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ATI

[2012.10.24 17:09:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Chromium

[2012.07.18 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Downloaded Installations

[2011.11.07 00:30:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\ESN Sonar

[2012.04.15 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Microsoft

[2011.11.18 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Morphyre

[2011.11.04 02:34:58 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Mozilla

[2012.08.12 22:23:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Origin

[2012.11.20 22:13:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\PMB Files

[2012.06.13 23:24:42 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\PokerStars.NET

[2011.11.04 04:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\PunkBuster

[2012.07.04 17:58:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Samsung

[2012.07.16 09:21:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\SIX_Projects

[2012.07.16 20:48:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\SplitMediaLabs

[2012.08.08 16:45:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\SWTOR

[2012.11.23 23:18:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Temp

[2011.11.03 23:32:22 | 000,000,000 | -HSD | M] -- C:\Users\Reggi\AppData\Local\Temporary Internet Files

[2012.03.24 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\The Lord of the Rings Online

[2012.10.17 18:53:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Turbine

[2011.11.03 23:32:22 | 000,000,000 | -HSD | M] -- C:\Users\Reggi\AppData\Local\Verlauf

[2012.10.04 11:16:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\VirtualStore

[2012.08.12 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\Windows Live

[2011.12.26 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{00A574B5-9D53-4A83-9DEC-18564BCCA878}

[2011.12.11 00:24:21 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{00DC0FEA-93AB-4FEA-A4B7-58747C9C1864}

[2011.11.08 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0297018F-E0DA-4E35-A56B-EF20454A9415}

[2012.09.22 10:50:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0316C467-9506-4F26-B027-FD3CF48822F4}

[2011.12.07 17:58:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{036864CF-E9C3-4120-B976-C689F8427445}

[2012.05.01 14:10:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{042BECBA-B35C-477F-930E-7AD796A4CD27}

[2011.12.07 17:58:21 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0451A34A-F884-478E-9571-A7ADCC575D76}

[2012.10.08 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{048851E2-21A4-4A38-B623-93926D772200}

[2011.12.25 14:51:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{05936B0F-9F3D-4708-8071-6FB8B0728662}

[2011.12.17 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{063B6EDD-6720-4201-A968-45F68015C9C9}

[2011.11.13 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{06DE57F3-87F9-42D0-ABF4-6C3AF99022A0}

[2011.12.29 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{081A3D45-A626-43DA-B54C-90D53D0A98A1}

[2011.12.10 12:23:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{09548C2A-6013-41F4-B90A-94D00DF7EB72}

[2012.02.23 00:27:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{09C4DAC3-5CFD-4FEE-B4A9-3C95CB1B5873}

[2012.09.29 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0A367733-AB56-4F4B-9167-46792F2C8F10}

[2012.01.16 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0A513780-FFBB-4D7B-AD78-34374F7A7680}

[2011.11.15 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0BF97A25-E0EC-413F-A5BB-1849FD309A89}

[2012.07.01 13:36:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0CEE709A-7E42-41D9-AA7F-FDBFE6E8A502}

[2012.09.23 23:41:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0D792EFB-C28B-4BAB-A53C-72D7FBF4C097}

[2012.08.30 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{0E339D2E-82C4-43D3-9999-BE1B821E3722}

[2012.05.23 11:29:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1008470C-B862-4193-B379-A34495F05466}

[2012.03.25 01:14:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1106242D-F8F0-437C-97E8-31F80ED4C1CB}

[2011.11.11 09:37:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1216804D-E9B9-4ED1-82DF-FAD3F84DABFA}

[2012.07.05 10:35:42 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1277F7DA-D737-45FE-9282-4060EC95069D}

[2012.07.01 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{17555884-3FBF-4EAF-BC15-D0A1B09C0BD4}

[2011.12.16 00:02:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{18E09BE3-40CE-4F66-9D35-496139CCE456}

[2011.11.09 11:42:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1974249D-4A8B-4048-99A8-64B8E16497A6}

[2012.01.02 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1BCD82CE-AA6F-4132-85F4-A62B22704857}

[2012.01.18 00:24:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{1F3CE19B-52FC-4D04-91EE-744875E53EFD}

[2012.01.07 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{21D932C3-F5BB-404B-A356-0EE61B18C871}

[2011.11.29 16:17:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{266FFB65-CCC6-4DDB-BCDA-F4028D5B0A59}

[2011.11.26 15:36:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{27140D0E-6741-47E9-B5D2-EA41D3BDD8B4}

[2012.06.12 23:01:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{285080D8-666B-4A50-8F4A-B3D64891EC4A}

[2011.12.11 13:36:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{28B8D195-270F-4251-B0C6-0F5B03BEE5D1}

[2012.01.15 14:23:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2905BC8D-60EA-46DC-821C-83C4B5EE34D2}

[2012.10.04 23:21:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{293A41BA-EB5F-4567-A01F-9EB714A17B28}

[2012.01.16 17:33:39 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2CDA216C-6C20-4C8B-8506-5989AD040F94}

[2011.12.28 00:02:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2D1F2473-D526-41A6-A7AA-66015949F73C}

[2012.06.24 12:55:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{2D49D803-65B9-492D-BE23-989D3BB41294}

[2011.12.12 15:49:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{306DA74D-3916-46C4-B4E2-C533B340473C}

[2012.10.03 18:44:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{314C07BA-A2A4-47CC-9853-8FF141EDE4A5}

[2012.04.08 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{31E7122E-371D-4C7B-ABC8-CE3BF28029A4}

[2012.06.12 23:01:00 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{32BC53BA-DA9D-41CF-98EE-565599F13806}

[2012.07.07 11:55:37 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{332C181C-3F74-4A31-9ED0-AB76788CBE30}

[2012.02.23 00:27:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{334ACFEA-CD04-42B1-9C6D-72B6C1437887}

[2011.11.26 00:40:16 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{33F0C358-746B-47B6-BED7-ADF921BBD210}

[2011.11.26 00:40:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{344CBB08-0D8C-4E81-8E5C-25F5832AE5F3}

[2011.11.23 13:51:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{35FCA0E6-8BE1-41D0-AC50-E8DF19CE643C}

[2012.09.15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3973DF4B-DD23-49CA-8C3F-5646F9A2A8EB}

[2011.12.05 17:12:53 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{39AE96F4-6364-44B6-9083-18A53271EC71}

[2011.11.30 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3C3571CE-4440-4FED-B13D-9DF456E79359}

[2012.05.20 14:11:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3CB6E7E6-E553-4E86-951F-BC2B910821F1}

[2012.04.02 22:51:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3DFE5217-EF62-4A28-B649-6640F887E459}

[2011.12.08 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{3ECF8E3B-18B2-4499-9BC8-4761DF8CCC4D}

[2011.11.09 11:42:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{40D176C3-D4BE-40D7-97A8-001EB0E7864C}

[2011.12.09 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{416881AB-FA38-449D-924E-BA699C15FF8E}

[2012.07.04 12:08:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4680D7F9-6710-4F08-8231-B798195C3C24}

[2012.04.01 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{49674976-7279-4094-913A-51F231AE86A1}

[2011.12.24 00:10:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{49BB5DE1-AD6D-417F-BC27-44037E90EECA}

[2011.12.06 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4BB20910-59AB-4A48-A908-88069498089B}

[2011.11.28 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4CB0C914-CAD3-4F9E-B776-BC2FFA748499}

[2012.01.04 19:50:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4E86A3BC-9E7B-44C4-A669-28AA7EB06B47}

[2012.07.01 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4E8DAD58-CEEF-4D01-8F34-A37C64466CFA}

[2012.09.16 22:42:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{4EB012FE-F461-472C-BC73-52B99AE97139}

[2012.02.04 12:48:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{50E6F476-28CE-4DC7-8FB9-4689FB9EB955}

[2012.01.01 13:09:07 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5192DB99-86B9-40FB-B740-A75C4FA732E3}

[2011.12.04 10:45:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{521FA70B-D494-412B-AF55-992062000ADA}

[2011.12.20 18:04:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{522FAE05-3E65-4663-B551-7C53E98E0540}

[2011.12.19 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{524E532F-0497-4B31-A2ED-2ECEB08F8DD3}

[2012.04.16 12:27:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5362FF79-B784-486C-BAA5-8E03C741AC12}

[2012.05.13 13:53:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{54A836E8-C58F-4A32-BD73-3F62BD0CFA7E}

[2012.08.27 21:52:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{54AE16B7-BE48-42AC-AFB5-151CF7F21596}

[2012.01.06 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{55626C87-63AF-45D9-B443-B2289D6A906D}

[2011.11.15 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{59D200E2-3316-4349-B1A1-B270F4837E7F}

[2012.01.08 12:12:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5C5DCE7C-1FA0-4634-97F5-191193BCC471}

[2012.09.24 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5CC52229-2CEC-4BC8-8CC1-35701DE0A6E4}

[2012.10.07 10:43:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5DC7AB6A-0EA9-4CD3-B9C9-9038C9DA7EDE}

[2012.02.25 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{5E5A5FCB-9138-45D9-9C62-CE95B9BFB259}

[2011.11.20 14:26:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{605C9703-7BFA-44C8-93E6-490AC29D1E87}

[2012.06.12 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6086772E-2A8F-4961-82C1-00B48F90AFB1}

[2011.12.14 20:24:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{60F65BA8-D041-4551-B7CA-6386597C823E}

[2012.03.16 23:46:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{660D75AE-10ED-4785-9F2B-EBB0DD0E8E7A}

[2011.12.27 10:06:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{66BC1CAD-2432-4004-95AB-9AFC5B3CAF9D}

[2012.01.07 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6A84C4A3-1860-465D-B080-6DAFDA5D797A}

[2012.07.02 01:41:55 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6ABFC5BA-594C-4E93-94B2-F7980B5B9B8C}

[2011.12.28 12:03:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6D2BE464-A6EA-4D02-A71F-F1663C2C9034}

[2011.12.27 10:06:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6D45CD7D-8A6A-4016-B005-0E0F3AF1B2BA}

[2012.07.03 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6DC5E4A2-6D66-4BCA-A0ED-C9EBB9F06840}

[2012.05.13 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{6E9D77D1-D2EB-49DD-8CB5-9BAA1FDFA888}

[2012.05.22 01:15:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{72800575-8869-4917-A364-230F0510CA9B}

[2011.12.18 11:02:53 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{729F9036-FC4F-4AEF-B522-9D21664F711F}

[2012.05.22 01:16:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{73361489-F017-4125-B404-14B696E90F6F}

[2012.11.14 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{73FB583C-771A-4177-96F1-116A2FB049DE}

[2012.10.17 12:26:11 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{756554FE-FFAA-4B6A-8B2B-9DE8C2ACDF51}

[2012.01.04 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{783E624D-C77F-402E-92A8-C7C0636F89C1}

[2012.01.15 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{78F4CAF3-2F68-4F92-ACB2-41145A54B85D}

[2012.05.23 14:14:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7989B62B-E153-4351-A253-20FDE813E302}

[2012.05.11 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7AB86D40-B91B-4F7E-8A80-96E90C504BA3}

[2011.11.25 12:39:20 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7B512A8E-9D33-4719-877F-79BD46EE4806}

[2012.07.02 13:42:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7E872347-E18E-41CA-8FA6-D0B6959E441A}

[2011.12.28 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7E9B0B17-4C89-4B9E-9B11-2FE0D1C97AFE}

[2012.08.28 22:32:30 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7F1DBF89-943C-4554-934E-E1891BBA2EBD}

[2011.11.24 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7F25A1DD-BF41-4428-8C33-F26865BAA0CD}

[2012.06.12 14:24:01 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7FA1B149-6F67-4E5A-9879-1F9F4E5338AE}

[2011.12.21 20:36:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{7FB578CD-7E78-4C3F-9A2F-0EB464DAA9C4}

[2011.11.25 12:39:09 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8750B40E-AB2D-4D59-8BDF-398849E31B73}

[2012.06.11 01:50:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{875D33D6-3515-48D2-A93D-CFD479DD04E8}

[2011.12.01 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{883813DA-AAAF-49B2-B6D7-87073C9B2BE7}

[2012.07.07 11:55:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8880E638-3CD4-43FA-9921-C174DB47531A}

[2012.05.11 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8A6D920E-8F3D-4689-AEC0-96E82A01AEF7}

[2011.12.19 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8B3A338E-8311-46DD-ABD9-38BEE2271587}

[2012.06.11 01:49:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8C61080C-918F-4C32-B7B1-C9BBC03C8B9B}

[2012.02.04 12:49:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E18DE0F-830E-4E96-B36B-AF2C5E380E4C}

[2011.12.20 18:04:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E320D1D-9BF7-4ACE-8397-8F977C259CEF}

[2011.11.30 12:49:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E4472A4-E72A-48C4-8792-D5BB73C8DEB3}

[2012.10.27 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8E60A42F-C2C3-45E7-84C2-09758DEA2791}

[2011.11.06 10:19:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{8F89BAA8-90BE-4B36-9739-81FD7C19173C}

[2012.10.10 00:25:34 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{907CE6E4-6C96-43A4-A7C5-CF2EE5D3D3C1}

[2011.11.20 14:25:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{911CC915-C115-4D21-9B61-39BB7E06B832}

[2012.09.13 23:12:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{915D2F17-F6DB-4AEE-B87A-296866BD77C0}

[2012.03.16 23:46:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9340F673-1797-4C45-B7EF-7C1163F15675}

[2011.12.24 00:10:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{93E0D264-4316-424B-B4D6-3DA592E1254E}

[2012.10.06 10:42:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{942759C3-96E7-4A22-9030-177600EEDDAE}

[2012.02.25 12:34:25 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{94B8461E-4F53-48B8-9CCA-AD571A6AC8F1}

[2012.08.19 21:17:25 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{94BC0398-FC8B-4303-8730-6650CACEF545}

[2012.10.10 14:09:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{950F34AE-9932-400F-8144-9AADBF3BE0FE}

[2012.10.29 01:15:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9517472E-5D60-45FD-9D44-60770351836D}

[2012.04.04 21:44:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{99AA0FB4-B1FE-492A-A5B4-0BEFF4F47DD8}

[2012.09.23 10:53:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9BFF7391-7BBA-4E0B-85A6-C49364D6D319}

[2011.12.18 23:03:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{9DBBCF21-9B8B-4023-AB63-2F6532724B74}

[2011.12.26 12:25:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A2FC5C54-64D3-4562-948E-EB2CB475680C}

[2012.07.02 13:42:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A3178C2D-43E4-41AD-AF7D-A9C20AB6CF26}

[2012.03.30 09:11:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A4D836AC-D7A2-4075-B934-97BCA57EB46C}

[2011.12.16 00:03:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A614B7F5-8E0D-4504-A6A7-F97E2944B816}

[2011.12.04 10:45:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A7BD35BB-744B-42D5-8321-5ED8AE637878}

[2011.12.06 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A862F520-1ABE-4041-A3F7-68EBEB077457}

[2012.11.11 13:45:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A8FE49B8-161A-477F-8AA5-73CB06CB2F10}

[2012.05.07 01:04:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{A9B46E1D-9EA7-4A6E-9B44-FD70DE6A48C4}

[2011.12.04 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{AB3808C5-9401-4535-9DB6-0C4C970C1AB4}

[2012.07.01 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{AEFAC4FB-DE5B-4FD5-8333-7640FEAD4277}

[2011.12.23 10:02:20 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{AF27FE82-09F5-49F3-873D-61CE30FBD7C5}

[2012.06.24 12:55:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B0DAC5CD-0080-4042-9D45-0968F6054308}

[2012.05.07 01:03:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B18649B0-EE98-4DC4-AF78-B6B607FB2F8A}

[2011.11.12 18:49:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B3B7EEDC-4C65-4972-AE52-C0DE04D19504}

[2011.11.26 15:35:52 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B40C1F06-6FB1-4317-A623-66EBA9CC3A63}

[2011.12.11 00:24:10 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B4AD15B6-6ADF-4911-92CC-EE218AD46435}

[2011.12.09 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B649F9B6-F000-4865-A28A-D5A5A038D2C7}

[2012.07.02 01:42:07 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B78FA1BC-19A5-4705-87E1-EF6C441156A9}

[2011.11.07 14:26:22 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B82E7DFA-52BF-48D4-9DD4-29DB9454D959}

[2012.02.23 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{B863A240-8FB8-4077-9CFE-27F489B049BC}

[2011.12.13 20:43:00 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BACE63E1-499F-442B-89F7-5EDDF2366E1F}

[2012.08.12 11:30:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BAE96535-7866-4DA2-B0F1-EA9CDF97C1A3}

[2012.10.08 10:52:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BC9574B5-243E-4A47-B013-9F8FF42F99C1}

[2012.05.23 11:29:16 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BD41EDE9-1141-4601-9ACC-E62C82C53B2F}

[2012.09.02 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BD711154-53B0-42F0-9EDE-1F802D7FE726}

[2012.05.20 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BD7A1A29-A86B-4E54-B894-6514217847DA}

[2012.01.01 13:08:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BEB50A07-1FBD-45A1-907A-D7E7D52B0B95}

[2011.12.18 11:03:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{BFCF25FB-8AB4-4708-9271-A045CE1CFC01}

[2011.12.05 17:12:42 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C0130905-F1F1-4F35-885A-2CB3B352B251}

[2012.05.23 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C041B59D-FB14-4F60-AA47-252F77C2219D}

[2011.11.10 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C27E555E-B09C-4A27-B70A-749A54543131}

[2011.12.18 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C49B32D0-3415-47C0-904B-D4CB7C9B9852}

[2011.12.17 12:23:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C5F5D468-989D-4979-B61B-493C9C13BD5D}

[2012.07.03 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C78C8E0B-4618-4610-81A7-2C092E47A9CE}

[2011.12.10 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C90CB5D7-1DB6-40F3-B1C7-E1286E85C3E5}

[2012.08.26 12:44:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C9650CC3-79FC-44B1-8DF4-6CAF9EF48607}

[2012.08.25 13:24:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{C9746083-5AA0-4406-BEFC-F1C269972F06}

[2011.12.04 22:46:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CAA0A043-9D9C-4AAB-9474-1CF2EB503415}

[2011.11.27 12:03:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CAD8C04F-7CA4-40E9-949B-21854D1FC047}

[2012.01.06 19:05:28 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CB0C0690-00F3-4A61-8041-691D95C12F4F}

[2012.10.09 12:24:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{CBCD8CD3-0559-4986-99EF-010787AF4502}

[2012.09.12 22:42:01 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D0EB68B6-AA42-4FD0-B49C-A75ECEFAF141}

[2012.01.02 01:09:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D1DD1367-A620-4A36-BFD6-6BE8388E29E5}

[2011.11.12 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D29862E0-F86F-4ACA-B8CA-609C8F016074}

[2012.01.18 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D2B7D952-A410-4FD9-88F4-0F8A485FC507}

[2011.11.06 10:20:37 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D49D33DC-D61F-404F-95EF-1251FF931528}

[2012.03.31 14:24:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D53CD2C3-B1C0-41C1-8AA2-9026BD29D1B8}

[2011.11.28 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D7B45F20-48E9-4367-B5C4-C440A1476EBE}

[2011.12.23 10:02:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D7C525CE-0FA8-4A31-AFAD-014478B4968D}

[2012.09.01 11:00:27 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D826800E-E468-46A9-8465-0CEA2C352510}

[2011.12.14 20:24:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{D96303C7-E04A-45FE-B47F-F4B31EC94796}

[2012.10.05 11:22:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DAB8CF2B-5C00-41F2-9862-ACE7A28CB3E3}

[2011.12.25 14:51:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DBFA9C5D-4263-42AB-9B0C-84D6AB963954}

[2012.05.20 11:36:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DC1A3D65-3435-4CE2-86C3-353E31FB1F27}

[2012.01.02 16:50:00 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DCCBCAF4-842B-4C15-9844-9B55884D9D9D}

[2011.12.08 19:33:13 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DCD444A8-86BE-48BF-8F5D-C17CC3AB0733}

[2012.10.04 11:21:03 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DD37CF3B-DB3A-4FAA-BAC2-213CAF36D04E}

[2012.01.02 01:09:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{DD7678D2-25AD-48F5-8529-A223A498660E}

[2011.11.13 13:45:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E22A629E-1375-4EBE-9C98-3D3C3F4E60A6}

[2011.11.23 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E371392A-D2BB-4ADE-ADCC-BC1EDBA9113C}

[2012.03.29 09:54:50 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E37AE54B-8AF3-4892-B160-5684A645803F}

[2012.09.03 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E3D0D0A9-CBDB-4DEE-8981-2E1ABF66425F}

[2012.05.13 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E3E96889-9A08-4B6E-B5D6-DA1557E5BC01}

[2011.12.01 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E3F49FA9-E096-4576-97A5-39C3059763E5}

[2011.12.12 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E5F4DC2F-EF0C-4738-B894-98532F7A3427}

[2011.11.27 12:04:04 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E89E199A-AC2E-4D8C-87D0-5EFA1746469A}

[2012.07.05 10:35:53 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E8B73477-4C8A-4B1E-A7F1-718407E755FA}

[2011.11.11 09:37:57 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E8C18A32-8A11-457E-ACAE-D4CED438237F}

[2011.12.13 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E8F730C6-1BC5-4964-AA0D-FC9B6CF57968}

[2011.11.08 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E9181EC5-7B01-43D2-A795-E138E711C0BF}

[2012.08.12 11:30:47 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{E9463EB5-940A-4E9C-AD8C-1734D104DBD0}

[2012.08.29 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{ED74F60E-536B-4666-A8B6-066DC888DAAF}

[2011.12.29 00:04:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{EDAAE53F-96FD-4D38-B852-345489883A0F}

[2011.11.07 14:26:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{EE7E7B67-24CF-40B6-8BD8-FBFDDD40C803}

[2011.11.24 19:45:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{EEE11DFA-93CD-4F24-B5FE-99AC63DF8673}

[2011.11.29 16:17:26 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F2A07989-43FF-47AA-AF84-E0DB3D3EEECE}

[2012.01.08 12:12:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F4188D73-9CDA-4BF3-A036-92044E64D109}

[2012.07.04 12:08:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F5320B54-5EA1-4E74-81D5-C902E61E03F6}

[2011.12.28 00:02:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F5AC756A-F307-4E78-B038-5E516A1ECC93}

[2012.05.01 14:10:40 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{F901C49C-193F-4095-A53C-8EBB4A83276B}

[2011.11.10 14:11:29 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FA2F469C-537D-4C38-9EE4-392A40E984E3}

[2012.03.25 01:14:43 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FCF16554-4F8B-4A06-92F5-94971BDEF541}

[2011.12.11 13:36:31 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FD8577C3-99B8-4EA4-97C5-BA1F6F8D75C6}

[2012.05.13 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FD963E38-B74E-46B2-B6D1-9E23E1516892}

[2012.10.14 00:32:58 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FE4F257C-5CA5-4C69-A1C9-E7C6FA1B8A2A}

[2012.09.06 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FEA66787-BD91-4460-B91A-6C9FEF50AD0F}

[2012.05.20 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FED936D9-5096-4EA6-9E6D-C6E912DDB6CA}

[2011.12.21 20:36:15 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FF84E494-194A-494B-AE85-28364D18CF5C}

[2012.02.23 23:45:39 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Local\{FFB26A67-B244-4745-A298-64A8603AE26A}

 
 < %localappdata%\*.* >

[2011.11.06 17:59:13 | 000,000,093 | ---- | M] () -- C:\Users\Reggi\AppData\Local\fusioncache.dat

[2012.07.13 14:20:23 | 000,064,912 | ---- | M] () -- C:\Users\Reggi\AppData\Local\GDIPFONTCACHEV1.DAT

[2012.11.23 22:41:53 | 001,266,953 | -H-- | M] () -- C:\Users\Reggi\AppData\Local\IconCache.db

 
 < %allusersprofile%\*.  >

[2012.04.15 23:27:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe

[2012.08.09 08:49:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD

[2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2012.08.09 08:49:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI

[2011.11.04 01:42:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira

[2012.05.24 02:58:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net

[2012.05.24 03:27:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Blizzard Entertainment

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2011.11.04 04:06:58 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core

[2012.02.22 22:47:42 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs

[2011.11.04 04:07:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts

[2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2011.11.30 19:22:57 | 000,000,000 | ---D | M] -- C:\ProgramData\hps

[2012.11.20 22:03:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes

[2011.11.06 09:55:20 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft

[2012.05.10 13:29:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla

[2011.11.15 20:34:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero

[2012.09.22 11:03:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin

[2012.11.20 22:08:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files

[2012.07.04 17:51:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung

[2012.06.27 12:52:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\SecuROM

[2012.07.29 21:50:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype

[2012.07.16 20:46:13 | 000,000,000 | ---D | M] -- C:\ProgramData\SplitMediaLabs

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü

[2011.11.08 15:33:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2011.11.30 19:39:15 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp

[2011.11.03 23:32:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2012.01.19 21:29:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Xfire

 
 < %allusersprofile%\*.* >

[2012.08.03 21:03:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad

[2011.11.16 19:48:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
 

< End of report >

--- --- ---

und hier die Extras

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 23.11.2012 23:11:51 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Reggi\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 69,46% Memory free

6,49 Gb Paging File | 5,07 Gb Available in Paging File | 78,03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 445,26 Gb Total Space | 256,78 Gb Free Space | 57,67% Space Free | Partition Type: NTFS

Drive D: | 20,49 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: FAT32

Drive J: | 7,23 Gb Total Space | 7,08 Gb Free Space | 97,90% Space Free | Partition Type: FAT32

 

Computer Name: REGGI-PC | User Name: Reggi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02CFCB5C-BB25-471C-92BB-058D02D21B2F}" = lport=445 | protocol=6 | dir=in | app=system | 

"{033BEFDB-2DC0-40F7-9145-4C33B726D23B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{03F1E380-1644-4004-97C6-8C30152C83A7}" = rport=445 | protocol=6 | dir=out | app=system | 

"{16767CD4-EA33-463B-9C78-4AF98CB895C9}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{1A187859-2FD2-4703-BCBA-1C34B25AA892}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{2FBC12C6-257B-45F0-BF22-9BAF5626E9E1}" = lport=58675 | protocol=17 | dir=in | name=pando media booster | 

"{3F4F662E-1DED-4400-9FBA-01AAECAB3850}" = lport=58675 | protocol=6 | dir=in | name=pando media booster | 

"{3FF64DB2-2DF2-4469-825F-6146C6BBC1AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{4E187C76-5B70-417C-8F8B-296E9F076A1A}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5561052D-6917-4A1E-9E1A-55AB827F0210}" = rport=139 | protocol=6 | dir=out | app=system | 

"{5D98F3D2-7871-429E-9BE6-AD26767DA05A}" = lport=8995 | protocol=6 | dir=in | name=8995 | 

"{657F00B8-0263-4D2B-BAC0-CA8D8A303FA8}" = lport=58525 | protocol=17 | dir=in | name=pando media booster | 

"{677EE25B-4676-4A35-9303-1470128498F2}" = lport=56396 | protocol=6 | dir=in | name=pando media booster | 

"{6D24A80E-3D83-4456-84B5-63CB4D522F8D}" = rport=137 | protocol=17 | dir=out | app=system | 

"{7FDFC99B-AA10-4950-AFE2-DE3AD11B264A}" = lport=56396 | protocol=6 | dir=in | name=pando media booster | 

"{8434D368-4F54-4B14-85B0-371BE60671C9}" = lport=58675 | protocol=6 | dir=in | name=pando media booster | 

"{89D2F855-ABBC-4D43-813A-3780668C7914}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{8D453342-D78D-4E9D-8ED7-AE3AD7F5E45F}" = lport=137 | protocol=17 | dir=in | app=system | 

"{91C3EE17-5C1A-452C-8E99-E6908CA40AF1}" = lport=58525 | protocol=6 | dir=in | name=pando media booster | 

"{992F0756-94CE-4005-ACBE-D05BB04AF32E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{A4BF16D3-1181-4358-95B9-5A0F28F2D5FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{A6B7CF9B-9726-4166-A6E8-9E5F8A28E84B}" = lport=80 | protocol=6 | dir=in | name=port 80 | 

"{ABBCF551-290A-45DE-A231-E42F99B59053}" = lport=139 | protocol=6 | dir=in | app=system | 

"{AC9289D3-CDB9-45C0-8AB3-3D40E495C424}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B233AE43-2B73-40D1-8B5A-9B34BEA3B04D}" = lport=58525 | protocol=6 | dir=in | name=pando media booster | 

"{BA08A7C8-3D2B-4D70-88D5-8DBC93783721}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{BAC40A3B-B850-4675-B876-6E49399D6B70}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C2E3AE41-B15F-4C0F-A1B8-F6D878A8AF5C}" = lport=56396 | protocol=17 | dir=in | name=pando media booster | 

"{C36326EB-458E-448D-B45C-026A352E1877}" = lport=138 | protocol=17 | dir=in | app=system | 

"{C80749B6-1F1A-4E0B-834E-8D43E4E10FAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{CDEF131E-F4B9-4598-A38A-64B351AA5207}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D56C429F-BA83-47DA-98B7-49EAAD61AE71}" = lport=58525 | protocol=17 | dir=in | name=pando media booster | 

"{D60E045B-4DA9-4837-AA38-CD12216AC117}" = lport=58675 | protocol=17 | dir=in | name=pando media booster | 

"{DA15FB5B-8F78-489F-B282-37F14B4ACDF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DB6BB271-6261-454C-B812-E72F502B83C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DE7CCDC3-766F-4976-9CCB-736318F14E8D}" = lport=56396 | protocol=17 | dir=in | name=pando media booster | 

"{EAED5240-A122-4FC7-820B-25F34DF64374}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03906A3A-6AFF-4939-BB30-31357CBA84D4}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe | 

"{045FEEFA-A483-4328-8802-742F1EF3BEE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{0CF9E24C-14BF-41F8-9C9B-6B3DADA20210}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{12690F9C-5EFA-4F26-B208-F405AB212626}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{15897755-7A1B-4792-A04B-22010443C4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 

"{1DDDE606-248C-46BC-91D3-68F8BDDD121A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 

"{2C4DF3D6-C8A7-4ACB-933B-E0650E0CFAE8}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 

"{319C7A01-1D21-4B1A-8867-A6EE206488B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 

"{3B70761D-0595-412D-94FE-26CD7F244364}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{3C7FB89F-D206-4BE4-927E-8658E1268A15}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{403EBCA1-A606-4DC9-A111-DD707F2AD577}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{45CFCD0D-99E9-486B-8E34-416663BEB4C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{4637BBBF-BEC8-47BE-85F2-EBC33F3BAC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{4AB4B3F1-C4FF-4CAF-8398-F29C993ADE83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4E24B8AB-A095-4578-BA76-43882E807068}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 

"{4FF458DE-4EA7-4468-BF4F-4A02AB508EAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5290AC4F-64CA-480D-BA4F-20E287FD0325}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe | 

"{5BC56523-CF87-4E24-8CCE-CDD55A415884}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5F2A960C-21DD-4230-9A7F-81D323B74B68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 

"{5FE821A4-CA95-47E0-BFA4-253271D9A964}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 

"{64E996F6-D2F9-49EE-8C1B-4036B911725A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{6AFF4083-6A51-467C-9408-8D6C36964082}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{6C8D853E-E2A1-4BC1-9976-80F241191176}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6DE2F091-8CAC-4E48-B27F-6F9EC5CED1FD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{7B99D733-F24B-46B2-8F79-A66A7CCE0E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{7CFA3FBE-0848-4C40-AFCB-A2F93565F72D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{7DAE6F05-CC17-4E59-8697-1FA2FE567FA2}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 

"{88ED9DE0-9635-4382-8386-B6E19B8C43BA}" = protocol=6 | dir=out | app=system | 

"{8CB9C1FF-D39D-4AC1-A28A-DCC7A434572B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{8E5C1DA0-DCB5-46F4-9A09-9EF5C8875228}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 

"{93FE4ED0-7080-49C3-8404-92AE60438A86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{94562CEC-7AD1-49A3-8BEE-7F16C89CDCE5}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 

"{965588E2-4427-4931-99A8-01BA10D757F5}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | 

"{97761D84-5940-44E8-B37A-865468772516}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9EF60153-F532-4CD2-941C-4F93C8392C38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{A50F209B-9C0A-4713-92B8-6CC8847E73AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{A6B74B10-05B9-429C-A2AC-1CCF4526531F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{A6C32B44-3C8A-4B15-91FE-F416A8D702BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 

"{AAF3AC1D-8885-4CEE-955C-4E9715AA05C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{B3CED66B-90AA-4E69-8745-C341104B365A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B7EDC5BF-1A24-4878-BEDF-D17CDF2E547D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{BA326F90-F7F9-4DC0-B9ED-2ED2D5398D96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 

"{BC1D2A53-4525-49CD-8087-21E605F41D4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{BC4CF580-302E-47AC-9568-72705829E488}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 

"{BCAF7528-9DDB-4515-9838-B3550144643C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{C4DD2180-A66D-4E92-9998-E5CC69529864}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{C697FBA1-EC8E-406E-915A-757545CA71FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{C91DBA57-3AAD-452B-8175-1562B44168EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CA061344-FD9E-445E-8A6B-35DE7FC744FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{CAA209EE-115F-4797-A584-657D28BC7948}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{CBB1ECEE-5413-4CC3-B69F-A9A1BCAB08D0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{D1E0C1AC-AE07-4330-B5F2-1DE4201FB35C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 

"{D42A10E1-0B12-49B1-91C3-8B9CE9BD73B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 

"{D47597A1-E85A-46F3-B9F0-92D833100DCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{D52A771B-7B6E-4970-81B2-DA7A427EB8E9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{D5918751-4FBB-4053-8889-0111D677F553}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 

"{D61D2D71-DE39-4E38-801D-E10D304EDB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{D92FAAB3-C707-4B32-AEA5-3D6756BDA9C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{E4C7CB8A-6DD5-4C45-95E7-A015D5349FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 

"{F343079E-3C18-4A02-ABC8-0D2C465B24C8}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{F4F5FC7C-7DE0-4535-873A-973EFC973240}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{F87F623E-AA0D-4CF7-8E98-71773E29523F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 

"{FCA084D5-BDE8-4AF4-994F-632262990FF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"TCP Query User{0574ECFA-20E7-4693-99A2-04AAC12D2839}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"TCP Query User{087FF9CE-7B6E-49E2-A260-D2396D20370C}C:\games\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\games\aoe2\empires2.exe | 

"TCP Query User{17BF7967-F313-42A4-BFF7-C80DEAA8CB6B}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 

"TCP Query User{2B029C5A-A42F-4101-AD01-6EA20ECBA1BB}C:\games\border\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\games\border\gearbox software\borderlands\binaries\borderlands.exe | 

"TCP Query User{2DCB3DF8-80AC-4025-85EC-6E28A258729B}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 

"TCP Query User{455BF2EF-6F36-4C19-A76C-8961C6C8B0F7}C:\games\star trek\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\games\star trek\star trek online\live\gameclient.exe | 

"TCP Query User{A36F0BA7-6AB5-4301-A88A-4C00813FEA0E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 

"TCP Query User{ACE63398-3C30-4917-B990-22E15AAAE058}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"TCP Query User{AFEE91D3-0D3B-4663-911F-0AD37F709550}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 

"TCP Query User{B261BE83-ED54-4048-B1F5-1E936444AA9E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

"TCP Query User{D2A87DE7-BFEA-4128-9CDA-F50ECF368EC9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"TCP Query User{D390B5F5-3945-48C0-8FCD-BDD5086B6A75}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 

"TCP Query User{F69DAF46-A345-4B3D-BAAE-85545FBB1110}C:\users\reggi\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\reggi\downloads\diablo-iii-setup-dede.exe | 

"UDP Query User{10DD05E2-C674-43F5-80A1-F668E427BB17}C:\games\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\games\aoe2\empires2.exe | 

"UDP Query User{23725291-0B44-4A90-AEA8-52E364E16E91}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"UDP Query User{3142D2B4-9D94-4F65-B77D-35D9ED5A8EDD}C:\games\border\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\games\border\gearbox software\borderlands\binaries\borderlands.exe | 

"UDP Query User{33D1CDF9-F4A1-494D-9333-807934EAD06A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 

"UDP Query User{47CF8F97-8091-44D7-BAEB-EEA10D834108}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 

"UDP Query User{58FC5D32-96C8-42F4-8FB5-B7AFC5EE0B31}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{65866ACD-AE2A-45F3-9C76-0FA9B854D6C0}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 

"UDP Query User{7A62394D-D73E-4A35-ADE4-3E3E04CE8C71}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 

"UDP Query User{8F5709D8-4656-437F-91D3-2BBEE64A2E42}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"UDP Query User{9AD4DFBC-EE47-432C-893F-1417EAC119C9}C:\games\star trek\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\games\star trek\star trek online\live\gameclient.exe | 

"UDP Query User{B3B218A7-F63B-4F2D-9FA7-49B7D7BA1BC6}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 

"UDP Query User{B6FF4286-36DC-4CB6-A12F-5EAEFE545A8B}C:\users\reggi\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\reggi\downloads\diablo-iii-setup-dede.exe | 

"UDP Query User{F3A91EE2-E85C-42A1-AEB5-8734F7503E6F}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)

"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)

"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding

"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64

"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"VLC media player" = VLC media player 2.0.1

"WinRAR archiver" = WinRAR 4.01 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish

"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy

"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish

"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater

"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German

"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian

"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch

"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian

"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian

"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish

"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard

"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E79D81A0-60B6-44FF-B297-EC315D0F1031}" = Nero 7 Premium

"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All

"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.03.8026

"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version

"Avira AntiVir Desktop" = Avira Free Antivirus

"Bandicam" = Bandicam

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"Battlelog Web Plugins" = Battlelog Web Plugins

"BattlEye for A2" = BattlEye Uninstall

"BattlEye for OA" = BattlEye for OA Uninstall

"ESN Sonar-0.70.4" = ESN Sonar

"FormatFactory" = FormatFactory 2.96

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Morphyre" = Morphyre

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Origin" = Origin

"PokerStars.net" = PokerStars.net

"PunkBusterSvc" = PunkBuster Services

"RGSS-RTP Standard_is1" = RGSS-RTP Standard

"Star Trek Online" = Star Trek Online

"Steam App 33910" = ARMA 2

"Steam App 33930" = ARMA 2: Operation Arrowhead

"Steam App 43110" = Metro 2033

"WinLiveSuite" = Windows Live Essentials

"Xfire" = Xfire (remove only)

"XnView_is1" = XnView 1.98.5

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10.10.2012 06:37:01 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002

Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 3dc    Startzeit: 01cda6d310e04640    Endzeit: 2    Anwendungspfad: C:\Riot

 Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: 6b1e3940-12c6-11e2-a62a-001d92002593
 

 

Error - 11.10.2012 12:56:27 | Computer Name = Reggi-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,

 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,

 Zeitstempel: 0x4eb75fb9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000781a4  ID des fehlerhaften

 Prozesses: 0xb20  Startzeit der fehlerhaften Anwendung: 0x01cda7ae6aaea451  Pfad der

 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\LolClient.exe

Pfad

 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\Adobe

 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 989a615e-13c4-11e2-9c07-001d92002593

 

Error - 16.10.2012 09:02:34 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002

Description = Programm lotroclient.exe, Version 3.8.0.8026 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 12a0    Startzeit: 01cdab8425e70c42    Endzeit: 1423    Anwendungspfad:

 C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe    Berichts-ID:

   

 

Error - 28.10.2012 12:14:53 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002

Description = Programm ts3client_win64.exe, Version 3.0.1.0 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1060    Startzeit: 01cdb4f3e351b020    Endzeit: 65    Anwendungspfad:

 C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe    Berichts-ID: 90200bcf-211a-11e2-b0e4-001d92002593
 

 

Error - 30.10.2012 13:08:34 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002

Description = Programm lotroclient.exe, Version 3.8.0.8029 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: da8    Startzeit: 01cdb6b64304bab3    Endzeit: 201    Anwendungspfad:

 C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe    Berichts-ID:

   

 

Error - 01.11.2012 14:06:30 | Computer Name = Reggi-PC | Source = Windows Backup | ID = 4104

Description = 

 

Error - 19.11.2012 16:15:23 | Computer Name = Reggi-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,

 Zeitstempel: 0x50882871  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,

 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fd56  ID des fehlerhaften

 Prozesses: 0x156c  Startzeit der fehlerhaften Anwendung: 0x01cdc6929a0efd21  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 

des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: d910f37a-3285-11e2-b52e-001d92002593

 

Error - 20.11.2012 16:53:36 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c20    Startzeit: 

01cdc760f1d3706b    Endzeit: 30    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID:

 58103e22-3354-11e2-a4ca-001d92002593  

 

Error - 22.11.2012 12:30:54 | Computer Name = Reggi-PC | Source = System Restore | ID = 8210

Description = 

 

Error - 23.11.2012 16:45:21 | Computer Name = Reggi-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Reggi\Downloads\SoftonicDownloader_fuer_format-factory.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

[ System Events ]

Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2

 

Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2

 

Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:

   %%2

 

Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%2

 

Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:

   %%2

 

Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2

 

Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2

 

Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:

   %%2

 

Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2

 

Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:

   %%2

 

 

< End of report >

--- --- ---

Ich muss mich da erstmal intern kurzschliessen, du hast eine ziemlich komplizierte Infektion. Ich denke mal Morgen solltest du hier eine Antwort von mir haben.

ohh man so schlimm?

Ok ich danke dir schonmal für die Hilfe und wenn es zu kompliziert wird dann hilft wohl nur ein komplettes neuaufsetzen nehm ich mal an?

Nicht unbedingt, wir müssen nur schauen, dass wir alles auch restlos entfernen.

Okay. Schon mal eine Bitte. Den Infected-Ordner auf dem USB-Stick bitte nicht anrühren, den brauchen wir später noch.

Schritt 1:
Fix mit OTL

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte bitte die OTL.exe.

Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [svñhîst] C:\Users\Reggi\AppData\Local\Temp\0rAFCE4.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\tnnsq90lt.dll File not found [2012.08.03 21:03:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad [2011.12.07 00:53:06 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\5053 [2011.12.07 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\kock :commands [Emptytemp]

Schliesse bitte nun alle Programme.

Klicke nun bitte auf den Fix Button.

OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:
Schritt 2:
Kontrollscan mit OTL

Starte bitte OTL.exe - falls noch nicht vorhanden: LINK

Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!

Drücke den Quick Scan Button.

Poste die OTL.txt hier in deinen Thread.

kann ich den stick noch an anderen pc benutzen?

Code:

Error: Unable to interpret <OTL EXTRAS Logfile:
 

        Code:


        
OTL Extras logfile created on: 23.11.2012 23:11:51 - Run 1> in the current context!

Error: Unable to interpret <OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Reggi\Desktop> in the current context!

Error: Unable to interpret <64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!

Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context!

Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <3,25 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 69,46% Memory free> in the current context!

Error: Unable to interpret <6,49 Gb Paging File | 5,07 Gb Available in Paging File | 78,03% Paging File free> in the current context!

Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!

Error: Unable to interpret <Drive C: | 445,26 Gb Total Space | 256,78 Gb Free Space | 57,67% Space Free | Partition Type: NTFS> in the current context!

Error: Unable to interpret <Drive D: | 20,49 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: FAT32> in the current context!

Error: Unable to interpret <Drive J: | 7,23 Gb Total Space | 7,08 Gb Free Space | 97,90% Space Free | Partition Type: FAT32> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Computer Name: REGGI-PC | User Name: Reggi | Logged in as Administrator.> in the current context!

Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans> in the current context!

Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== File Associations ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!

Error: Unable to interpret <.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!

Error: Unable to interpret <.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_USERS\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Classes\<extension>]> in the current context!

Error: Unable to interpret <.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Shell Spawning ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!

Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context!

Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)> in the current context!

Error: Unable to interpret <InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!

Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!

Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!

Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!

Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()> in the current context!

Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()> in the current context!

Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!

Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!

Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)> in the current context!

Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <htmlfile [edit] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"> in the current context!

Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!

Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!

Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!

Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!

Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()> in the current context!

Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()> in the current context!

Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!

Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Security Center Settings ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!

Error: Unable to interpret <"cval" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!

Error: Unable to interpret <"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]> in the current context!

Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!

Error: Unable to interpret <"AntiSpywareOverride" = 0> in the current context!

Error: Unable to interpret <"FirewallOverride" = 0> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Firewall Settings ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!

Error: Unable to interpret <"DisableNotifications" = 0> in the current context!

Error: Unable to interpret <"EnableFirewall" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!

Error: Unable to interpret <"DisableNotifications" = 0> in the current context!

Error: Unable to interpret <"EnableFirewall" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]> in the current context!

Error: Unable to interpret <"DisableNotifications" = 0> in the current context!

Error: Unable to interpret <"EnableFirewall" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Vista Active Open Ports Exception List ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!

Error: Unable to interpret <"{02CFCB5C-BB25-471C-92BB-058D02D21B2F}" = lport=445 | protocol=6 | dir=in | app=system | > in the current context!

Error: Unable to interpret <"{033BEFDB-2DC0-40F7-9145-4C33B726D23B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{03F1E380-1644-4004-97C6-8C30152C83A7}" = rport=445 | protocol=6 | dir=out | app=system | > in the current context!

Error: Unable to interpret <"{16767CD4-EA33-463B-9C78-4AF98CB895C9}" = lport=10243 | protocol=6 | dir=in | app=system | > in the current context!

Error: Unable to interpret <"{1A187859-2FD2-4703-BCBA-1C34B25AA892}" = rport=10243 | protocol=6 | dir=out | app=system | > in the current context!

Error: Unable to interpret <"{2FBC12C6-257B-45F0-BF22-9BAF5626E9E1}" = lport=58675 | protocol=17 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{3F4F662E-1DED-4400-9FBA-01AAECAB3850}" = lport=58675 | protocol=6 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{3FF64DB2-2DF2-4469-825F-6146C6BBC1AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | > in the current context!

Error: Unable to interpret <"{4E187C76-5B70-417C-8F8B-296E9F076A1A}" = lport=2869 | protocol=6 | dir=in | app=system | > in the current context!

Error: Unable to interpret <"{5561052D-6917-4A1E-9E1A-55AB827F0210}" = rport=139 | protocol=6 | dir=out | app=system | > in the current context!

Error: Unable to interpret <"{5D98F3D2-7871-429E-9BE6-AD26767DA05A}" = lport=8995 | protocol=6 | dir=in | name=8995 | > in the current context!

Error: Unable to interpret <"{657F00B8-0263-4D2B-BAC0-CA8D8A303FA8}" = lport=58525 | protocol=17 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{677EE25B-4676-4A35-9303-1470128498F2}" = lport=56396 | protocol=6 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{6D24A80E-3D83-4456-84B5-63CB4D522F8D}" = rport=137 | protocol=17 | dir=out | app=system | > in the current context!

Error: Unable to interpret <"{7FDFC99B-AA10-4950-AFE2-DE3AD11B264A}" = lport=56396 | protocol=6 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{8434D368-4F54-4B14-85B0-371BE60671C9}" = lport=58675 | protocol=6 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{89D2F855-ABBC-4D43-813A-3780668C7914}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{8D453342-D78D-4E9D-8ED7-AE3AD7F5E45F}" = lport=137 | protocol=17 | dir=in | app=system | > in the current context!

Error: Unable to interpret <"{91C3EE17-5C1A-452C-8E99-E6908CA40AF1}" = lport=58525 | protocol=6 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{992F0756-94CE-4005-ACBE-D05BB04AF32E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | > in the current context!

Error: Unable to interpret <"{A4BF16D3-1181-4358-95B9-5A0F28F2D5FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{A6B7CF9B-9726-4166-A6E8-9E5F8A28E84B}" = lport=80 | protocol=6 | dir=in | name=port 80 | > in the current context!

Error: Unable to interpret <"{ABBCF551-290A-45DE-A231-E42F99B59053}" = lport=139 | protocol=6 | dir=in | app=system | > in the current context!

Error: Unable to interpret <"{AC9289D3-CDB9-45C0-8AB3-3D40E495C424}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{B233AE43-2B73-40D1-8B5A-9B34BEA3B04D}" = lport=58525 | protocol=6 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{BA08A7C8-3D2B-4D70-88D5-8DBC93783721}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | > in the current context!

Error: Unable to interpret <"{BAC40A3B-B850-4675-B876-6E49399D6B70}" = rport=138 | protocol=17 | dir=out | app=system | > in the current context!

Error: Unable to interpret <"{C2E3AE41-B15F-4C0F-A1B8-F6D878A8AF5C}" = lport=56396 | protocol=17 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{C36326EB-458E-448D-B45C-026A352E1877}" = lport=138 | protocol=17 | dir=in | app=system | > in the current context!

Error: Unable to interpret <"{C80749B6-1F1A-4E0B-834E-8D43E4E10FAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | > in the current context!

Error: Unable to interpret <"{CDEF131E-F4B9-4598-A38A-64B351AA5207}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{D56C429F-BA83-47DA-98B7-49EAAD61AE71}" = lport=58525 | protocol=17 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{D60E045B-4DA9-4837-AA38-CD12216AC117}" = lport=58675 | protocol=17 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{DA15FB5B-8F78-489F-B282-37F14B4ACDF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{DB6BB271-6261-454C-B812-E72F502B83C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{DE7CCDC3-766F-4976-9CCB-736318F14E8D}" = lport=56396 | protocol=17 | dir=in | name=pando media booster | > in the current context!

Error: Unable to interpret <"{EAED5240-A122-4FC7-820B-25F34DF64374}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Vista Active Application Exception List ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]> in the current context!

Error: Unable to interpret <"{03906A3A-6AFF-4939-BB30-31357CBA84D4}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe | > in the current context!

Error: Unable to interpret <"{045FEEFA-A483-4328-8802-742F1EF3BEE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | > in the current context!

Error: Unable to interpret <"{0CF9E24C-14BF-41F8-9C9B-6B3DADA20210}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{12690F9C-5EFA-4F26-B208-F405AB212626}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{15897755-7A1B-4792-A04B-22010443C4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | > in the current context!

Error: Unable to interpret <"{1DDDE606-248C-46BC-91D3-68F8BDDD121A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | > in the current context!

Error: Unable to interpret <"{2C4DF3D6-C8A7-4ACB-933B-E0650E0CFAE8}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | > in the current context!

Error: Unable to interpret <"{319C7A01-1D21-4B1A-8867-A6EE206488B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | > in the current context!

Error: Unable to interpret <"{3B70761D-0595-412D-94FE-26CD7F244364}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{3C7FB89F-D206-4BE4-927E-8658E1268A15}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | > in the current context!

Error: Unable to interpret <"{403EBCA1-A606-4DC9-A111-DD707F2AD577}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context!

Error: Unable to interpret <"{45CFCD0D-99E9-486B-8E34-416663BEB4C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | > in the current context!

Error: Unable to interpret <"{4637BBBF-BEC8-47BE-85F2-EBC33F3BAC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | > in the current context!

Error: Unable to interpret <"{4AB4B3F1-C4FF-4CAF-8398-F29C993ADE83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context!

Error: Unable to interpret <"{4E24B8AB-A095-4578-BA76-43882E807068}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | > in the current context!

Error: Unable to interpret <"{4FF458DE-4EA7-4468-BF4F-4A02AB508EAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | > in the current context!

Error: Unable to interpret <"{5290AC4F-64CA-480D-BA4F-20E287FD0325}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe | > in the current context!

Error: Unable to interpret <"{5BC56523-CF87-4E24-8CCE-CDD55A415884}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{5F2A960C-21DD-4230-9A7F-81D323B74B68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | > in the current context!

Error: Unable to interpret <"{5FE821A4-CA95-47E0-BFA4-253271D9A964}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | > in the current context!

Error: Unable to interpret <"{64E996F6-D2F9-49EE-8C1B-4036B911725A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | > in the current context!

Error: Unable to interpret <"{6AFF4083-6A51-467C-9408-8D6C36964082}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | > in the current context!

Error: Unable to interpret <"{6C8D853E-E2A1-4BC1-9976-80F241191176}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | > in the current context!

Error: Unable to interpret <"{6DE2F091-8CAC-4E48-B27F-6F9EC5CED1FD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | > in the current context!

Error: Unable to interpret <"{7B99D733-F24B-46B2-8F79-A66A7CCE0E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | > in the current context!

Error: Unable to interpret <"{7CFA3FBE-0848-4C40-AFCB-A2F93565F72D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | > in the current context!

Error: Unable to interpret <"{7DAE6F05-CC17-4E59-8697-1FA2FE567FA2}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | > in the current context!

Error: Unable to interpret <"{88ED9DE0-9635-4382-8386-B6E19B8C43BA}" = protocol=6 | dir=out | app=system | > in the current context!

Error: Unable to interpret <"{8CB9C1FF-D39D-4AC1-A28A-DCC7A434572B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | > in the current context!

Error: Unable to interpret <"{8E5C1DA0-DCB5-46F4-9A09-9EF5C8875228}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | > in the current context!

Error: Unable to interpret <"{93FE4ED0-7080-49C3-8404-92AE60438A86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{94562CEC-7AD1-49A3-8BEE-7F16C89CDCE5}" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | > in the current context!

Error: Unable to interpret <"{965588E2-4427-4931-99A8-01BA10D757F5}" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\launcher.exe | > in the current context!

Error: Unable to interpret <"{97761D84-5940-44E8-B37A-865468772516}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context!

Error: Unable to interpret <"{9EF60153-F532-4CD2-941C-4F93C8392C38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | > in the current context!

Error: Unable to interpret <"{A50F209B-9C0A-4713-92B8-6CC8847E73AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | > in the current context!

Error: Unable to interpret <"{A6B74B10-05B9-429C-A2AC-1CCF4526531F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{A6C32B44-3C8A-4B15-91FE-F416A8D702BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | > in the current context!

Error: Unable to interpret <"{AAF3AC1D-8885-4CEE-955C-4E9715AA05C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | > in the current context!

Error: Unable to interpret <"{B3CED66B-90AA-4E69-8745-C341104B365A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{B7EDC5BF-1A24-4878-BEDF-D17CDF2E547D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | > in the current context!

Error: Unable to interpret <"{BA326F90-F7F9-4DC0-B9ED-2ED2D5398D96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | > in the current context!

Error: Unable to interpret <"{BC1D2A53-4525-49CD-8087-21E605F41D4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | > in the current context!

Error: Unable to interpret <"{BC4CF580-302E-47AC-9568-72705829E488}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | > in the current context!

Error: Unable to interpret <"{BCAF7528-9DDB-4515-9838-B3550144643C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | > in the current context!

Error: Unable to interpret <"{C4DD2180-A66D-4E92-9998-E5CC69529864}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | > in the current context!

Error: Unable to interpret <"{C697FBA1-EC8E-406E-915A-757545CA71FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | > in the current context!

Error: Unable to interpret <"{C91DBA57-3AAD-452B-8175-1562B44168EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{CA061344-FD9E-445E-8A6B-35DE7FC744FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | > in the current context!

Error: Unable to interpret <"{CAA209EE-115F-4797-A584-657D28BC7948}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | > in the current context!

Error: Unable to interpret <"{CBB1ECEE-5413-4CC3-B69F-A9A1BCAB08D0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | > in the current context!

Error: Unable to interpret <"{D1E0C1AC-AE07-4330-B5F2-1DE4201FB35C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | > in the current context!

Error: Unable to interpret <"{D42A10E1-0B12-49B1-91C3-8B9CE9BD73B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | > in the current context!

Error: Unable to interpret <"{D47597A1-E85A-46F3-B9F0-92D833100DCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | > in the current context!

Error: Unable to interpret <"{D52A771B-7B6E-4970-81B2-DA7A427EB8E9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | > in the current context!

Error: Unable to interpret <"{D5918751-4FBB-4053-8889-0111D677F553}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | > in the current context!

Error: Unable to interpret <"{D61D2D71-DE39-4E38-801D-E10D304EDB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | > in the current context!

Error: Unable to interpret <"{D92FAAB3-C707-4B32-AEA5-3D6756BDA9C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | > in the current context!

Error: Unable to interpret <"{E4C7CB8A-6DD5-4C45-95E7-A015D5349FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | > in the current context!

Error: Unable to interpret <"{F343079E-3C18-4A02-ABC8-0D2C465B24C8}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | > in the current context!

Error: Unable to interpret <"{F4F5FC7C-7DE0-4535-873A-973EFC973240}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | > in the current context!

Error: Unable to interpret <"{F87F623E-AA0D-4CF7-8E98-71773E29523F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | > in the current context!

Error: Unable to interpret <"{FCA084D5-BDE8-4AF4-994F-632262990FF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{0574ECFA-20E7-4693-99A2-04AAC12D2839}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{087FF9CE-7B6E-49E2-A260-D2396D20370C}C:\games\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\games\aoe2\empires2.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{17BF7967-F313-42A4-BFF7-C80DEAA8CB6B}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{2B029C5A-A42F-4101-AD01-6EA20ECBA1BB}C:\games\border\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\games\border\gearbox software\borderlands\binaries\borderlands.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{2DCB3DF8-80AC-4025-85EC-6E28A258729B}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{455BF2EF-6F36-4C19-A76C-8961C6C8B0F7}C:\games\star trek\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\games\star trek\star trek online\live\gameclient.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{A36F0BA7-6AB5-4301-A88A-4C00813FEA0E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{ACE63398-3C30-4917-B990-22E15AAAE058}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{AFEE91D3-0D3B-4663-911F-0AD37F709550}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{B261BE83-ED54-4048-B1F5-1E936444AA9E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{D2A87DE7-BFEA-4128-9CDA-F50ECF368EC9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{D390B5F5-3945-48C0-8FCD-BDD5086B6A75}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | > in the current context!

Error: Unable to interpret <"TCP Query User{F69DAF46-A345-4B3D-BAAE-85545FBB1110}C:\users\reggi\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\reggi\downloads\diablo-iii-setup-dede.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{10DD05E2-C674-43F5-80A1-F668E427BB17}C:\games\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\games\aoe2\empires2.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{23725291-0B44-4A90-AEA8-52E364E16E91}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{3142D2B4-9D94-4F65-B77D-35D9ED5A8EDD}C:\games\border\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\games\border\gearbox software\borderlands\binaries\borderlands.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{33D1CDF9-F4A1-494D-9333-807934EAD06A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{47CF8F97-8091-44D7-BAEB-EEA10D834108}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{58FC5D32-96C8-42F4-8FB5-B7AFC5EE0B31}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{65866ACD-AE2A-45F3-9C76-0FA9B854D6C0}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{7A62394D-D73E-4A35-ADE4-3E3E04CE8C71}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{8F5709D8-4656-437F-91D3-2BBEE64A2E42}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{9AD4DFBC-EE47-432C-893F-1417EAC119C9}C:\games\star trek\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\games\star trek\star trek online\live\gameclient.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{B3B218A7-F63B-4F2D-9FA7-49B7D7BA1BC6}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{B6FF4286-36DC-4CB6-A12F-5EAEFE545A8B}C:\users\reggi\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\reggi\downloads\diablo-iii-setup-dede.exe | > in the current context!

Error: Unable to interpret <"UDP Query User{F3A91EE2-E85C-42A1-AEB5-8734F7503E6F}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!

Error: Unable to interpret <"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector> in the current context!

Error: Unable to interpret <"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack> in the current context!

Error: Unable to interpret <"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant> in the current context!

Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)> in the current context!

Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)> in the current context!

Error: Unable to interpret <"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding> in the current context!

Error: Unable to interpret <"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager> in the current context!

Error: Unable to interpret <"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148> in the current context!

Error: Unable to interpret <"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime> in the current context!

Error: Unable to interpret <"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64> in the current context!

Error: Unable to interpret <"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders> in the current context!

Error: Unable to interpret <"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161> in the current context!

Error: Unable to interpret <"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17> in the current context!

Error: Unable to interpret <"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding> in the current context!

Error: Unable to interpret <"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context!

Error: Unable to interpret <"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64> in the current context!

Error: Unable to interpret <"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones> in the current context!

Error: Unable to interpret <"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319> in the current context!

Error: Unable to interpret <"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile> in the current context!

Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit> in the current context!

Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit> in the current context!

Error: Unable to interpret <"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile> in the current context!

Error: Unable to interpret <"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack> in the current context!

Error: Unable to interpret <"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software> in the current context!

Error: Unable to interpret <"TeamSpeak 3 Client" = TeamSpeak 3 Client> in the current context!

Error: Unable to interpret <"VLC media player" = VLC media player 2.0.1> in the current context!

Error: Unable to interpret <"WinRAR archiver" = WinRAR 4.01 (64-Bit)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!

Error: Unable to interpret <"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam> in the current context!

Error: Unable to interpret <"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish> in the current context!

Error: Unable to interpret <"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer> in the current context!

Error: Unable to interpret <"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish> in the current context!

Error: Unable to interpret <"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center> in the current context!

Error: Unable to interpret <"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger> in the current context!

Error: Unable to interpret <"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148> in the current context!

Error: Unable to interpret <"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions> in the current context!

Error: Unable to interpret <"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy> in the current context!

Error: Unable to interpret <"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!> in the current context!

Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7> in the current context!

Error: Unable to interpret <"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish> in the current context!

Error: Unable to interpret <"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater> in the current context!

Error: Unable to interpret <"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional> in the current context!

Error: Unable to interpret <"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack> in the current context!

Error: Unable to interpret <"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic> in the current context!

Error: Unable to interpret <"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French> in the current context!

Error: Unable to interpret <"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3> in the current context!

Error: Unable to interpret <"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek> in the current context!

Error: Unable to interpret <"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater> in the current context!

Error: Unable to interpret <"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish> in the current context!

Error: Unable to interpret <"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands> in the current context!

Error: Unable to interpret <"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX> in the current context!

Error: Unable to interpret <"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml> in the current context!

Error: Unable to interpret <"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German> in the current context!

Error: Unable to interpret <"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese> in the current context!

Error: Unable to interpret <"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE> in the current context!

Error: Unable to interpret <"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729> in the current context!

Error: Unable to interpret <"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable> in the current context!

Error: Unable to interpret <"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies> in the current context!

Error: Unable to interpret <"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™> in the current context!

Error: Unable to interpret <"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean> in the current context!

Error: Unable to interpret <"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable> in the current context!

Error: Unable to interpret <"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform> in the current context!

Error: Unable to interpret <"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian> in the current context!

Error: Unable to interpret <"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai> in the current context!

Error: Unable to interpret <"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight> in the current context!

Error: Unable to interpret <"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian> in the current context!

Error: Unable to interpret <"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT> in the current context!

Error: Unable to interpret <"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends> in the current context!

Error: Unable to interpret <"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster> in the current context!

Error: Unable to interpret <"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17> in the current context!

Error: Unable to interpret <"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater> in the current context!

Error: Unable to interpret <"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161> in the current context!

Error: Unable to interpret <"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch> in the current context!

Error: Unable to interpret <"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian> in the current context!

Error: Unable to interpret <"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian> in the current context!

Error: Unable to interpret <"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish> in the current context!

Error: Unable to interpret <"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common> in the current context!

Error: Unable to interpret <"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch> in the current context!

Error: Unable to interpret <"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish> in the current context!

Error: Unable to interpret <"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common> in the current context!

Error: Unable to interpret <"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common> in the current context!

Error: Unable to interpret <"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1> in the current context!

Error: Unable to interpret <"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform> in the current context!

Error: Unable to interpret <"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform> in the current context!

Error: Unable to interpret <"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard> in the current context!

Error: Unable to interpret <"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese> in the current context!

Error: Unable to interpret <"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10> in the current context!

Error: Unable to interpret <"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding> in the current context!

Error: Unable to interpret <"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger> in the current context!

Error: Unable to interpret <"{E79D81A0-60B6-44FF-B297-EC315D0F1031}" = Nero 7 Premium> in the current context!

Error: Unable to interpret <"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech> in the current context!

Error: Unable to interpret <"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10> in the current context!

Error: Unable to interpret <"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219> in the current context!

Error: Unable to interpret <"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English> in the current context!

Error: Unable to interpret <"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials> in the current context!

Error: Unable to interpret <"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All> in the current context!

Error: Unable to interpret <"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.03.8026> in the current context!

Error: Unable to interpret <"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version> in the current context!

Error: Unable to interpret <"Avira AntiVir Desktop" = Avira Free Antivirus> in the current context!

Error: Unable to interpret <"Bandicam" = Bandicam> in the current context!

Error: Unable to interpret <"BandiMPEG1" = Bandisoft MPEG-1 Decoder> in the current context!

Error: Unable to interpret <"Battlelog Web Plugins" = Battlelog Web Plugins> in the current context!

Error: Unable to interpret <"BattlEye for A2" = BattlEye Uninstall> in the current context!

Error: Unable to interpret <"BattlEye for OA" = BattlEye for OA Uninstall> in the current context!

Error: Unable to interpret <"ESN Sonar-0.70.4" = ESN Sonar> in the current context!

Error: Unable to interpret <"FormatFactory" = FormatFactory 2.96> in the current context!

Error: Unable to interpret <"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918> in the current context!

Error: Unable to interpret <"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies> in the current context!

Error: Unable to interpret <"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000> in the current context!

Error: Unable to interpret <"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH> in the current context!

Error: Unable to interpret <"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1> in the current context!

Error: Unable to interpret <"Morphyre" = Morphyre> in the current context!

Error: Unable to interpret <"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)> in the current context!

Error: Unable to interpret <"MozillaMaintenanceService" = Mozilla Maintenance Service> in the current context!

Error: Unable to interpret <"Origin" = Origin> in the current context!

Error: Unable to interpret <"PokerStars.net" = PokerStars.net> in the current context!

Error: Unable to interpret <"PunkBusterSvc" = PunkBuster Services> in the current context!

Error: Unable to interpret <"RGSS-RTP Standard_is1" = RGSS-RTP Standard> in the current context!

Error: Unable to interpret <"Star Trek Online" = Star Trek Online> in the current context!

Error: Unable to interpret <"Steam App 33910" = ARMA 2> in the current context!

Error: Unable to interpret <"Steam App 33930" = ARMA 2: Operation Arrowhead> in the current context!

Error: Unable to interpret <"Steam App 43110" = Metro 2033> in the current context!

Error: Unable to interpret <"WinLiveSuite" = Windows Live Essentials> in the current context!

Error: Unable to interpret <"Xfire" = Xfire (remove only)> in the current context!

Error: Unable to interpret <"XnView_is1" = XnView 1.98.5> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Last 20 Event Log Errors ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[ Application Events ]> in the current context!

Error: Unable to interpret <Error - 10.10.2012 06:37:01 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002> in the current context!

Error: Unable to interpret <Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter> in the current context!

Error: Unable to interpret < Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf > in the current context!

Error: Unable to interpret <in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem> in the current context!

Error: Unable to interpret < zu suchen.    Prozess-ID: 3dc    Startzeit: 01cda6d310e04640    Endzeit: 2    Anwendungspfad: C:\Riot> in the current context!

Error: Unable to interpret < Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: 6b1e3940-12c6-11e2-a62a-001d92002593> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 11.10.2012 12:56:27 | Computer Name = Reggi-PC | Source = Application Error | ID = 1000> in the current context!

Error: Unable to interpret <Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,> in the current context!

Error: Unable to interpret < Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880,> in the current context!

Error: Unable to interpret < Zeitstempel: 0x4eb75fb9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000781a4  ID des fehlerhaften> in the current context!

Error: Unable to interpret < Prozesses: 0xb20  Startzeit der fehlerhaften Anwendung: 0x01cda7ae6aaea451  Pfad der> in the current context!

Error: Unable to interpret < fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\LolClient.exe> in the current context!

Error: Unable to interpret <Pfad> in the current context!

Error: Unable to interpret < des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\Adobe> in the current context!

Error: Unable to interpret < AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 989a615e-13c4-11e2-9c07-001d92002593> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 16.10.2012 09:02:34 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002> in the current context!

Error: Unable to interpret <Description = Programm lotroclient.exe, Version 3.8.0.8026 kann nicht mehr unter> in the current context!

Error: Unable to interpret < Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf > in the current context!

Error: Unable to interpret <in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem> in the current context!

Error: Unable to interpret < zu suchen.    Prozess-ID: 12a0    Startzeit: 01cdab8425e70c42    Endzeit: 1423    Anwendungspfad:> in the current context!

Error: Unable to interpret < C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe    Berichts-ID:> in the current context!

Error: Unable to interpret <   > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 28.10.2012 12:14:53 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002> in the current context!

Error: Unable to interpret <Description = Programm ts3client_win64.exe, Version 3.0.1.0 kann nicht mehr unter> in the current context!

Error: Unable to interpret < Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf > in the current context!

Error: Unable to interpret <in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem> in the current context!

Error: Unable to interpret < zu suchen.    Prozess-ID: 1060    Startzeit: 01cdb4f3e351b020    Endzeit: 65    Anwendungspfad:> in the current context!

Error: Unable to interpret < C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe    Berichts-ID: 90200bcf-211a-11e2-b0e4-001d92002593> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 30.10.2012 13:08:34 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002> in the current context!

Error: Unable to interpret <Description = Programm lotroclient.exe, Version 3.8.0.8029 kann nicht mehr unter> in the current context!

Error: Unable to interpret < Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf > in the current context!

Error: Unable to interpret <in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem> in the current context!

Error: Unable to interpret < zu suchen.    Prozess-ID: da8    Startzeit: 01cdb6b64304bab3    Endzeit: 201    Anwendungspfad:> in the current context!

Error: Unable to interpret < C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe    Berichts-ID:> in the current context!

Error: Unable to interpret <   > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 01.11.2012 14:06:30 | Computer Name = Reggi-PC | Source = Windows Backup | ID = 4104> in the current context!

Error: Unable to interpret <Description = > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 19.11.2012 16:15:23 | Computer Name = Reggi-PC | Source = Application Error | ID = 1000> in the current context!

Error: Unable to interpret <Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,> in the current context!

Error: Unable to interpret < Zeitstempel: 0x50882871  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,> in the current context!

Error: Unable to interpret < Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fd56  ID des fehlerhaften> in the current context!

Error: Unable to interpret < Prozesses: 0x156c  Startzeit der fehlerhaften Anwendung: 0x01cdc6929a0efd21  Pfad der> in the current context!

Error: Unable to interpret < fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad > in the current context!

Error: Unable to interpret <des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: d910f37a-3285-11e2-b52e-001d92002593> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 20.11.2012 16:53:36 | Computer Name = Reggi-PC | Source = Application Hang | ID = 1002> in the current context!

Error: Unable to interpret <Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows> in the current context!

Error: Unable to interpret < ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,> in the current context!

Error: Unable to interpret < um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c20    Startzeit: > in the current context!

Error: Unable to interpret <01cdc760f1d3706b    Endzeit: 30    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe> in the current context!

Error: Unable to interpret <Berichts-ID:> in the current context!

Error: Unable to interpret < 58103e22-3354-11e2-a4ca-001d92002593  > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 22.11.2012 12:30:54 | Computer Name = Reggi-PC | Source = System Restore | ID = 8210> in the current context!

Error: Unable to interpret <Description = > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 16:45:21 | Computer Name = Reggi-PC | Source = SideBySide | ID = 16842832> in the current context!

Error: Unable to interpret <Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Reggi\Downloads\SoftonicDownloader_fuer_format-factory.exe".> in the current context!

Error: Unable to interpret < Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche> in the current context!

Error: Unable to interpret < Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.> in the current context!

Error: Unable to interpret <In> in the current context!

Error: Unable to interpret < Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.> in the current context!

Error: Unable to interpret <Komponente> in the current context!

Error: Unable to interpret < 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[ System Events ]> in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001> in the current context!

Error: Unable to interpret <Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"> in the current context!

Error: Unable to interpret < abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001> in the current context!

Error: Unable to interpret <Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"> in the current context!

Error: Unable to interpret < abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:15:28 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023> in the current context!

Error: Unable to interpret <Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:> in the current context!

Error: Unable to interpret <   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023> in the current context!

Error: Unable to interpret <Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023> in the current context!

Error: Unable to interpret <Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:> in the current context!

Error: Unable to interpret <   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001> in the current context!

Error: Unable to interpret <Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"> in the current context!

Error: Unable to interpret < abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001> in the current context!

Error: Unable to interpret <Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"> in the current context!

Error: Unable to interpret < abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023> in the current context!

Error: Unable to interpret <Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:> in the current context!

Error: Unable to interpret <   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7001> in the current context!

Error: Unable to interpret <Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"> in the current context!

Error: Unable to interpret < abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 23.11.2012 18:17:36 | Computer Name = Reggi-PC | Source = Service Control Manager | ID = 7023> in the current context!

Error: Unable to interpret <Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:> in the current context!

Error: Unable to interpret <   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret << End of report >

 
--- --- ---

> in the current context!

 

OTL by OldTimer - Version 3.2.69.0 log created on 11242012_152649

Im Moment bitte nicht. Jetzt aber Schritt 1 RICHTIG ausführen!

Und bitte nicht doppelte CODE-Tags setzen.

ok habe schritt eins nochmal ausgeführt. Der computer wurde neugestarter aber ich komme mit dem infizierten pc nicht mehr ins internet um die log datei zu posten

Hm kann mal passieren.

Drücke die Windowstaste + R
Tippe: netsh winsock reset
Enter
Neustart

Berichte ob du jetzt wieder Internetzugriff hast.

ok internet geht wieder aber nur mit dem normalen browser nich mit firefox

hier die datei nach dem fix

Zitat:

All processes killed
========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
C:\Windows\SysWOW64\UpdSvc.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-4293284574-4106077085-2191208304-1000\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst deleted successfully.
C:\Users\Reggi\AppData\Local\Temp\0rAFCE4.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009\ deleted successfully.
C:\ProgramData\23lldnur.pad moved successfully.
C:\Users\Reggi\AppData\Roaming\5053\components folder moved successfully.
C:\Users\Reggi\AppData\Roaming\5053 folder moved successfully.
C:\Users\Reggi\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Public

User: Reggi
->Temp folder emptied: 1067513393 bytes
->Temporary Internet Files folder emptied: 89223989 bytes
->Java cache emptied: 19946522 bytes
->FireFox cache emptied: 62852536 bytes
->Flash cache emptied: 2385 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 241728168 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36102920 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.488,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11242012_153019

Files\Folders moved on Reboot...
C:\Users\Reggi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP00000001DC0121C4841DBBF4 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Mache bitte noch einen Customscan mit OTL statt dem alten Schritt 2 bevor wir weiter machen können:

Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Starte bitte die OTL.exe.

Stelle folgendes ein:
Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"

Ausgabe: Minimal

Benutze SafeList in jedem Feld.

Haken bei "Benutze Hersteller-Whitelist"

Dateien erstellt und verändert innerhalb Datei-Alter

Haken bei LOP Prüfung und Purity Prüfung

Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /S HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters /S HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters /S HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /S %SystemRoot%\system32\*.tsp CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Scan Button.

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

ok alles gemacht aber habe nur eine datei zum kopieren

Code:

OTL logfile created on: 25.11.2012 17:40:53 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Reggi\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,63% Memory free

6,49 Gb Paging File | 5,00 Gb Available in Paging File | 76,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 445,26 Gb Total Space | 259,30 Gb Free Space | 58,24% Space Free | Partition Type: NTFS

Drive D: | 20,49 Gb Total Space | 0,01 Gb Free Space | 0,03% Space Free | Partition Type: FAT32

 

Computer Name: REGGI-PC | User Name: Reggi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Reggi\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Reggi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)

DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)

DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 EF DE 8F 91 9A CC 01  [binary data]

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3

FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4

FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20121022

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Reggi\AppData\Roaming\5053

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:19:15 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.11.16 19:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Extensions

[2012.10.24 16:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions

[2012.09.23 17:23:31 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Reggi\AppData\Roaming\mozilla\Firefox\Profiles\i52wg2jy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012.10.24 16:47:59 | 002,290,783 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\nasanightlaunch@example.com.xpi

[2012.10.12 12:34:34 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Reggi\AppData\Roaming\mozilla\firefox\profiles\i52wg2jy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2012.10.27 21:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.10.27 21:19:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.26 15:33:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 17:42:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.26 15:33:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.26 15:33:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.26 15:33:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.26 15:33:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-4293284574-4106077085-2191208304-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D708A31-5936-4F72-9C6E-C9C41C34E7FB}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.24 15:26:49 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.11.23 23:05:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe

[2012.11.22 22:22:01 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.11.20 22:03:46 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Roaming\Malwarebytes

[2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.11.20 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.11.20 22:03:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.11.20 22:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.11.14 18:24:16 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{73FB583C-771A-4177-96F1-116A2FB049DE}

[2012.11.11 13:45:05 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{A8FE49B8-161A-477F-8AA5-73CB06CB2F10}

[2012.10.29 01:15:04 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{9517472E-5D60-45FD-9D44-60770351836D}

[2012.10.27 21:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.27 14:29:12 | 000,000,000 | ---D | C] -- C:\Users\Reggi\AppData\Local\{8E60A42F-C2C3-45E7-84C2-09758DEA2791}

[2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.25 17:35:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.24 15:55:04 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.24 15:55:04 | 000,023,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.24 15:51:54 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.11.24 15:51:54 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.11.24 15:51:54 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.11.24 15:51:54 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.11.24 15:51:54 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.11.24 15:47:36 | 2615,803,904 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.23 23:05:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reggi\Desktop\OTL.exe

[2012.11.20 22:04:46 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.20 21:32:06 | 000,022,535 | ---- | M] () -- C:\Users\Reggi\Desktop\Steckbrief.odt

[2 C:\Users\Reggi\AppData\Roaming\*.tmp files -> C:\Users\Reggi\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.20 22:03:20 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.09 20:25:40 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll

[2012.10.09 20:25:40 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll

[2012.10.09 20:25:40 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll

[2012.10.09 20:25:40 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll

[2012.10.09 20:25:40 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll

[2012.10.09 20:25:40 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll

[2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011.12.15 05:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2011.12.07 00:52:52 | 000,000,036 | ---- | C] () -- C:\Users\Reggi\AppData\Roaming\blckdom.res

[2011.11.16 19:48:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2011.11.16 19:07:08 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2011.11.06 17:59:13 | 000,000,093 | ---- | C] () -- C:\Users\Reggi\AppData\Local\fusioncache.dat

[2011.11.06 17:57:48 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.11.06 10:24:31 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.04 03:46:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.11.04 01:49:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-4293284574-4106077085-2191208304-1000\$46a71d9b1f14aa218d4d5b222b53bba7\n.

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.10.17 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.minecraft

[2012.05.20 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\.spoutcraft

[2012.06.22 14:01:08 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\BANDISOFT

[2012.09.23 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoft

[2011.11.15 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.09.23 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Garmin

[2011.11.10 20:30:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Jens Lorek

[2012.09.27 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\LolClient

[2011.11.08 17:39:24 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\OpenOffice.org

[2012.08.12 22:21:35 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Origin

[2012.07.04 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\Samsung

[2012.07.16 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-updater

[2012.07.16 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\six-zsync

[2012.07.16 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\SplitMediaLabs

[2011.11.07 00:30:45 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\TS3Client

[2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\UAs

[2012.11.17 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\xmldm

[2012.06.24 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Reggi\AppData\Roaming\XnView

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /S >

"ProviderID0" = 1

"ProviderID1" = 2

"ProviderID2" = 3

"ProviderID3" = 4

"NextProviderID" = 5

"ProviderFileName0" = unimdm.tsp -- [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)

"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)

"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)

"ProviderFileName3" = hidphone.tsp -- [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)

"NumProviders" = 4

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters /S >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters /S >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /S >

 
 < %SystemRoot%\system32\*.tsp >

[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp

[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp

[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp

[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp

[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

 
 <           >

[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 <  >
 

< End of report >

Gut danke, dann jetzt bitte Combofix ausführen:

Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

ok ich hoffe ich habe alles richtig gemacht

Code:

ComboFix 12-11-25.01 - Reggi 25.11.2012  20:28:58.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3326.2367 [GMT 1:00]

ausgeführt von:: c:\users\Reggi\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Reggi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\users\Reggi\AppData\Roaming\AcroIEHelpe.txt

c:\users\Reggi\AppData\Roaming\i52wg2jy.default.tmp

c:\users\Reggi\AppData\Roaming\srvblck2.tmp

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\System32\MASetupCleaner.exe

c:\windows\SysWow64\System32\muzapp.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

D:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-10-25 bis 2012-11-25  ))))))))))))))))))))))))))))))

.

.

2012-11-24 14:27 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E44E2A59-3556-448C-B852-4BD4023A3E2B}\mpengine.dll

2012-11-24 14:26 . 2012-11-24 14:26        --------        d-----w-        C:\_OTL

2012-11-22 21:22 . 2012-11-22 21:22        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-11-20 21:03 . 2012-11-20 21:03        --------        d-----w-        c:\users\Reggi\AppData\Roaming\Malwarebytes

2012-11-20 21:03 . 2012-11-20 21:03        --------        d-----w-        c:\programdata\Malwarebytes

2012-11-20 21:03 . 2012-11-20 21:04        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-20 21:03 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-04 10:34 . 2011-11-06 09:24        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2012-10-04 10:34 . 2011-11-04 03:09        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2012-10-04 10:33 . 2011-11-06 09:24        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2012-09-24 17:57 . 2012-09-24 17:57        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-24 17:57 . 2012-05-10 12:41        821736        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 17:57 . 2011-11-08 14:33        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-09-09 09:38 . 2012-01-10 17:46        62134624        ----a-w-        c:\windows\system32\MRT.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-25 20568]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Update-Service-Installer-Service        REG_MULTI_SZ           Update-Service-Installer-Service

Update-Service        REG_MULTI_SZ           Update-Service

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube to MP3 Converter - c:\users\Reggi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Reggi\AppData\Roaming\Mozilla\Firefox\Profiles\i52wg2jy.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-11-25  20:41:42 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-11-25 19:41

.

Vor Suchlauf: 13 Verzeichnis(se), 277.955.153.920 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 277.803.663.360 Bytes frei

.

- - End Of File - - 29A45B6EB8EB9D7C4E8CA78FBB146422

Ja bestens! Dann weiter ... ich hab da schon ein gutes Gefühl :)

Scan mit MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Das hört sich ja schonmal gut an.
so habe mir mbar runtergeladen aber konnte es nich updaten.

habe trozdem den scan durchgeführt aber der hat nix gefunden.

Code:

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org
 

Database version: v2012.11.03.01
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Reggi :: REGGI-PC [administrator]
 

25.11.2012 21:05:48

mbar-log-2012-11-25 (21-05-48).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27254

Time elapsed: 9 minute(s), 29 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

Ein gutes Zeichen!

Gut! :daumenhoc

Wir müssen jetzt noch ein paar Kontrollen machen.

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2:
ESET Online Scanner

Zitat:

Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Bitte hier klicken ---> http://larusso.trojaner-board.de/Images/eset.jpg
Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.

IE-User müssen das Installieren eines ActiveX Elements erlauben.

Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.

Warte bis die Komponenten herunter geladen wurden.

Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.

http://img707.imageshack.us/img707/687/starteg.jpg drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange dauern! :kaffee:

Wenn der Scan beendet wurde
Klicke http://billy-oneal.com/Canned%20Spee...istThreats.png und dann http://billy-oneal.com/Canned%20Spee...esetExport.png

Speichere das Logfile als ESET.txt auf dem Desktop.

Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 3:
Java Update (Windows XP, Vista, 7)

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Downloade dir bitte die neueste Java-Version und speichere die jxpiinstall.exe

Schließe alle laufenden Programme. Speziell deinen Browser.

Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 9) herunter laden.

Während der Installation entferne den Haken bei:
http://www.trojaner-board.de/picture...&pictureid=319

Wenn die Installation beendet wurde:
Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.

Nach dem Neustart:
Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.

Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.

Klicke auf Dateien löschen...

Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.

Schritt 4:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

ok habe mir malwarebytes geladen und installiert aber beim aktualiesieren kam ein error

programm_error_updating (0,0 net exception)

was soll ich tun?

Reboot und wieder probieren bitte.

hmm hab es jetzt 2 mal geladen und 2 mal den rechner neugestartet...geht leider immer noch nicht

Gut, dann müssen wir das reparieren:

Scan mit Farbar's Service Scanner

Downloade dir bitte Farbar's Service Scanner
Starte das Tool mit Doppelklick auf die FSS.exe

Gehe sicher, dass folgende Optionen angehakt sind.
Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

Klicke auf Scan.

Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

ok gemacht

Code:

Farbar Service Scanner Version: 09-11-2012

Ran by Reggi (administrator) on 25-11-2012 at 21:54:47

Running from "C:\Users\Reggi\Downloads"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
 
 

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Other errors

Attempt to access Yahoo.com returned error: Other errors
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 

Windows Update:

============
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Gut. Lade dir bitte die folgende Datei auf den Desktop:

http://download.bleepingcomputer.com...7/Dnscache.reg

Mache einen Doppelklick und wenn du gefragt wirst ob die Informationen zur Registrierung hinzugefügt werden sollen, dann JA. Neustart und nochmal ein FSS-Log bitte.

ok gemacht

Code:

Farbar Service Scanner Version: 09-11-2012

Ran by Reggi (administrator) on 25-11-2012 at 22:06:04

Running from "C:\Users\Reggi\Downloads"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Other errors

Attempt to access Yahoo.com returned error: Other errors
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.
 
 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.
 
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Dann weiter:

Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer logsize
List Minidump Files

Klicke Go und poste den Inhalt der Result.txt.

ok gemacht

Code:

MiniToolBox by Farbar  Version: 25-11-2012

Ran by Reggi (administrator) on 25-11-2012 at 22:35:06

Running from "C:\Users\Reggi\Desktop"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************
 

========================= Flush DNS: ===================================
 

Windows-IP-Konfiguration
 

Der DNS-Aufl”sungscache wurde geleert.
 

========================= IE Proxy Settings: ============================== 
 

Proxy is not enabled.

No Proxy Server is set.
 

"Reset IE Proxy Settings": IE Proxy Settings were reset.
 

========================= FF Proxy Settings: ============================== 
 
 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 

========================= Hosts content: =================================
 

127.0.0.1       localhost
 

========================= IP Configuration: ================================
 

Intel(R) 82566DC-2 Gigabit-Netzwerkverbindung = LAN-Verbindung (Connected)

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 11003
 
 

# ----------------------------------

# IPv4-Konfiguration

# ----------------------------------

pushd interface ipv4
 

reset

set global
 
 

popd

# Ende der IPv4-Konfiguration
 
 
 

Windows-IP-Konfiguration
 

   Hostname  . . . . . . . . . . . . : Reggi-PC

   Prim„res DNS-Suffix . . . . . . . : 

   Knotentyp . . . . . . . . . . . . : Hybrid

   IP-Routing aktiviert  . . . . . . : Nein

   WINS-Proxy aktiviert  . . . . . . : Nein
 

Ethernet-Adapter LAN-Verbindung:
 

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit-Netzwerkverbindung

   Physikalische Adresse . . . . . . : 00-1D-92-00-25-93

   DHCP aktiviert. . . . . . . . . . : Ja

   Autokonfiguration aktiviert . . . : Ja

   Verbindungslokale IPv6-Adresse  . : fe80::2475:26b4:fb74:362f%10(Bevorzugt) 

   IPv4-Adresse  . . . . . . . . . . : 192.168.2.100(Bevorzugt) 

   Subnetzmaske  . . . . . . . . . . : 0.0.0.0

   Lease erhalten. . . . . . . . . . : Sonntag, 25. November 2012 22:04:07

   Lease l„uft ab. . . . . . . . . . : Donnerstag, 2. Januar 2149 05:03:30

   Standardgateway . . . . . . . . . : 192.168.2.1

   DHCP-Server . . . . . . . . . . . : 192.168.2.1

   DHCPv6-IAID . . . . . . . . . . . : 234888594

   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-16-44-C6-2F-00-1D-92-00-25-93

   DNS-Server  . . . . . . . . . . . : 192.168.2.1

   NetBIOS ber TCP/IP . . . . . . . : Aktiviert
 

Tunneladapter isatap.{1D708A31-5936-4F72-9C6E-C9C41C34E7FB}:
 

   Medienstatus. . . . . . . . . . . : Medium getrennt

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter

   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP aktiviert. . . . . . . . . . : Nein

   Autokonfiguration aktiviert . . . : Ja
 

Tunneladapter Teredo Tunneling Pseudo-Interface:
 

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP aktiviert. . . . . . . . . . : Nein

   Autokonfiguration aktiviert . . . : Ja

   IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:4fa:1ee0:a7b7:c8c(Bevorzugt) 

   Verbindungslokale IPv6-Adresse  . : fe80::4fa:1ee0:a7b7:c8c%12(Bevorzugt) 

   Standardgateway . . . . . . . . . : ::

   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Server:  UnKnown

Address:  NULL
 

Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Zieladresse nicht erreichbar. 

Server:  UnKnown

Address:  NULL
 

Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Zieladresse nicht erreichbar. 

Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Zieladresse nicht erreichbar. 

========================= Winsock entries =====================================
 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 

========================= Event log errors: ===============================
 

Application errors:

==================

Error: (11/23/2012 09:45:21 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 

Error: (11/22/2012 05:30:54 PM) (Source: System Restore) (User: )

Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x80070570.
 

Error: (11/20/2012 09:53:36 PM) (Source: Application Hang) (User: )

Description: Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: c20
 

Startzeit: 01cdc760f1d3706b
 

Endzeit: 30
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: 58103e22-3354-11e2-a4ca-001d92002593
 

Error: (11/19/2012 09:15:23 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680, Zeitstempel: 0x50882871

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0001fd56

ID des fehlerhaften Prozesses: 0x156c

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3
 

Error: (11/01/2012 07:06:30 PM) (Source: Windows Backup) (User: )

Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"
 

Error: (10/30/2012 06:08:34 PM) (Source: Application Hang) (User: )

Description: Programm lotroclient.exe, Version 3.8.0.8029 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: da8
 

Startzeit: 01cdb6b64304bab3
 

Endzeit: 201
 

Anwendungspfad: C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe
 

Berichts-ID:
 

Error: (10/28/2012 05:14:53 PM) (Source: Application Hang) (User: )

Description: Programm ts3client_win64.exe, Version 3.0.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1060
 

Startzeit: 01cdb4f3e351b020
 

Endzeit: 65
 

Anwendungspfad: C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
 

Berichts-ID: 90200bcf-211a-11e2-b0e4-001d92002593
 

Error: (10/16/2012 02:02:34 PM) (Source: Application Hang) (User: )

Description: Programm lotroclient.exe, Version 3.8.0.8026 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 12a0
 

Startzeit: 01cdab8425e70c42
 

Endzeit: 1423
 

Anwendungspfad: C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe
 

Berichts-ID:
 

Error: (10/11/2012 05:56:27 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610, Zeitstempel: 0x4c00573a

Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.1.0.4880, Zeitstempel: 0x4eb75fb9

Ausnahmecode: 0xc0000005

Fehleroffset: 0x000781a4

ID des fehlerhaften Prozesses: 0xb20

Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0

Pfad der fehlerhaften Anwendung: LolClient.exe1

Pfad des fehlerhaften Moduls: LolClient.exe2

Berichtskennung: LolClient.exe3
 

Error: (10/10/2012 11:37:01 AM) (Source: Application Hang) (User: )

Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 3dc
 

Startzeit: 01cda6d310e04640
 

Endzeit: 2
 

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
 

Berichts-ID: 6b1e3940-12c6-11e2-a62a-001d92002593
 
 

System errors:

=============

Error: (11/25/2012 10:34:51 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (11/25/2012 10:34:51 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%2
 

Error: (11/25/2012 10:34:51 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (11/25/2012 10:34:51 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%2
 

Error: (11/25/2012 10:34:51 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (11/25/2012 10:34:51 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%2
 

Error: (11/25/2012 10:32:45 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (11/25/2012 10:32:45 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%2
 

Error: (11/25/2012 10:32:45 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 

%%2
 

Error: (11/25/2012 10:32:45 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%2
 
 

Microsoft Office Sessions:

=========================

Error: (11/23/2012 09:45:21 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Reggi\Downloads\SoftonicDownloader_fuer_format-factory.exe
 

Error: (11/22/2012 05:30:54 PM) (Source: System Restore)(User: )

Description: Windows-Sicherung0x80070570
 

Error: (11/20/2012 09:53:36 PM) (Source: Application Hang)(User: )

Description: firefox.exe16.0.2.4680c2001cdc760f1d3706b30C:\Program Files (x86)\Mozilla Firefox\firefox.exe58103e22-3354-11e2-a4ca-001d92002593
 

Error: (11/19/2012 09:15:23 PM) (Source: Application Error)(User: )

Description: firefox.exe16.0.2.468050882871ntdll.dll6.1.7601.177254ec49b8fc00000050001fd56156c01cdc6929a0efd21C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SysWOW64\ntdll.dlld910f37a-3285-11e2-b52e-001d92002593
 

Error: (11/01/2012 07:06:30 PM) (Source: Windows Backup)(User: )

Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)
 

Error: (10/30/2012 06:08:34 PM) (Source: Application Hang)(User: )

Description: lotroclient.exe3.8.0.8029da801cdb6b64304bab3201C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe
 

Error: (10/28/2012 05:14:53 PM) (Source: Application Hang)(User: )

Description: ts3client_win64.exe3.0.1.0106001cdb4f3e351b02065C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe90200bcf-211a-11e2-b0e4-001d92002593
 

Error: (10/16/2012 02:02:34 PM) (Source: Application Hang)(User: )

Description: lotroclient.exe3.8.0.802612a001cdab8425e70c421423C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe
 

Error: (10/11/2012 05:56:27 PM) (Source: Application Error)(User: )

Description: LolClient.exe2.0.2.126104c00573aAdobe AIR.dll3.1.0.48804eb75fb9c0000005000781a4b2001cda7ae6aaea451C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.208\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll989a615e-13c4-11e2-9c07-001d92002593
 

Error: (10/10/2012 11:37:01 AM) (Source: Application Hang)(User: )

Description: rads_user_kernel.exe0.0.0.03dc01cda6d310e046402C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe6b1e3940-12c6-11e2-a62a-001d92002593
 
 

CodeIntegrity Errors:

===================================

  Date: 2012-11-25 20:33:16.230

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2012-11-25 20:33:16.183

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

========================= Minidump Files ==================================
 

No minidump file found
 
 

**** End of log ****

Gut, am Dienstag geht es dann weiter.

alles klar ich danke dir nochmal für die hilfeund geduld mit mir.
dann einen schönen freien tag und bis dienstag.

So es geht weiter:

Lade bitte ServiceRepair von ESET und führe es aus.

Ändert sich jetzt etwas?

hay ryder

habs ausgeführt und hier auch mal ein log was erstellt wurde

Code:

Log Opened: 2012-11-27 @ 21:29:20

21:29:20 - -----------------

21:29:20 - | Begin Logging |

21:29:20 - -----------------

21:29:20 - Fix started on a WIN_7 X64 computer

21:29:20 - Prep in progress.  Please Wait.

21:29:22 - Prep complete

21:29:22 - Repairing Services Now.  Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
 

SetACL finished successfully.

21:29:23 - Services Repair Complete.

21:29:32 - Reboot Initiated

Liest sich gut, wie sieht es mit der Internetverbindung aus?

Scan mit Farbar's Service Scanner

Downloade dir bitte Farbar's Service Scanner
Starte das Tool mit Doppelklick auf die FSS.exe

Gehe sicher, dass folgende Optionen angehakt sind.
Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

Klicke auf Scan.

Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

naja mit dem internet explorer komm ich hohne probleme rein nur mit firefox habe ich keine chance

Code:

Farbar Service Scanner Version: 09-11-2012

Ran by Reggi (administrator) on 27-11-2012 at 21:39:19

Running from "C:\Users\Reggi\Downloads"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************
 

Internet Services:

============
 

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Other errors

Attempt to access Yahoo.com returned error: Other errors
 
 

Windows Firewall:

=============
 

Firewall Disabled Policy: 

==================
 
 

System Restore:

============
 

System Restore Disabled Policy: 

========================
 
 

Action Center:

============
 

Windows Update:

============
 

Windows Autoupdate Disabled Policy: 

============================
 
 

Windows Defender:

==============
 

Other Services:

==============
 
 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit
 
 

**** End of log ****

Dann graben wir weiter:

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

if exist "%temp%\look.txt" del /a/f/q "%temp%\look.txt"

>"%temp%\look.txt" (

for %%g in (

browser

dhcp

dnscache

netman

nlasvc

nla

rpcss

lanmanserver

lmhosts

lanmanworkstation

wzcsvc

afd

netbt

tcpip

ipsec

tdx

) do (

sc qc %%g

sc query %%g

)

)

notepad "%temp%\look.txt"

del %0

Wähle Datei --> Speichern unter
Dateiname: .bat
Dateityp: Wähle Alle Dateien (*.*)
Speichere die Datei auf deinem Desktop.

Es sollte nun ungefähr so aussehen http://larusso.trojaner-board.de/Images/bat.jpg
Starte die file.bat.

Vista und Win7 User: Mit Rechtsklick "als Administrator starten"

ok alles gemacht

Code:

C:\Users\Reggi\Desktop>(

sc qc browser  

 sc query browser 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: browser

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 3   DEMAND_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs

        LOAD_ORDER_GROUP   : NetworkProvider

        TAG                : 0

        DISPLAY_NAME       : Computerbrowser

        DEPENDENCIES       : LanmanWorkstation

                           : LanmanServer

        SERVICE_START_NAME : LocalSystem
 

SERVICE_NAME: browser 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 1  STOPPED 

        WIN32_EXIT_CODE    : 1068  (0x42c)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc dhcp  

 sc query dhcp 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: dhcp

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

        LOAD_ORDER_GROUP   : TDI

        TAG                : 0

        DISPLAY_NAME       : DHCP-Client

        DEPENDENCIES       : NSI

                           : Tdx

                           : Afd

        SERVICE_START_NAME : NT Authority\LocalService
 

SERVICE_NAME: dhcp 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc dnscache  

 sc query dnscache 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: dnscache

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService

        LOAD_ORDER_GROUP   : TDI

        TAG                : 0

        DISPLAY_NAME       : DNS-Client

        DEPENDENCIES       : Tdx

                           : nsi

        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 

SERVICE_NAME: dnscache 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc netman  

 sc query netman 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: netman

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 3   DEMAND_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

        LOAD_ORDER_GROUP   : 

        TAG                : 0

        DISPLAY_NAME       : Netzwerkverbindungen

        DEPENDENCIES       : RpcSs

                           : nsi

        SERVICE_START_NAME : LocalSystem
 

SERVICE_NAME: netman 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc nlasvc  

 sc query nlasvc 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: nlasvc

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService

        LOAD_ORDER_GROUP   : 

        TAG                : 0

        DISPLAY_NAME       : NLA (Network Location Awareness)

        DEPENDENCIES       : NSI

                           : RpcSs

                           : TcpIp

        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 

SERVICE_NAME: nlasvc 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc nla  

 sc query nla 

) 

[SC] OpenService FEHLER 1060:
 

Der angegebene Dienst ist kein installierter Dienst.
 

[SC] EnumQueryServicesStatus:OpenService FEHLER 1060:
 

Der angegebene Dienst ist kein installierter Dienst.
 
 

C:\Users\Reggi\Desktop>(

sc qc rpcss  

 sc query rpcss 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: rpcss

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k rpcss

        LOAD_ORDER_GROUP   : COM Infrastructure

        TAG                : 0

        DISPLAY_NAME       : Remoteprozeduraufruf (RPC)

        DEPENDENCIES       : RpcEptMapper

                           : DcomLaunch

        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 

SERVICE_NAME: rpcss 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 4  RUNNING 

                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc lanmanserver  

 sc query lanmanserver 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: lanmanserver

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs

        LOAD_ORDER_GROUP   : 

        TAG                : 0

        DISPLAY_NAME       : Server

        DEPENDENCIES       : SamSS

                           : Srv

        SERVICE_START_NAME : LocalSystem
 

SERVICE_NAME: lanmanserver 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 4  RUNNING 

                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc lmhosts  

 sc query lmhosts 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: lmhosts

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

        LOAD_ORDER_GROUP   : TDI

        TAG                : 0

        DISPLAY_NAME       : TCP/IP-NetBIOS-Hilfsdienst

        DEPENDENCIES       : NetBT

                           : Afd

        SERVICE_START_NAME : NT AUTHORITY\LocalService
 

SERVICE_NAME: lmhosts 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc lanmanworkstation  

 sc query lanmanworkstation 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: lanmanworkstation

        TYPE               : 20  WIN32_SHARE_PROCESS 

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService

        LOAD_ORDER_GROUP   : NetworkProvider

        TAG                : 0

        DISPLAY_NAME       : Arbeitsstationsdienst

        DEPENDENCIES       : Bowser

                           : MRxSmb10

                           : MRxSmb20

                           : NSI

        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 

SERVICE_NAME: lanmanworkstation 

        TYPE               : 20  WIN32_SHARE_PROCESS  

        STATE              : 1  STOPPED 

        WIN32_EXIT_CODE    : 2  (0x2)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc wzcsvc  

 sc query wzcsvc 

) 

[SC] OpenService FEHLER 1060:
 

Der angegebene Dienst ist kein installierter Dienst.
 

[SC] EnumQueryServicesStatus:OpenService FEHLER 1060:
 

Der angegebene Dienst ist kein installierter Dienst.
 
 

C:\Users\Reggi\Desktop>(

sc qc afd  

 sc query afd 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: afd

        TYPE               : 1  KERNEL_DRIVER 

        START_TYPE         : 1   SYSTEM_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : \SystemRoot\system32\drivers\afd.sys

        LOAD_ORDER_GROUP   : PNP_TDI

        TAG                : 0

        DISPLAY_NAME       : Ancillary Function Driver for Winsock

        DEPENDENCIES       : 

        SERVICE_START_NAME : 
 

SERVICE_NAME: afd 

        TYPE               : 1  KERNEL_DRIVER  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc netbt  

 sc query netbt 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: netbt

        TYPE               : 1  KERNEL_DRIVER 

        START_TYPE         : 1   SYSTEM_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : System32\DRIVERS\netbt.sys

        LOAD_ORDER_GROUP   : PNP_TDI

        TAG                : 0

        DISPLAY_NAME       : NetBT

        DEPENDENCIES       : Tdx

                           : tcpip

        SERVICE_START_NAME : 
 

SERVICE_NAME: netbt 

        TYPE               : 1  KERNEL_DRIVER  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc tcpip  

 sc query tcpip 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: tcpip

        TYPE               : 1  KERNEL_DRIVER 

        START_TYPE         : 0   BOOT_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : \SystemRoot\System32\drivers\tcpip.sys

        LOAD_ORDER_GROUP   : PNP_TDI

        TAG                : 3

        DISPLAY_NAME       : TCP/IP-Protokolltreiber

        DEPENDENCIES       : 

        SERVICE_START_NAME : 
 

SERVICE_NAME: tcpip 

        TYPE               : 1  KERNEL_DRIVER  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0
 

C:\Users\Reggi\Desktop>(

sc qc ipsec  

 sc query ipsec 

) 

[SC] OpenService FEHLER 1060:
 

Der angegebene Dienst ist kein installierter Dienst.
 

[SC] EnumQueryServicesStatus:OpenService FEHLER 1060:
 

Der angegebene Dienst ist kein installierter Dienst.
 
 

C:\Users\Reggi\Desktop>(

sc qc tdx  

 sc query tdx 

) 

[SC] QueryServiceConfig ERFOLG
 

SERVICE_NAME: tdx

        TYPE               : 1  KERNEL_DRIVER 

        START_TYPE         : 1   SYSTEM_START

        ERROR_CONTROL      : 1   NORMAL

        BINARY_PATH_NAME   : system32\DRIVERS\tdx.sys

        LOAD_ORDER_GROUP   : PNP_TDI

        TAG                : 4

        DISPLAY_NAME       : NetIO-Legacy-TDI-Supporttreiber

        DEPENDENCIES       : Tcpip

        SERVICE_START_NAME : 
 

SERVICE_NAME: tdx 

        TYPE               : 1  KERNEL_DRIVER  

        STATE              : 4  RUNNING 

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0

So das erfordert jetzt ein wenig Frage und Antwort-Spielchen :)

Öffne bitte eine Konsole mit Windowstaste + R > cmd > Enter

Gibt bitte exakt so ein:

sc start lanmanworkstation

Was für eine Ausgabe bekommst du?

ok antwort ist

[SC] StartService: OpenService FEHLER 5:

Zugriff verweigert

Ok anders probieren:

Start > Zubehör > Eingabeaufforderung (Rechtsklick > "als Administrator")

Befehl wiederholen bitte.

ok da kommt mehr

service name: lanmanworkstation
type: 20 win32_share_process
state: 3 stop_pending
(stoppable, not_pausable, ignores_shutdown)
win32 exit code: 2 (0x2)
sirvice exit code: 0 (0x0)
checkpoint: 0x0
wait hint: 0x0
pid: 760
flags:

Das wird noch spannend. Ich melde mich morgen wieder.

ok alles klar bis morgen

Probieren wir mal das hier aus:

Downloade dir bitte Complete Internet Repair von |MG| Complete Internet Repair 1.3.1.1315 Download

Starte das Programm, hake alle Optionen an und klicke GO.

ok gemacht...er hat auch alles ausgeführt aber eine fehlermeldung kam

und zwar irgendwas mit wuauclt konnte nich gefunden werden

und mein firefox geht immer noch nicht

Ich schätze wir nähern uns dem Punkt an dem ich kapitulieren muss.

Hast du deine Windows 7 DVD zur Hand?
Steht darauf, Windows 7 mit Servicepack 1?

Also doch neu aufsetzen?

Nein soweit sind wir noch nicht. Also hast du deine DVD und was steht drauf?

nee leider nich die muss ich erstmal suchen...hoffe die is beim umzug nich abhanden gekommen...aber ich guck mal

was mache ich jetzt eigentlich mit meinem onfizierten usb stick?

Die Daten darauf brauchen wir eher doch nicht und du kannst ihn formatieren.

Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen