| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschrim nach Modzilla startWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.10.2012, 19:47
| #1 |
| |  Weißer Bildschrim nach Modzilla start Guten Tag, habe das selbe Problem wie mach anderer hier und erhalte nach starten des PC's nur einen Weißen bildschrim mit der aufschrift : Programm konnte die seite nicht anzeigen. (Durch Mov***k verursacht) habe mir bereits oldtimer geladen und bitte nun um eine kleine anleitung und den text. Vielen Lieben dank für die Hilfe (ab jetzt lass ich auch die finger von dem scheiß ._. ) Geändert von mojo22215 (04.10.2012 um 20:10 Uhr) |
|
04.10.2012, 20:00
| #2 |
| | Weißer Bildschrim nach Modzilla start habe bereits den OTL von Oldtimer durchgeführt und folgende texte erhalten :
__________________OTL.txt.datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.10.2012 20:37:44 - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Seven\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 80,94% Memory free 8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 10,70 Gb Free Space | 21,91% Space Free | Partition Type: NTFS Drive D: | 416,83 Gb Total Space | 121,96 Gb Free Space | 29,26% Space Free | Partition Type: NTFS Drive Z: | 100,00 Mb Total Space | 61,69 Mb Free Space | 61,69% Space Free | Partition Type: NTFS Computer Name: SEVEN-PC | User Name: Seven | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.04 20:19:31 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Seven\Downloads\OTL.exe PRC - [2012.09.07 21:11:04 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.06 19:35:03 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2011.08.18 16:25:12 | 001,101,960 | ---- | M] () -- D:\Programme\AD-Ware\AWSC.exe ========== Modules (No Company Name) ========== MOD - [2012.09.07 21:11:04 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.09.06 19:35:03 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.25 16:08:45 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.20 22:45:17 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 21:11:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.05 19:00:14 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.08.15 12:44:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- D:\Games\Smite\HiPatchService.exe -- (HiPatchService) SRV - [2012.02.27 21:48:37 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.12.19 16:33:50 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- D:\Programme\AD-Ware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.12.19 15:46:42 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Programme\AVG\avgwdsvc.exe -- (avg9wd) SRV - [2011.12.19 15:44:49 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- D:\Programme\AVG\avgemc.exe -- (avg9emc) SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\AVG\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.28 17:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.05 19:00:26 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.20 11:22:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64) DRV:64bit: - [2011.12.20 02:17:26 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.12.19 15:46:44 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA) DRV:64bit: - [2011.12.19 15:46:44 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.08.18 16:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 7B 07 A4 51 BE CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..network.proxy.http: "199.195.109.21" FF - prefs.js..network.proxy.http_port: 9090 FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKCU\Software\MozillaPlugins\@mail.ru/GameCenter: C:\Users\Seven\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll (Mail.Ru) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Programme\AVG\Firefox [2011.12.19 16:38:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.05 19:00:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 21:11:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 21:11:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.19 15:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\Extensions [2012.09.17 19:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions [2012.07.25 20:39:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.08 19:56:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.17 19:43:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.02 20:24:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.09.16 19:54:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Seven\AppData\Roaming\mozilla\Firefox\Profiles\tu6lldje.default\extensions\ich@maltegoetz.de [2012.08.22 22:38:56 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\firefox\profiles\tu6lldje.default\extensions\ciuvo-extension@icq.de.xpi [2012.08.29 22:56:07 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Seven\AppData\Roaming\mozilla\firefox\profiles\tu6lldje.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.09.27 20:42:35 | 000,001,056 | ---- | M] () -- C:\Users\Seven\AppData\Roaming\mozilla\firefox\profiles\tu6lldje.default\searchplugins\icqplugin.xml [2012.09.11 20:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 21:11:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.17 23:05:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 19:00:05 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.31 19:12:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.17 23:05:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 23:05:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 23:05:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 23:05:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.22 13:18:54 | 000,002,152 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.de O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.de O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.de O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.de O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.de O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.de O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.de O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.de O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.de O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.de O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.de O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.de O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 19 more lines... O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\AVG\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVG9_TRAY] D:\Programme\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe () O4 - HKCU..\Run: [Azrove] C:\Users\Seven\AppData\Roaming\Etaf\ilymg.exe File not found O4 - HKCU..\Run: [dsteegzxzxtwuff] C:\ProgramData\dsteegzx.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [Spotify] C:\Users\Seven\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seven\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\Icq7\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\Icq7\ICQ7.7\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C2DF0ED-F4F5-4539-8599-7C8C2EADBAE6}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell - "" = AutoRun O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell - "" = AutoRun O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell\AutoRun\command - "" = H:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BambooCore - hkey= - key= - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - File not found MsConfig:64bit - StartUpReg: GameCenterMailRu - hkey= - key= - File not found MsConfig:64bit - StartUpReg: lxeamon.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Sony PC Companion - hkey= - key= - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Unable to open variant key CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012.10.04 19:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ifjeqzbxzmaphvc [2012.10.03 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Zuby [2012.10.03 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Quir [2012.10.03 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Etaf [2012.10.03 01:14:22 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\runic games [2012.09.30 19:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft [2012.09.30 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg [2012.09.30 18:59:46 | 001,711,104 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysNative\synsoacc.dll [2012.09.30 18:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eLicenser [2012.09.22 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\Seven\Documents\Games for Windows - LIVE Demos [2012.09.22 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.09.21 17:55:13 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Local\Spotify [2012.09.21 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Spotify [2012.09.07 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.05 19:00:26 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.04 20:04:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.10.04 20:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.04 20:04:06 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.10.04 19:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 19:39:33 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.04 19:39:33 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.04 19:26:05 | 000,076,359 | ---- | M] () -- C:\ProgramData\hxrnlgtkhzhiiqg [2012.10.04 19:26:01 | 000,105,984 | ---- | M] () -- C:\Users\Seven\ms.exe [2012.10.04 19:26:01 | 000,105,984 | ---- | M] () -- C:\ProgramData\dsteegzx.exe [2012.10.04 18:55:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.10.04 18:55:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.10.04 18:54:35 | 096,450,964 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2012.09.30 19:01:24 | 000,002,892 | ---- | M] () -- C:\Windows\SysWow64\audcon.sys [2012.09.30 18:59:47 | 000,000,051 | ---- | M] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2012.09.28 19:19:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.28 19:19:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.28 19:19:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.28 19:19:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.28 19:19:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.20 20:34:09 | 000,000,818 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.09.05 19:00:26 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.04 20:04:26 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.10.04 19:26:04 | 000,105,984 | ---- | C] () -- C:\ProgramData\dsteegzx.exe [2012.10.04 19:26:02 | 000,076,359 | ---- | C] () -- C:\ProgramData\hxrnlgtkhzhiiqg [2012.10.04 19:26:01 | 000,105,984 | ---- | C] () -- C:\Users\Seven\ms.exe [2012.09.30 19:01:24 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2012.09.30 18:59:47 | 000,147,425 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Aide.chm [2012.09.30 18:59:46 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm [2012.09.30 18:59:46 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm [2012.09.30 18:59:46 | 000,120,468 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Hilfe.chm [2012.09.30 18:59:46 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm [2012.09.30 18:59:46 | 000,114,279 | ---- | C] () -- C:\Windows\SysNative\SYNSOACC-Help.chm [2012.09.30 18:59:43 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2012.09.30 18:59:43 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2012.09.21 17:55:13 | 000,001,799 | ---- | C] () -- C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.07.07 17:25:06 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.27 21:48:39 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.27 21:48:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.14 18:38:14 | 000,000,132 | ---- | C] () -- C:\Users\Seven\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.31 03:48:16 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.12.26 13:46:23 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll [2011.12.26 13:46:22 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll [2011.12.22 21:44:49 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.12.22 21:44:49 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.12.21 01:14:12 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.12.19 15:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.07 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Audacity [2012.06.03 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Braid [2012.07.31 00:17:57 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\DAEMON Tools Lite [2012.05.11 18:10:45 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\DVDVideoSoft [2012.02.08 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.04 19:31:35 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Etaf [2011.12.23 02:20:19 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\FRITZ! [2012.10.01 23:03:59 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\ICQ [2011.12.19 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\IObit [2011.12.19 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\LolClient [2012.05.25 12:31:34 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\LolClient2 [2011.12.30 14:10:16 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\OpenOffice.org [2012.05.27 15:45:20 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\PACE Anti-Piracy [2012.10.04 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Quir [2012.10.03 01:14:22 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\runic games [2012.10.04 19:38:41 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Spotify [2012.05.27 15:50:26 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.10.03 16:14:24 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Steinberg [2012.07.25 00:18:40 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\TS3Client [2011.12.29 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Ubisoft [2012.10.03 16:14:24 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\VST3 Presets [2012.05.11 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Wacom [2012.05.11 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.08.31 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\YourFileDownloader [2012.10.03 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Zuby ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.21 19:47:15 | 000,000,000 | -H-D | M] -- C:\$AVG [2012.07.13 21:23:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.02.01 13:30:25 | 000,000,000 | ---D | M] -- C:\AMD [2011.12.19 15:29:01 | 000,000,000 | ---D | M] -- C:\ATI [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.12.19 15:15:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.12.26 13:59:49 | 000,000,000 | ---D | M] -- C:\logs [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.03 16:09:55 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.03 16:16:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.10.04 19:26:06 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.12.19 15:15:00 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.19 15:15:01 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.10.04 18:51:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.19 15:15:13 | 000,000,000 | R--D | M] -- C:\Users [2012.10.04 20:04:06 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.07 14:07:59 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.10.04 20:04:26 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.05.11 18:41:28 | 000,000,002 | ---- | M] () -- C:\Users\Seven\.bdockinstall.log [2012.06.10 11:45:53 | 000,069,831 | ---- | M] () -- C:\Users\Seven\DesktopStCenter.txt [2012.10.04 19:26:01 | 000,105,984 | ---- | M] () -- C:\Users\Seven\ms.exe [2012.10.04 20:42:43 | 002,883,584 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT [2012.10.04 20:42:42 | 000,262,144 | -HS- | M] () -- C:\Users\Seven\ntuser.dat.LOG1 [2011.12.19 15:15:16 | 000,000,000 | -HS- | M] () -- C:\Users\Seven\ntuser.dat.LOG2 [2011.12.19 15:19:52 | 000,065,536 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.12.19 15:19:52 | 000,524,288 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.12.19 15:19:52 | 000,524,288 | -HS- | M] () -- C:\Users\Seven\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.12.19 15:15:16 | 000,000,020 | -HS- | M] () -- C:\Users\Seven\ntuser.ini [2012.07.14 02:03:37 | 000,062,976 | -HS- | M] () -- C:\Users\Seven\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 1248 bytes -> C:\Users\Seven\AppData\Local\Temp:HVwps2Wks5HfWCfjLdIwUa @Alternate Data Stream - 1180 bytes -> C:\Users\Seven\AppData\Local\Temp:xgxtGMbprvYvdcwHU79JeDWQ < End of report > . . . . . extra.txt.datei :OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.10.2012 20:37:44 - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Seven\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 80,94% Memory free
8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 10,70 Gb Free Space | 21,91% Space Free | Partition Type: NTFS
Drive D: | 416,83 Gb Total Space | 121,96 Gb Free Space | 29,26% Space Free | Partition Type: NTFS
Drive Z: | 100,00 Mb Total Space | 61,69 Mb Free Space | 61,69% Space Free | Partition Type: NTFS
Computer Name: SEVEN-PC | User Name: Seven | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe Creative Suite 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe Creative Suite 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A0F21E-112E-410D-A45E-C6AC45EED0C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{09019D06-2B50-4118-B979-9A2F317BC6DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C3C49AA-3FAA-4EF2-9EAA-80C3D82209F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19C90A4D-D3B4-4DCB-9C15-BB77254FC64B}" = lport=59023 | protocol=17 | dir=in | name=pando media booster |
"{1E3B74FB-C5A0-4633-AAB9-4BDC07EBE3B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E735434-6A42-4720-B496-7318DF078482}" = rport=445 | protocol=6 | dir=out | app=system |
"{30318389-5D43-46E2-BA54-287C08F9AFD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{305C6589-B477-42D0-84C0-2980E9A348E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{353FC863-2E54-45D3-A4C8-65DAAE32E4E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50362F35-1273-4452-9202-C6D5E57F754E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56440972-D293-462B-9BC0-D50BC471379B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CC51FD3-44C8-41C5-8FFD-494E860290DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{5F270CA2-8A94-4526-9FCC-1086D3CCEF8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{702421F6-48FC-431F-AFF6-C8F066C2A6C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{74670E63-E1D2-4D78-8F7F-7F6288BABA7C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{84B63441-4BA8-4C5F-8A4E-410096D5C70B}" = lport=59023 | protocol=17 | dir=in | name=pando media booster |
"{8649CD6B-0377-4AB9-8366-398FAE486CDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{87A78AC1-E4DC-4A7D-82BA-F27A6EDE8179}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A049C766-A366-4E28-9A13-63125FFFCF8A}" = lport=59023 | protocol=6 | dir=in | name=pando media booster |
"{AF3A7486-9FEC-4272-A309-B1070F7EE877}" = lport=138 | protocol=17 | dir=in | app=system |
"{BB598F63-AAF0-4E78-8070-FF1732CD3341}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{BD8AA0AE-B2B7-4093-88E8-E9407178BB0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DDC7B6C1-7BF0-43C4-B517-83B09BD1A7AB}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{DE1804A0-5586-48F9-AA02-7735DF21BF0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2504786-1212-496D-9504-72E903FB1AFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{E6EA3BF1-96DD-4389-8FA0-8FA231E4D4B4}" = lport=59023 | protocol=6 | dir=in | name=pando media booster |
"{F1525A98-44B2-459C-80BD-18E83DC086AC}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1994D3A-51B8-45CA-8B87-EFF85509986B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBBD1CBD-6984-4096-AD0D-56110C07C7B0}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A6CF1B-B1AE-4D7C-B425-CB12794E6706}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\torchlight\torchlight.exe |
"{0771F7EC-3175-4183-8412-B119A39F762F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{07A7254B-2E3F-4005-A072-DD72D61EB72F}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{07CD126E-D610-4696-8E36-1253A47DA513}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{086664E4-80AD-4052-8990-378977177650}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{094047B6-FCA8-44F4-BE4D-BABAE57D90B3}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{0B727EF4-2959-4492-9D41-4971E8011CEC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0BA01CE7-3810-424A-9AC3-A606236BD09F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0EBE088F-3395-4BA3-A3A5-3048700BF092}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1128E111-CE95-44F4-9820-078112DAC8C8}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe |
"{1206D464-3208-4B2F-9A1F-CBC649B6B8DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A442E38-2DAA-4D93-9002-E29A38228056}" = dir=in | app=d:\programme\avg\avgupd.exe |
"{1D6E9C41-489A-453F-8DAE-AABFC373C3B2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{25311B31-D72A-41B0-A181-8B335E1F6089}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe |
"{258E1156-4AEF-47BB-B6D7-45EEAD61CB75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B222BF1-FBD4-4E38-9920-ADDC991BD713}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{30ECBFCD-B319-4D3E-8BE1-64215D78CC6F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{32258D04-EA12-4D54-8B5B-5A3774FDD675}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{3303FF50-F5B1-4A43-911F-CABD1CCFE74E}" = dir=in | app=d:\programme\avg\avgnsa.exe |
"{34CC6206-141B-4E12-9078-B196FC298FD7}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{3581352C-944F-41A6-813E-877962DAE099}" = protocol=17 | dir=in | app=d:\games\riot games\league of legends\game\league of legends.exe |
"{3800B555-461C-40D4-ABAB-1D4568B9C620}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\moinneseli\counter-strike source\hl2.exe |
"{39FD4F2D-7046-492C-A18F-44195BCD215A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3B8BE04F-707F-44F9-A585-B2D9D1EF464A}" = dir=in | app=d:\programme\avg\avgemc.exe |
"{415241C9-56B1-4BC4-AA85-FF5FEE1FFBAE}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{423EC8EA-0F52-483E-BF01-1BA38AA8FB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{42D0EEAF-F211-47E7-8EF0-A965750226F4}" = protocol=17 | dir=in | app=d:\games\riot games\league of legends\air\lolclient.exe |
"{44BA2AC2-ABA7-425A-B538-10EC77172949}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{46B3C77F-A9B2-4964-AD31-AF905961ACAF}" = protocol=17 | dir=in | app=d:\games\batman_asylum\binaries\shippingpc-bmgame.exe |
"{46B50C59-6945-4F96-AE41-1CCC5A731971}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{49B6A4F4-964A-4214-9AC6-F7BAD3F333FF}" = protocol=17 | dir=in | app=d:\games\assasins creed ii\assassinscreediigame.exe |
"{4E48F2EE-436B-48F6-BEA9-556EEA904E03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50053230-DE1A-4910-970F-E24FB59ECA75}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe |
"{518ECCE8-629B-4103-A0F9-E2CBA558EBCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{542F95FB-7EF9-42CF-8CF1-2F06ED116D0D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{56000D40-E254-432B-B759-6224A69B5AD8}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{56B48694-B8C8-42EF-A8E6-46C324490673}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{5C22F230-9C57-48EE-9017-CE3487ADC5AC}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe |
"{5D4F43D7-97F2-4248-AA20-EE9081A81AE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E56E538-A8B4-4063-9AD6-110D90834C95}" = protocol=6 | dir=in | app=d:\games\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{626863CC-BD53-4AF7-8E5F-B4E2C420DCF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{646853D6-AB6C-4BBD-B8C5-EAD347AB15D9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6682FB6F-3D00-4AA2-9439-392414B11B23}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe |
"{682C9FE2-D7E0-4AE0-B902-88F7DD314FF2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{69D243EE-14CE-4B55-9447-95D42A4E36B8}" = protocol=6 | dir=in | app=d:\games\riot games\league of legends\air\lolclient.exe |
"{6ACC0D7A-4A85-41B3-B9CD-A9A7C5C5297A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7024BB1B-0E53-4690-8434-1A1FB81EB31A}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{73F3AE0A-8BB2-4A2C-BCE5-128817794852}" = protocol=17 | dir=in | app=d:\games\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{7430F714-6647-495A-B7BC-E360F0323873}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75BE2DDB-F308-403C-8F61-86B93A9C1FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7713AE58-D6F7-4AAD-80BD-ADC9C044C7F3}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe |
"{77359879-78B1-48E1-A64E-1BEAD5EF23F0}" = protocol=6 | dir=out | app=system |
"{871CCC64-9F31-4422-BB31-8033045A309B}" = protocol=6 | dir=in | app=d:\games\assasins creed ii\uplaybrowser.exe |
"{87A682DE-2973-4231-887B-4CA7D43D30F0}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{87CF10D4-EB7C-4BAE-835D-65266CA09969}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{8F454C25-E99E-4B12-91D0-0F1F96D87FB4}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe |
"{9120E162-2D0C-4E92-B57F-D01D1D61BFAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99FA85E6-3894-47B6-A02C-A5741B5C78F2}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe |
"{9FC17EF1-060B-4DCF-B8E3-64D69D4684FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A49AA610-AA25-4020-AAF2-13304869D663}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe |
"{A9A97A53-2ECF-4493-80AC-4DCDD400911D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{AA399B82-5870-46B8-B36F-B4909FB9D073}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{ABA4E463-70D5-4735-AE56-FA09DD1B7F1E}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\moinneseli\counter-strike source\hl2.exe |
"{AC1AF938-676E-45EB-9C50-75CDA2B132FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0A7C346-777D-4861-AA10-267BEE6CEAE1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B385BA5B-D1D2-4B24-B478-AE980B457A68}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{B4894610-FFB8-4D65-A795-3C118BCDC065}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BBC2C38E-07FA-4D41-8A29-BE582819888C}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe |
"{C1338284-B87D-4638-B2CE-33F015476C42}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{C38C9B1C-3032-46A5-978B-E92C5BCF7CA4}" = protocol=6 | dir=in | app=d:\games\riot games\league of legends\game\league of legends.exe |
"{CCCA26F0-F6F5-4708-8BC2-5321DC9D0085}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe |
"{CEAAA99A-0D65-4F83-B5E6-4CB45FC62B3B}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{D090FB93-EB18-4248-AA23-5D18AD61A104}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe |
"{D0ABA17E-A951-45F7-9D0B-CAE2293041F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D518B46C-B200-41C3-88B0-2253979BFB24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5BCB82E-110E-4EC9-AF41-64ED2E5B3108}" = protocol=6 | dir=in | app=d:\games\assasins creed ii\assassinscreediigame.exe |
"{D9658B25-8B57-4B63-B35D-3193F5124935}" = protocol=6 | dir=in | app=d:\games\assasins creed ii\assassinscreedii.exe |
"{E052E830-1A14-4104-BF89-23E3E11D54B7}" = protocol=17 | dir=in | app=d:\games\assasins creed ii\assassinscreedii.exe |
"{E21B24F8-587D-4D36-8A32-61F3E3DD5FCB}" = protocol=6 | dir=in | app=d:\games\batman_asylum\binaries\shippingpc-bmgame.exe |
"{E784A58D-FBE6-4D84-95A4-E56F19CAE716}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe |
"{E8C42FE8-3A0B-40B0-836C-D61B839B2B3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE4494CD-B57A-4B0C-BB91-E300BFD77189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE9713F1-F039-4B08-92C8-1EF0901E13F6}" = protocol=6 | dir=in | app=d:\games\apb reloaded\binaries\vivoxvoiceservice.exe |
"{EEF060A1-8822-4E60-B660-5AE2DCF72935}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EF588B67-8BD6-4E03-AE19-557AF23DE7C9}" = protocol=17 | dir=in | app=d:\games\assasins creed ii\uplaybrowser.exe |
"{F1BA1B89-D666-454D-AAF8-9D0429BA84F0}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{F4A444F8-4D4A-44F9-B96C-9FC45D881C52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F936155A-8219-4220-A1FC-788B7B71AE29}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\counter-strike\hl.exe |
"{FA63F864-1C57-4D07-8F32-4B0BCB573692}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FCD96D59-48B2-4A28-A85C-CD6B7296F7D6}" = protocol=17 | dir=in | app=d:\games\apb reloaded\binaries\apb.exe |
"{FD06CD37-B9FB-439E-8C54-87F3ED05C6B2}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\torchlight\torchlight.exe |
"{FE068F27-0683-4C2A-8B96-A8CE50D9F777}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe |
"{FE25CC4E-AD2A-4C56-9650-43101B08451A}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\rage\rage.exe |
"TCP Query User{0B216A71-DE23-444E-8CB3-7DE5A1307A05}D:\games\hon\hon.exe" = protocol=6 | dir=in | app=d:\games\hon\hon.exe |
"TCP Query User{0E8872AD-2001-4595-B8DC-B161E88C2628}D:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe |
"TCP Query User{1C94E711-FE54-48A2-9874-31005C50EF93}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{5E2FEE2B-61CA-4D92-92C7-8F00E5727816}D:\programme\icq7\icq7.7\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe |
"TCP Query User{64440937-EDA7-4AFA-9524-64CD5355B864}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"TCP Query User{794815CB-CEC3-4B76-B055-54CD825E709B}C:\users\seven\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\local\temp\gw2.exe |
"TCP Query User{7C9CB44B-CD7C-43B2-90A0-8BDC28292043}D:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe |
"TCP Query User{812C40F6-986E-4DEB-A8B1-63F1471E8A78}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{8BDFC30D-8A7A-4A9F-9155-9FA8EC7C78CC}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{8ECCFCD8-315F-454B-9F40-7BB76C1D86D1}C:\users\seven\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\roaming\spotify\spotify.exe |
"TCP Query User{BBE66F8F-B012-49D8-AF62-B04F51E2BB03}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C63014A3-6277-488C-999A-B76E97EE7B9C}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=6 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"TCP Query User{E9331241-1997-4E8F-B85D-E9E577D730D2}D:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe |
"TCP Query User{EBE64BFF-40A1-4F57-9478-DA5E22C6C1EF}D:\programme\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=d:\programme\lolreplay\lolreplay.exe |
"TCP Query User{FA8EDF83-D87B-42FA-82B8-75F359D30538}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe |
"UDP Query User{1B5FF148-2065-4005-8886-9D301DBB96D6}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"UDP Query User{29627376-87D1-4C32-AE46-85B5E4B62011}C:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe |
"UDP Query User{2C883F4D-2C18-46CD-8545-BA139A03F24A}C:\users\seven\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\local\temp\gw2.exe |
"UDP Query User{2D5B8988-CB73-473D-A197-264CF9399AB5}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{4558283E-1B34-4AE8-845C-9F0CC764C7ED}D:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\moinneseli\pirates, vikings, and knights ii\hl2.exe |
"UDP Query User{50FF3480-1151-490E-9FA1-F60119D47AC8}C:\users\seven\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\seven\appdata\roaming\spotify\spotify.exe |
"UDP Query User{65518E92-58C2-46A5-A9BB-2B4EDD61EA36}D:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\pirates, vikings, and knights ii\hl2.exe |
"UDP Query User{7CE7375D-3616-4CB1-B266-BD4DEEC36E28}D:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\seven_1_6\team fortress 2\hl2.exe |
"UDP Query User{A44AF554-43C1-43F0-A559-7D56C58C91FC}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe |
"UDP Query User{AD2A5710-9BCD-402D-984A-6322DC6FD904}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{C673719C-8474-4B20-B2EE-FF2A49EB471C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{CE427A72-ABF1-45EC-BEB9-B17B62CFA7E1}D:\games\hon\hon.exe" = protocol=17 | dir=in | app=d:\games\hon\hon.exe |
"UDP Query User{EB9EC281-BDD2-46F1-A565-3ED1204543A0}D:\programme\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=d:\programme\lolreplay\lolreplay.exe |
"UDP Query User{F11648E4-B997-4BD0-A474-4DBFE094EC5F}D:\programme\icq7\icq7.7\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.7\icq.exe |
"UDP Query User{F8253143-5329-46CB-8A8C-B05FB44DDF2E}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7604A79D-245D-45BB-AFBB-975DE69FFF80}" = Digidesign M-Audio Keyboard Personality 8.0
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFABC775-5386-4BA5-86B4-505BBD36E812}" = Batman: Arkham Asylum Game of the Year Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"Audiograbber" = Audiograbber 1.83 SE
"AVG9Uninstall" = AVG Free 9.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bamboo Dock" = Bamboo Dock
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Commandos 2: Men of Courage_is1" = Commandos 2: Men of Courage
"Commandos 3: Destination Berlin_is1" = Commandos 3: Destination Berlin
"Commandos Strike Force_is1" = Commandos Strike Force
"Commandos: Hinter feindlichen Linien_is1" = Commandos: Hinter feindlichen Linien
"Commandos: Im Auftrag der Ehre_is1" = Commandos: Im Auftrag der Ehre
"Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros._is1" = Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros. version 1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"GamersFirst LIVE!" = GamersFirst LIVE!
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Guild Wars 2" = Guild Wars 2
"LOLReplay" = LOLReplay
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Massive" = Native Instruments Massive
"NCLauncher_GameForge" = NC Launcher (GameForge)
"PunkBusterSvc" = PunkBuster Services
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 10" = Counter-Strike
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 240" = Counter-Strike: Source
"Steam App 41500" = Torchlight
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.3
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameCenterMailRu" = Игровой центр@Mail.Ru
"Limbo" = LIMBO
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2012 13:24:53 | Computer Name = Seven-PC | Source = TabletServicePen | ID = 1
Description =
Error - 04.10.2012 12:51:15 | Computer Name = Seven-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgtray.exe, Version: 9.0.0.926,
Zeitstempel: 0x4f13ec5a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001528e ID des fehlerhaften
Prozesses: 0x2dc Startzeit der fehlerhaften Anwendung: 0x01cda2506dafa760 Pfad der
fehlerhaften Anwendung: D:\Programme\AVG\avgtray.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: b53763c0-0e43-11e2-8a26-90e6bae1ce2e
Error - 04.10.2012 13:11:39 | Computer Name = Seven-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1444 Startzeit:
01cda25199bceab0 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
8d60d041-0e46-11e2-8a26-90e6bae1ce2e
Error - 04.10.2012 13:14:27 | Computer Name = Seven-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 568 Startzeit:
01cda253aeb5d7a4 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
f0ec6715-0e46-11e2-8a26-90e6bae1ce2e
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
Fehler: 12007 (0x2ee7).
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
Fehler: Diese Netzwerkverbindung ist nicht vorhanden. .
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
Fehler: Diese Netzwerkverbindung ist nicht vorhanden. .
Error - 04.10.2012 14:10:43 | Computer Name = Seven-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3B1EFD3A66EA28B16697394703A72CA340A05BD5.crt>.
Fehler: Diese Netzwerkverbindung ist nicht vorhanden. .
Error - 04.10.2012 14:42:33 | Computer Name = Seven-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Seven\Downloads\SoftonicDownloader_fuer_audacity.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 04.10.2012 14:42:33 | Computer Name = Seven-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Seven\Downloads\SoftonicDownloader_fuer_easeus-data-recovery-wizard.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
[ System Events ]
Error - 19.08.2012 11:12:32 | Computer Name = Seven-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 19.08.2012 14:26:07 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.08.2012 14:26:11 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxeaCATSCustConnectService erreicht.
Error - 19.08.2012 14:26:11 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 19.08.2012 14:26:40 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 20.08.2012 16:32:03 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 20.08.2012 16:32:07 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxeaCATSCustConnectService erreicht.
Error - 20.08.2012 16:32:07 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 20.08.2012 16:32:28 | Computer Name = Seven-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 20.08.2012 16:34:21 | Computer Name = Seven-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Geändert von mojo22215 (04.10.2012 um 20:11 Uhr) |
|
05.10.2012, 01:14
| #3 |
| /// Helfer-Team  | Weißer Bildschrim nach Modzilla start Wichtig: Loesche zuerst die OTL Version die du hast (hat einen Bug) und lade diese: OTL Download - OTL 3.2.69.0 Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..network.proxy.http: "199.195.109.21"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.type: 2
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.05 19:00:49 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Azrove] C:\Users\Seven\AppData\Roaming\Etaf\ilymg.exe File not found
O4 - HKCU..\Run: [dsteegzxzxtwuff] C:\ProgramData\dsteegzx.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell - "" = AutoRun
O33 - MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell - "" = AutoRun
O33 - MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\Shell\AutoRun\command - "" = H:\Startme.exe
@Alternate Data Stream - 1248 bytes -> C:\Users\Seven\AppData\Local\Temp:HVwps2Wks5HfWCfjLdIwUa
@Alternate Data Stream - 1180 bytes -> C:\Users\Seven\AppData\Local\Temp:xgxtGMbprvYvdcwHU79JeDWQ
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Seven\*.tmp
C:\Users\Seven\AppData\Local\{*}
C:\Users\Seven\AppData\Local\Temp\*.exe
C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
05.10.2012, 18:32
| #4 |
| | Weißer Bildschrim nach Modzilla start Hier der logfile von schritt 1. : All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{725D605C-ACA8-41B8-9FBC-0E72AC90CC2B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Prefs.js: "" removed from browser.search.defaultenginename Prefs.js: "" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage Prefs.js: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 removed from extensions.enabledAddons Prefs.js: ich@maltegoetz.de:1.4.3 removed from extensions.enabledAddons Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 removed from extensions.enabledAddons Prefs.js: "199.195.109.21" removed from network.proxy.http Prefs.js: 9090 removed from network.proxy.http_port Prefs.js: 2 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar deleted successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\skin folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\zh-tw folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\zh-cn folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\tr folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\sr folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\sk folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ru folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\pt-br folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\pt folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\pl folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\nl folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ms folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ko folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\ja folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\it folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\id folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\hu folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\fr folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\es-es folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\es folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\en folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\de folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\da folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale\cs folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules\locale folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\modules folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\locale\en-US folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\locale folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\components folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32\chrome folder moved successfully. C:\ProgramData\AVG Secure Search\12.2.5.32 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully. D:\Programme\Winamp\winampa.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Azrove deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dsteegzxzxtwuff deleted successfully. C:\ProgramData\dsteegzx.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cde79e81-2aea-11e1-b4e2-90e6bae1ce2e}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee93ba03-7bea-11e1-8708-90e6bae1ce2e}\ not found. File H:\Startme.exe not found. ADS C:\Users\Seven\AppData\Local\Temp:HVwps2Wks5HfWCfjLdIwUa deleted successfully. ADS C:\Users\Seven\AppData\Local\Temp:xgxtGMbprvYvdcwHU79JeDWQ deleted successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Seven\*.tmp not found. File\Folder C:\Users\Seven\AppData\Local\{*} not found. File\Folder C:\Users\Seven\AppData\Local\Temp\*.exe not found. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Seven\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Seven\Desktop\cmd.bat deleted successfully. C:\Users\Seven\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56478 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Seven ->Temp folder emptied: 107761056 bytes ->Temporary Internet Files folder emptied: 51513722 bytes ->FireFox cache emptied: 85212260 bytes ->Flash cache emptied: 67283 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 676821 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 234,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10052012_192642 Log zu schritt 3 : Code:
ATTFilter # AdwCleaner v2.003 - Datei am 10/05/2012 um 20:20:32 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzer : Seven - SEVEN-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Seven\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Iminent
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\Users\Seven\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Seven\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=nt
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\prefs.js
Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");
*************************
AdwCleaner[R1].txt - [6411 octets] - [05/10/2012 20:20:32]
########## EOF - C:\AdwCleaner[R1].txt - [6471 octets] ##########
Code:
ATTFilter # AdwCleaner v2.003 - Datei am 10/05/2012 um 20:22:57 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzer : Seven - SEVEN-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Seven\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\AVG Secure Search
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Gelöscht mit Neustart : C:\Program Files (x86)\Iminent
Gelöscht mit Neustart : C:\ProgramData\AVG Secure Search
Gelöscht mit Neustart : C:\Users\Seven\AppData\Local\AVG Secure Search
Gelöscht mit Neustart : C:\Users\Seven\AppData\LocalLow\AVG Secure Search
Gelöscht mit Neustart : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={611C58EC-8DDF-41CA-B881-085D98EA20F0}&mid=f7e5b9b9f61793af6313dbf486d57ab3-7ec935a7afec1fdcf665f4d6de688ab5dc84350b&lang=de&ds=AVG&pr=&d=2011-12-19 18:27:46&v=12.2.5.32&sap=nt --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\prefs.js
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\tu6lldje.default\user.js ... Gelöscht !
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");
*************************
AdwCleaner[R1].txt - [6532 octets] - [05/10/2012 20:20:32]
AdwCleaner[R2].txt - [6592 octets] - [05/10/2012 20:22:34]
AdwCleaner[S1].txt - [7413 octets] - [05/10/2012 20:22:57]
########## EOF - C:\AdwCleaner[S1].txt - [7473 octets] ##########
|
|
05.10.2012, 19:37
| #5 |
| /// Helfer-Team | Weißer Bildschrim nach Modzilla start Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) |
|
05.10.2012, 20:09
| #6 |
| | Weißer Bildschrim nach Modzilla start hier der mailware bytes log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.05.08 Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 Seven :: SEVEN-PC [Administrator] 05.10.2012 19:38:49 mbam-log-2012-10-05 (19-38-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 398905 Laufzeit: 30 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Seven\ms.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Seven\Downloads\ADLSoft_UnCompressor_1.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\10052012_192642\C_ProgramData\dsteegzx.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Games\Assasins Creed II\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
05.10.2012, 22:16
| #7 |
| /// Helfer-Team | Weißer Bildschrim nach Modzilla start Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
05.10.2012, 22:22
| #8 |
| | Weißer Bildschrim nach Modzilla start der pc läuft wie neu  eigentlich alles ok. ich habe AD-Ware nochmal durchlaufen lassen und er hat nichts gefunden. Danke für die hilfe ! )oke das Emsisoft geht nicht da ich kein service pack 1 habe |
|
05.10.2012, 23:44
| #9 | |
| /// Helfer-Team | Weißer Bildschrim nach Modzilla startZitat:
Alles Windows Updates einspielen, inkl. Service Pack! |
|
05.10.2012, 23:52
| #10 |
| | Weißer Bildschrim nach Modzilla start hm... er will das irgendwie nicht. Gibts da noch ein anderes programm ? also sonst läuft er jetzt ja auch super ohne mukken. Oder meinst du da ist noch was drauf ? |
|
05.10.2012, 23:57
| #11 | ||
| /// Helfer-Team | Weißer Bildschrim nach Modzilla startZitat:
Fehlermeldung? Zitat:
Ein nicht updatebares WIndows ist Schrott. |
|
06.10.2012, 13:44
| #12 |
| | Weißer Bildschrim nach Modzilla start hat geklappt, hier der log: Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0
Letztes Update: 06.10.2012 13:20:13
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Z:\
Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 06.10.2012 13:38:22
Gescannt 511354
Gefunden 0
Scan Ende: 06.10.2012 14:42:58
Scan Zeit: 1:04:36
|
|
06.10.2012, 14:46
| #13 |
| /// Helfer-Team | Weißer Bildschrim nach Modzilla start Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
21.11.2012, 05:21
| #14 |
| /// Helfer-Team | Weißer Bildschrim nach Modzilla start Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Weißer Bildschrim nach Modzilla start |
| anderer, anleitung, anzeige, bereits, bildschrim, erhalte, finger, geladen, guten, kleine, konnte, leitung, liebe, lieben, modzilla, problem, programm, scheiß, seite, start, starte, starten, verursacht, weiße, weißer |
Linear-Darstellung
