Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.05.2013, 19:25   #16
t'john
/// Helfer-Team
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



Danke.

wir wuenschen eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.05.2013, 15:13   #17
nometa
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



Sorry, etwas Wichtiges ist mir noch aufgefallen! Also mein Computer geht ziemlich langsam, und ich habe ein Programm, das sich nicht löschen lässt: "Snap.do" (Wenn ich es deinstallieren will, kommt: "Preparing to remove...", dann: "Please wait while Windows configures Snap.do...", dann verschwindet die Meldung, als wäre es fertig, aber Snap.do ist noch immer da!). Ich bin mir ziemlich sicher, dass ich dieses Programm an dem Tag bekam, an dem der Trojaner auftrat!
Bitte, wenn du mir hier noch helfen könntest, das wäre super.
__________________


Alt 09.05.2013, 16:21   #18
t'john
/// Helfer-Team
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



ok:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________

Alt 09.05.2013, 18:11   #19
nometa
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



Danke.

Übrigens braucht mein Rechner nicht nur gute fünf Minuten zum Hochfahren; ich kann ihn auch nicht mehr in den Ruhezustand schicken. Denn wenn ich es tue, fährt er sofort wieder hoch...

Hier die Logs:
AdwCleaner[S1].txt
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 09/05/2013 um 17:36:46 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Leon - DELL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Leon\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Leon\AppData\Local\Temp\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Chromium vnstall: 16724

Datei : C:\Users\Leon\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1116 octets] - [09/05/2013 17:36:46]

########## EOF - C:\AdwCleaner[S1].txt - [1176 octets] ##########
         
OTL.Txt
Code:
ATTFilter
OTL logfile created on: 09.05.2013 19:17:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203,24 Gb Total Space | 134,90 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 5,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
Drive L: | 19,53 Gb Total Space | 19,43 Gb Free Space | 99,50% Space Free | Partition Type: NTFS
Drive X: | 232,83 Gb Total Space | 224,81 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Leon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\BrmfRsmg.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (brmfrsmg) -- C:\Windows\System32\BrmfRsmg.exe (Brother Industries, Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NTGUARD) -- C:\Program Files\A1 Internetschutz\bin\NTGUARD.SYS File not found
DRV - (MpKslefcb334f) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D39BCF1-F8B8-43C9-8707-7D3F336DCC4B}\MpKslefcb334f.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (BDA_Capture_225) -- C:\Windows\System32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD)
DRV - (BrUsbScn) -- C:\Windows\System32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\Windows\System32\drivers\BrFilt.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 87 9A 81 EE 4B CE 01  [binary data]
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 01:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 01:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.13 01:01:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.08 02:12:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Users\Leon\Desktop\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Users\Leon\Desktop\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.13 01:01:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.08 02:12:18 | 000,000,000 | ---D | M]
 
[2012.01.24 05:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions
[2011.03.23 14:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.06.04 14:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
O1 HOSTS File: ([2011.12.18 02:52:29 | 000,001,766 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1       www.derstandard.at
O1 - Hosts: 127.0.0.1       derstandard.at
O1 - Hosts: 127.0.0.1       www.diepresse.com
O1 - Hosts: 127.0.0.1       diepresse.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {968631B6-4729-440D-9BF4-251F5593EC9A} - No CLSID value found.
O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.05.09 16:30:43 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C4051C7-D34A-4085-905F-947728AF463F}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D410E442-F380-4A2F-B7D9-77889AE698C3}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll) - C:\Program Files\Common Files\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01d1aa9b-af13-11dd-b701-001aa09eca84}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{01d1aa9b-af13-11dd-b701-001aa09eca84}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 19:15:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013.05.09 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013.05.09 16:30:43 | 000,000,000 | -H-D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2013.05.09 15:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.05.09 15:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.09 01:07:49 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Freecorder 8 Video
[2013.05.08 15:10:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.08 14:55:26 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\OpenOffice.org
[2013.05.08 14:54:22 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.08 14:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2013.05.08 14:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.05.08 13:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.08 13:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.05.08 03:05:51 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\OneNote-Notizbücher
[2013.05.08 01:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.05.08 00:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\hsswpr_lock
[2013.05.08 00:27:57 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.05.08 00:25:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.05.08 00:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.05.08 00:14:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013.05.08 00:14:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013.05.08 00:14:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2013.05.08 00:13:29 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Windows Live
[2013.05.08 00:13:05 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2013.05.08 00:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.05.07 22:38:26 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013.05.07 22:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdateInstaller
[2013.05.07 22:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2013.05.07 22:21:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.07 22:21:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.07 22:21:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.07 22:21:21 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.07 22:21:21 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.07 22:21:21 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.07 22:21:21 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.07 22:21:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.07 22:21:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.07 22:21:21 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.07 22:21:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.07 22:21:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.07 22:21:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.07 22:21:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.07 22:21:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.07 22:21:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.07 22:21:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.07 22:21:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.07 22:21:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.07 22:21:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.07 22:21:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.07 22:21:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.07 22:21:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.05.07 22:21:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013.05.07 22:21:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.07 22:21:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.07 22:21:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.07 22:21:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013.05.07 22:21:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.07 22:21:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.07 22:21:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.07 22:21:19 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013.05.07 22:21:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.07 22:21:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.07 22:21:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.07 22:21:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.07 22:21:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.07 13:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.07 13:21:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.07 13:21:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.07 13:21:53 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.05 21:57:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Malwarebytes
[2013.05.05 21:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.05 21:55:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.05 21:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.05 21:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.03 23:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jaksta Technologies
[2013.05.03 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension
[2013.04.13 01:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.04.10 15:47:38 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 15:47:37 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 15:47:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 15:45:52 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 15:45:39 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[4 C:\Users\Leon\Desktop\*.tmp files -> C:\Users\Leon\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 19:15:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe
[2013.05.09 19:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.09 18:53:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 18:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 17:55:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.09 17:52:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 17:52:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 17:51:56 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 17:50:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.09 17:34:33 | 000,628,743 | ---- | M] () -- C:\Users\Leon\Desktop\adwcleaner.exe
[2013.05.09 01:13:01 | 000,210,944 | ---- | M] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.09 00:22:40 | 000,022,468 | ---- | M] () -- C:\Users\Leon\Desktop\Notizen.odt
[2013.05.08 23:33:44 | 000,366,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.08 17:49:13 | 000,181,182 | ---- | M] () -- C:\Users\Leon\Desktop\Meine unerträglich schmerzhafte Kindheit.odt
[2013.05.08 16:26:56 | 000,026,121 | ---- | M] () -- C:\Users\Leon\Desktop\Meine Schulzeit im Landstraßer Gymnasium.odt
[2013.05.08 16:21:36 | 000,021,590 | ---- | M] () -- C:\Users\Leon\Desktop\Das musst du unbedingt schreiben.odt
[2013.05.08 14:56:00 | 000,000,990 | ---- | M] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.08 14:54:24 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.08 00:43:39 | 000,654,256 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.08 00:43:39 | 000,618,372 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.08 00:43:39 | 000,129,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.08 00:43:39 | 000,106,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.08 00:13:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.07 22:21:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2013.05.07 22:21:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2013.05.07 22:21:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.07 22:21:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.07 22:21:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.07 22:21:21 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.07 22:21:21 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.07 22:21:21 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.07 22:21:21 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.07 22:21:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.07 22:21:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.07 22:21:21 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.07 22:21:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.07 22:21:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.07 22:21:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.07 22:21:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.07 22:21:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.07 22:21:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.07 22:21:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.07 22:21:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.07 22:21:21 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.07 22:21:20 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.07 22:21:20 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.07 22:21:20 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.07 22:21:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.07 22:21:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.05.07 22:21:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013.05.07 22:21:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.07 22:21:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.07 22:21:20 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.07 22:21:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013.05.07 22:21:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.07 22:21:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.07 22:21:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.07 22:21:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013.05.07 22:21:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.07 22:21:19 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.07 22:21:19 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.07 22:21:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.07 22:21:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.05 21:55:14 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.05.02 14:21:30 | 005,113,454 | ---- | M] () -- C:\Users\Leon\Desktop\James Arthur - Impossible - Official Single.mp3
[2013.04.24 19:51:36 | 005,420,880 | ---- | M] () -- C:\Users\Leon\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3
[2013.04.22 01:11:59 | 000,004,673 | -HS- | M] () -- C:\Users\Leon\Desktop\Folder.jpg
[2013.04.22 01:11:59 | 000,001,526 | -HS- | M] () -- C:\Users\Leon\Desktop\AlbumArtSmall.jpg
[4 C:\Users\Leon\Desktop\*.tmp files -> C:\Users\Leon\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.09 17:34:30 | 000,628,743 | ---- | C] () -- C:\Users\Leon\Desktop\adwcleaner.exe
[2013.05.08 17:49:11 | 000,181,182 | ---- | C] () -- C:\Users\Leon\Desktop\Meine unerträglich schmerzhafte Kindheit.odt
[2013.05.08 16:26:54 | 000,026,121 | ---- | C] () -- C:\Users\Leon\Desktop\Meine Schulzeit im Landstraßer Gymnasium.odt
[2013.05.08 16:26:20 | 000,022,468 | ---- | C] () -- C:\Users\Leon\Desktop\Notizen.odt
[2013.05.08 16:21:23 | 000,021,590 | ---- | C] () -- C:\Users\Leon\Desktop\Das musst du unbedingt schreiben.odt
[2013.05.08 14:56:00 | 000,000,990 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.08 14:54:24 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.08 01:06:55 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.05.08 00:25:01 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013.05.08 00:24:28 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013.05.08 00:23:08 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.05.08 00:21:29 | 000,001,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.05.08 00:13:03 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.05.08 00:12:32 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.05.07 22:27:42 | 000,000,911 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.07 22:21:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.05 21:55:14 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.05 15:53:25 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.03 23:10:24 | 000,002,097 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.05.03 22:59:23 | 005,113,454 | ---- | C] () -- C:\Users\Leon\Desktop\James Arthur - Impossible - Official Single.mp3
[2013.05.03 22:59:20 | 005,420,880 | ---- | C] () -- C:\Users\Leon\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3
[2012.12.07 10:48:58 | 000,212,600 | ---- | C] () -- C:\Windows\System32\SBuySupplies.exe
[2012.08.05 16:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.06.12 14:52:56 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssi1mlm.dll
[2012.05.23 16:57:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.05.23 16:56:05 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2011.12.24 03:45:22 | 000,001,386 | -HS- | C] () -- C:\Users\Leon\AppData\Roaming\systemFP.$dk
[2010.12.16 02:34:34 | 000,010,109 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\UserTile.png
[2010.05.18 16:17:16 | 000,004,832 | -H-- | C] () -- C:\Users\Leon\mxfilerelatedcache.mxc2
[2009.04.18 14:40:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.26 22:06:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.30 15:20:39 | 000,000,680 | ---- | C] () -- C:\Users\Leon\AppData\Local\d3d9caps.dat
[2008.04.14 20:39:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.11.30 17:22:38 | 000,210,944 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Verlauf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\MAGIX_MusicMakerHipHopEdition2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Graboid:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Freecorder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\FFOutput:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Ableton:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Desktop\Sonstiges:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Leon\Desktop\James Arthur - Impossible - Official Single.mp3:Roxio EMC Stream
@Alternate Data Stream - 16 bytes -> C:\Users\Leon\Downloads:Shareaza.GUID

< End of report >
         
Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 09.05.2013 19:17:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203,24 Gb Total Space | 134,90 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 5,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
Drive L: | 19,53 Gb Total Space | 19,43 Gb Free Space | 99,50% Space Free | Partition Type: NTFS
Drive X: | 232,83 Gb Total Space | 224,81 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 
"FirewallDisableNotify" = 
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A1D2E3-0159-4CA5-8F01-633E85258024}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{0CCB58F7-8780-4ABC-8CA3-51BC6C9909D7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0E34F2F7-A9D7-4496-B080-243C66B0A34C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 | 
"{1143C70C-32C4-4686-990C-28265803D04D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{1C77DB37-25DB-4433-A109-60A1FD73E4C7}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 | 
"{1DB343EA-DAC9-4573-8465-5B201272F25A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{28CF3485-3472-4F0D-A163-B76830F78CEF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2C57CB5F-A7C5-4598-8F82-FFD72DF5D6D3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32C95C2C-6867-46BA-BE3F-471393668ED8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39290B55-2B22-454D-B7AE-B712F10E6752}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4EF8AF75-511A-4C78-8CFA-00CFE405B5C5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{51E3BED8-1548-46D7-A040-3657C0B67CC3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{531C4239-7E50-4BC6-9EEB-70172F089236}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{55517118-9DB8-476D-810C-ABF4AD5103C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5CEBC998-F776-48B0-B7D9-617BEB55E1D1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6AAF62EC-F018-435F-9CA1-7C1BE7D10F6C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{882F8D9F-0802-4F14-BFF1-F1284D6FA278}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8CA0A776-7FC8-497E-8BA2-BCEA9C5CDC19}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{8DCB0F69-5B96-45B7-AEBF-EFF5784427A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E465578-0C12-4610-BF95-219683C5FEB0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9774CF22-74EA-44D0-96F1-A6F955A219F8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{987700EE-5D8B-4ECB-A593-B596959024DB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9C55020D-2141-4362-B1CD-91623BE7AB5F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9D923621-986D-41FB-BA88-A20FC98DE40A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A99D296B-BCE1-4650-ADE7-11F2DBC07F41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9B3E516-811F-47EE-B1E7-0D9D2C23709B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BE193786-6FA4-4EFB-ACB0-FAFDCA0F842E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BE27BFA6-6CBF-4BF7-B414-CB85BB5C6D07}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C0140C34-EC8D-4566-AD6A-491E7711CBA4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C0C25E83-4DC1-497B-AB14-CBE2FED124F0}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 | 
"{CFE3C26C-52EC-44FF-AA18-476CAFFEC25C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{D6EC9CF8-36CE-4F20-98F4-88065D2589D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DE52FE5D-7637-4936-A409-CBA456F741B1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E69F85B7-22C1-4ACB-B8A7-413273958340}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8C5584B-6CA7-43B2-AA86-1B1221DAB5BC}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{EE5150DC-C5C6-406E-B99F-7FF07C7EF0AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0454519F-864A-4390-AF79-6FB5A6ADA143}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0508FBE2-83E5-403A-8D21-C8EF3808EA8A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{06681DF5-8B77-4160-B459-EE1EB7FCA0C9}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{07BC6564-701B-47F5-8184-DE0D653EB0BA}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{0E4BCCFE-8EFB-4308-8FFB-D5C5A1A0B024}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{124AE3A9-C596-4BED-835A-F6F69CB2478F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1808CB43-D1B8-4684-914A-CB68794AFCAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2483BF85-D44E-4370-8BDD-4F25EEC9EDFC}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{2B69AD29-035B-405F-A52F-402C7B6A2E2C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{31D6D603-4BF3-4903-91D2-254BAEA5E444}" = protocol=17 | dir=in | app=c:\program files\applian technologies\freecorder 8 applications\torrent\aria2c.exe | 
"{38D45935-B903-43A8-A213-F44FBBD10B38}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{3D77BBF7-3DC2-4728-BF5D-F306D784D418}" = protocol=6 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{4D262792-FE96-4CFA-A9C5-96A2DD6D2CFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E479BCC-DB2C-45B4-9F52-2EA89EB6DDC8}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{4FD6B4DA-D391-466C-A517-C4B4794D3772}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{54F0BAAF-76F6-4C3E-B5AB-B627C7143825}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{5C7BE2D4-3EA9-48C0-9EB6-19E67ECB2B16}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5D08F6F8-EC54-4A8B-891E-B43D79F32F37}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{657DEB62-F8E2-4793-9B72-95E48E39532C}" = protocol=6 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe | 
"{68E92467-51CF-4718-8B13-F45004D4B552}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CE67265-A60C-4B53-99F1-2F046ED1A03B}" = protocol=6 | dir=out | app=system | 
"{75114C5A-67C2-412C-897D-6153BF77C506}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{778CB886-5749-4AF9-8579-DDCD9D9DF3FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7E520238-8498-4856-A7F5-32A55DFA12CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F01B42C-DE38-4CAA-853A-3C74F19C3982}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{83B12CB6-1EB5-4BC3-BA96-00A8DC0D3742}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{84E27C76-8CF4-4F85-8E03-5421FC375CAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8BFD8868-13FF-4217-8592-5821B167416E}" = protocol=17 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{8D4DA714-5D07-4ACA-86D5-60CC48374C86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98B99113-C1F5-4691-816D-78570EC7CCDA}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{9F1CE2EC-CC03-4BE5-9A5E-C253A8249521}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{A826C3F6-3459-4EB9-8574-FCE6A3E3434E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B069D83A-DDB3-4AEC-8917-2D9B8AE7AE4F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B2FF9C33-05C5-4C7C-9227-B82D6B3085A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{B4FD5CAD-D4A1-4DB7-A40B-B4C92DF66136}" = protocol=6 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe | 
"{B60A28E8-2F6D-4812-9225-29C650E18E8B}" = protocol=17 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe | 
"{B8C8FA32-9C38-448B-BA24-BE64352ADF7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4A52F1D-15E7-4DB7-AD71-F8F66AA9B209}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{C564684C-8D2E-4FBB-9D18-E063A607FE9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE1E58D3-A529-4FEF-A428-5D0BF50CA839}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D9488C6B-69A0-4123-87A5-EF8740BF98E5}" = protocol=17 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe | 
"{DCD5CD4A-EA64-45EB-9ABE-FDCEED5719D9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E2EE13C5-DCE5-4BF6-B64C-30B921110D25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E825FDCA-6CF5-4EE8-8622-203B823F3536}" = protocol=17 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{EDF08E66-44F7-40AE-8C41-77EB903846DD}" = protocol=6 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe | 
"{EFCBDB5F-8166-4A59-91B8-684DFC6833DC}" = protocol=6 | dir=in | app=c:\program files\applian technologies\freecorder 8 applications\torrent\aria2c.exe | 
"{F11BF259-5F06-45D4-BF64-4076CE3631F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F25A542B-85B1-4816-82B7-D5E18AB9A014}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F86E9487-AFE3-446D-96DD-C71AACE91D2A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8DB1802-B1B4-4F50-AEFF-853FE4A9175A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{129DBC68-088A-4ED1-9800-99CC39AA0318}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"TCP Query User{3ED03619-7B94-46D4-8F3D-B4C1623D9C04}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{47AC62DA-E5F1-4B29-942C-DE3823AA64D7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{5420C13F-06E4-4A13-955F-CBBC225E5589}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{5E19D479-52F0-4F5D-9D8C-DDDD8A659DE7}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | 
"TCP Query User{84176260-E43A-4617-B9BA-59009EFB3C72}C:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe | 
"TCP Query User{A6DDE160-E1E8-4ADA-8773-B79D84A5CFCE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{AF22FBB3-9F78-47B1-BAA1-45DE2B0FF71F}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe | 
"TCP Query User{D5BD4524-5575-4ED8-9171-EC5946EE9DB8}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"TCP Query User{DC5FEF27-AC9B-4730-8FC7-FEA479B8752B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{DCE76A23-9203-4A9F-9188-007BDB789700}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"TCP Query User{DCEF8876-9521-4F1F-A86B-8E200E574048}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{E0F91657-94A0-48FB-B848-B9633FE0E3B6}C:\users\leon\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\leon\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{E37F5762-13B7-4903-9126-31204A5F2F83}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"UDP Query User{0B490985-432D-41AC-8666-F5771D4D43CE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{109F2FF9-38D7-4714-A211-0D8082442A7A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{17266048-43FA-4F7C-815A-5A7E8665E90C}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{180864EB-FE74-47F0-8D56-6FD1D713F1DA}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"UDP Query User{1D74F922-9932-46A0-AF53-98D2877E9608}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe | 
"UDP Query User{336D5DFD-38B8-4EC7-B8FE-8F68AB398048}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"UDP Query User{362E9BF4-5AB4-47BD-8A48-D869A0E3A97C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4F84D25C-5419-40ED-A15A-0733CD83C50E}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe | 
"UDP Query User{4FF88C37-C752-4AB3-99D8-550E85749A7D}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{5F74732E-2F9C-4691-AB88-4776EF9C9883}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{6E254C99-9D1A-469E-8866-3B443E940318}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{774B9551-9078-4350-8AAF-CECD4FC1B460}C:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe | 
"UDP Query User{AA36A05C-9AB0-4D89-A9F8-0BFC4E19356C}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe | 
"UDP Query User{BD5992C3-C80C-4146-A260-A28E362DDEB3}C:\users\leon\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\leon\appdata\local\google\chrome\application\chrome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0339996A-1CC7-4FCD-8BE6-A32076E70272}" = Application Suite
"{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10149D2B-5A65-9DF4-662A-B532FEEC222C}" = Catalyst Control Center Graphics Light
"{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese
"{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German
"{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese
"{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian
"{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38DFDA1A-2392-2DA1-92EB-54FB66DC24C4}" = Catalyst Control Center Graphics Previews Vista
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French
"{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D36E01C-EEC6-F7C2-CBB9-AF00329B8009}" = ATI Catalyst Install Manager
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese
"{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{848C0C17-7C57-709A-FDC4-F257D4469BAA}" = ccc-utility
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9529A038-D507-3B3F-ED6F-B0AB773153FE}" = ccc-core-static
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1B504F-25BD-325C-0C2A-FEF791F59FE3}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A3B99A45-2811-FA47-3055-3D247C4E2897}" = Catalyst Control Center Graphics Previews Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian
"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
"{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish
"{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7E639B-0DAC-4587-A6BD-99B7D20E81B2}" = Snap.Do
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8DA1B1C-B987-9FD4-E4ED-DDA05DCE5E44}" = Catalyst Control Center Graphics Full Existing
"{EDEAA07C-654C-FB13-2F47-A4BDC41D77D0}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DDE283-47CF-30FC-F6C6-258FA404F784}" = Catalyst Control Center Graphics Full New
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"aonUpdate" = aonUpdate
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"FormatFactory" = FormatFactory 2.70
"Freecorder 8 Applications" = Freecorder 8 Applications (8.0.0.87)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InfraRecorder" = InfraRecorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Samsung ML-331x Series" = Samsung ML-331x Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2013 07:52:05 | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatch9.exe, Version 9.0.1.64, Zeitstempel
 0x454e37bb, fehlerhaftes Modul CPSCommonTools9.dll, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d,  Prozess-ID 0x1254,
 Anwendungsstartzeit 01ce4cab9e3eeb04.
 
Error - 09.05.2013 07:52:12 | Computer Name = DELL-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 09.05.2013 08:48:06 | Computer Name = DELL-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/09 14:48:06.380]: [00002688]: SendSKeySettingToDevice::
 Snmp Load Error[0] To[10.0.0.74]  
 
Error - 09.05.2013 09:48:34 | Computer Name = DELL-PC | Source = VSS | ID = 8194
Description = 
 
Error - 09.05.2013 09:55:48 | Computer Name = DELL-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
 
Error - 09.05.2013 09:55:54 | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 12.0.6668.5000, Zeitstempel
 0x5083137f, fehlerhaftes Modul ssi1mdu.dll, Version 6.4.34.0, Zeitstempel 0x508ffdce,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000a988,  Prozess-ID 0x1e4, Anwendungsstartzeit
 01ce4cbce534a657.
 
Error - 09.05.2013 10:43:11 | Computer Name = DELL-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.05.2013 12:52:35 | Computer Name = DELL-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.05.2013 12:52:35 | Computer Name = DELL-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5102
 
Error - 09.05.2013 12:52:35 | Computer Name = DELL-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5102
 
[ Media Center Events ]
Error - 07.01.2008 04:11:11 | Computer Name = DELL | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 10.06.2008 04:38:43 | Computer Name = DELL-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 07.05.2013 21:11:56 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2013 21:12:11 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2013 21:15:07 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2013 21:15:20 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2013 21:23:28 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 175
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2013 21:23:39 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2013 21:24:58 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2013 08:09:36 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2013 08:10:10 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2013 08:54:31 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.05.2013 07:59:58 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.05.2013 08:03:57 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 09.05.2013 08:21:24 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.05.2013 09:02:23 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 09.05.2013 10:47:08 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.05.2013 11:40:14 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.05.2013 11:40:14 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 09.05.2013 11:53:43 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.05.2013 11:53:43 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.05.2013 11:53:43 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Geändert von nometa (09.05.2013 um 18:30 Uhr)

Alt 09.05.2013, 19:57   #20
t'john
/// Helfer-Team
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



Ist snap.do noch da?


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


__________________
Mfg, t'john
Das TB unterstützen

Alt 09.05.2013, 22:29   #21
nometa
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Leon on 09.05.2013 at 22:45:18,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Leon\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Leon\appdata\local\discount buddy"
Successfully deleted: [Folder] "C:\Program Files\freecorder extension"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 22:46:30,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
JRT.txt - die zweite:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Leon on 09.05.2013 at 23:00:14,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 23:01:32,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Beim ersten Durchgang wurden mehrere Warnungen angezeigt, und danach war Snap.do nach wie vor da und undeinstallierbar. Dann, weil ich unsicher war, ob ich die Anwendung JRT.exe per "Als Administrator ausführen" gestartet hatte, machte ich es noch einmal - und danach konnte ich plötzlich Snap.do deinstallieren!

Vielen Dank dafür, der Rechner ist jetzt ungefähr wieder so schnell, wie er war. Das einzige Problem, das geblieben ist: Schicke ich ihn in den Energiespar-Modus oder in den Ruhestand, fährt er gleich wieder hoch. Weißt Du vielleicht, woran das liegen könnte?

Geändert von nometa (09.05.2013 um 23:10 Uhr)

Alt 10.05.2013, 19:08   #22
t'john
/// Helfer-Team
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



Dazu habe ich keine Idee, aber frage bitte hier mal nach: http://www.trojaner-board.de/alles-rund-um-windows/

Da koennen mehr Leute antworten.
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.05.2013, 15:03   #23
nometa
 
Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Standard

Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.



Mach' ich! See you!

Antwort

Themen zu Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.
32 bit, bho, bildschirm, bonjour, broken.opencommand, computern, converter, desktop, firefox, flash player, hotspot, install.exe, limewire, malware.trace, object, plagegeister aller art und deren bekämpfung, plug-in, pup.smspay.pns, realtek, safer networking, sekunden, smartbar, software, svchost.exe, trojan.fakealert, trojaner, weißer bildschirm, win32/adware.ibryte.g, windows, windows vista, wma/trojandownloader.getcodec.gen




Ähnliche Themen: Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.


  1. WinXP - Weißer Bildschirm nach Anmeldung bei einem User - Abgesicherter Modus funktioniert - FRST32 bricht ab
    Log-Analyse und Auswertung - 22.01.2014 (9)
  2. Weisser Bildschirm beim Start Windows Vista- Abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 27.10.2013 (28)
  3. GVU-Trojaner (Vista + Abgesicherter Modus fährt nach Start wieder herunter)
    Log-Analyse und Auswertung - 14.08.2013 (15)
  4. Windows Vista weißer Bildschirm nach Windows Start
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (17)
  5. Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (7)
  6. Windows 7 Weißer Bildschirm... Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (9)
  7. Windows Vista wei-er Bildschirm und abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (17)
  8. OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7
    Log-Analyse und Auswertung - 09.07.2013 (25)
  9. Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (19)
  10. 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!
    Mülltonne - 04.05.2013 (1)
  11. Polizeitrojaner, Weißer Bildschirm, Kein Abgesicherter Modus, Windows 7
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (13)
  12. VISTA,weißer Bildschirm, kein abgesicherter Modus :-(
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  13. Weißer Bildschirm nach Windows Start (Vista)
    Log-Analyse und Auswertung - 14.01.2013 (7)
  14. Windows Vista Weisser Bildschirm bei start + abgesicherter modus geht nicht
    Log-Analyse und Auswertung - 28.10.2012 (1)
  15. Weißer Bildschirm nach Start - es geht gar nichts mehr!
    Plagegeister aller Art und deren Bekämpfung - 09.03.2012 (7)
  16. Nach Start weißer Bildschirm und folgender Text . . .
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (91)
  17. Bundestrojaner - abgesicherter Modus in Vista - wie geht's mit / nach Malwarebytes weiter?
    Log-Analyse und Auswertung - 29.12.2011 (1)

Zum Thema Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. - Danke. wir wuenschen eine virenfreie Zeit - Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht....
Archiv
Du betrachtest: Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.