Smart HDD Trojaner

BastiBob · 17.04.2012, 22:36

Guten Abend,

seit gut einer Stunde hab ich Probleme mit dem Smart HDD Trojaner.
Es öffneten sich eine Reihe von Fenstern mit Fehlermeldungen "Wirte Fault Error" und das "Programm" Smart HDD öffnete sich.

Anfangs dachte ich meine Festplatte wäre tatsächlich abgeschmiert, bis ich dann nach dem Programm googlete, da ich das nie installiert habe. Daraufhin hab ich dann mitbekommen dass es sich um einen Trojaner handelt.

Anders als hier oft beschrieben ist mein Desktop nicht schwarz. Es ist das normale Wallpaper zu sehen, allerdings sind sämtliche Ordner halb durchsichtig angezeigt und einige Programme bzw. Spiele fehlen auch. Wenn ich jedoch eines dieser "durchsichtigen Bilder" anklicke, öffnet es sich ganz normal.

Ich kenn mich jetzt nicht wirklich mit der Thematik aus.
Auf meinem System läuft Windows 7 in der 64bit-Version. Als Virenprogramm hab ich Avira Free Antivirs installiert, wobei das letzte Update am 17.04.2012 stattfand.

Mehr kann ich jetzt leider dazu nicht sagen. Ich weiß auch nicht ob ich den PC ausschalten soll oder ihn lieber laufen lassen sollte? Nachher startet er womöglich gar nichtmehr?

Deswegen befolge ich die Anleitung lieber erstmal nicht, da da gleich im ersten Schritt ein Neustart zu machen ist.

Wenn ich falsch liegt dann berichtigt mich bitte.
Ich hoffe ihr könnt mir helfen. :s

Danke und viele Grüße,
Sebastian.

EDIT: Jetzt ist auf dem Desktop nur noch der papierkorb und das Steam-Icon zu sehen.

DDS:
.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Basti at 23:45:35 on 2012-04-17
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.6133.3364 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Basti\Documents\Downloads\wlsetup-web.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wuauclt.exe
C:\ProgramData\yiSNUTyakcfEQv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\ProgramData\4WuYiK8t8K86MF.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TheBflix Class: {dc53c427-ba7f-4bb8-bbb9-a23bd544c921} - C:\ProgramData\TheBflix\bhoclass.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {C3CD744D-2FAE-4640-8297-16B5DA423104} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [<NO NAME>] 
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [4Y3Y0C3A1W9V3D1IICSYKKHH] C:\ftpuser\0EBD69550D8.exe /q
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [NvCplDaemonTool] rundll32.exe _IWMPEvents
uRun: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN17L334JG05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [yiSNUTyakcfEQv.exe] C:\ProgramData\yiSNUTyakcfEQv.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [RoccatIsku] "C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Basti\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\scandisk.lnk - C:\Windows\system32\rundll32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{09BE2A68-76BC-4FC6-BACF-669D5151985D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{85F209B8-D01B-4166-BA03-E52214C66812} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DC53C427-BA7F-4BB8-BBB9-A23BD544C921}
{98889811-442D-49dd-99D7-DC866BE87DBC}
{95B7759C-8C7F-4BF1-B163-73684A933233}
TB-X64: {C3CD744D-2FAE-4640-8297-16B5DA423104} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Standard)] 
mRun-x64: [RoccatIsku] "C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - prefs.js: network.proxy.ftp - 201.48.230.33
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 201.48.230.33
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 201.48.230.33
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 201.48.230.33
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Basti\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e805bf55000000000000002421213c59
FF - user.js: extensions.BabylonToolbar_i.hardId - e805bf55000000000000002421213c59
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15398
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:58:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-23 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-23 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-7 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-13 918880]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca0b974370d567;Google Update Service (gupdate1ca0b974370d567);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-23 133104]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-11-4 130976]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-23 133104]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys --> C:\Windows\system32\DRIVERS\wg111v3.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-10-28 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-17 20:31:58	222208	---ha-w-	C:\ProgramData\4WuYiK8t8K86MF.exe
2012-04-17 20:26:32	301568	---ha-w-	C:\ProgramData\yiSNUTyakcfEQv.exe
2012-04-17 14:21:06	8669240	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{798DABF5-E163-4EF2-AF1F-9C14494F9824}\mpengine.dll
2012-04-14 22:25:17	--------	d--h--w-	C:\Users\Basti\AppData\Roaming\.minecraft
2012-04-12 01:01:18	--------	d-----w-	C:\e9c2918cfe896312de7a
2012-04-11 16:40:28	592824	----a-w-	C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-11 16:40:28	44472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M  ====================
.
2012-04-06 11:22:43	283304	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-06 11:22:43	283304	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2012-04-06 11:18:41	280904	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-01 21:55:17	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-14 16:49:43	327680	----a-w-	C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43	196096	----a-w-	C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30	219648	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30	160768	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31	2002944	----a-w-	C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08	1172480	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48	834048	----a-w-	C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11	1555968	----a-w-	C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57	683008	----a-w-	C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40	1068544	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25	2765824	----a-w-	C:\Windows\System32\win32k.sys
2012-01-20 18:44:26	76888	----a-w-	C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 23:46:03,23 ===============[/QUOTE].

--- --- ---

Chris4You · 18.04.2012, 07:21

Hi,

Dein Problem liegt hier:

Code:

ATTFilter

C:\ProgramData\4WuYiK8t8K86MF.exe
und hier
C:\ProgramData\yiSNUTyakcfEQv.exe

Bitte poste noch ein OTL Log... (ich kann die zwar "weghauen", aber ich muss noch sehen ob sie sonst wo "referenziert" werden)...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

BastiBob · 18.04.2012, 10:50

Vielen Dank für die Hilfe!

OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 18.04.2012 11:43:20 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\Basti\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,89 Gb Available Physical Memory | 64,93% Memory free
12,18 Gb Paging File | 8,70 Gb Available in Paging File | 71,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 603,18 Gb Free Space | 64,75% Space Free | Partition Type: NTFS
Drive D: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Basti\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\4WuYiK8t8K86MF.exe ()
PRC - C:\ProgramData\yiSNUTyakcfEQv.exe ()
PRC - C:\Users\Basti\Documents\Downloads\wlsetup-web.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\4WuYiK8t8K86MF.exe ()
MOD - C:\ProgramData\yiSNUTyakcfEQv.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()
MOD - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ROCCAT\Isku Keyboard\hiddriver.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\wg111v3.sys (NETGEAR Inc.                           )
DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={E6BBCE57-FB0A-4CA2-A217-BFF0D7E08D71}&mid=b654e22d545a47d185c0d16d67c5d5a9-20a487fa3ec4e580f544486c5f243e1fb95acfe4&lang=en&ds=ins14&pr=sa&d=2012-02-28 21:04:21&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C3CD744D-2FAE-4640-8297-16B5DA423104}: "URL" = hxxp://search.littlefighter2-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: support@littlefighter2-toolbar.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "201.48.230.33"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "201.48.230.33"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "201.48.230.33"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "201.48.230.33"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Basti\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.26 16:34:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.02 01:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.02 01:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012.03.13 21:29:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.11 18:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.12 20:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.26 16:34:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\5064 [2011.12.22 16:22:40 | 000,000,000 | -H-D | M]
 
[2009.06.27 20:41:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2012.04.09 18:04:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions
[2012.03.28 19:36:10 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.16 17:15:22 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.25 21:52:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.01 23:51:23 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.06.04 16:39:56 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.06.05 11:33:46 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\engine@conduit.com
[2012.02.28 21:58:43 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\ffxtlbr@babylon.com
[2012.03.18 12:14:25 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\foxyproxy@eric.h.jung
[2012.04.09 18:04:32 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\foxyproxy-basic@eric.h.jung
[2012.02.28 21:58:43 | 000,000,000 | -H-D | M] (TheBflix) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\x4qburnz.default\extensions\info@bflix.info
[2010.07.26 05:45:18 | 000,000,881 | -H-- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\searchplugins\conduit.xml
[2012.04.12 00:44:58 | 000,000,950 | -H-- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\searchplugins\icqplugin-1.xml
[2011.06.04 16:40:38 | 000,000,950 | -H-- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\searchplugins\icqplugin-2.xml
[2011.12.25 17:34:00 | 000,000,950 | -H-- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\searchplugins\icqplugin-3.xml
[2012.02.21 13:31:25 | 000,000,950 | -H-- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\searchplugins\icqplugin-4.xml
[2011.05.13 22:14:02 | 000,001,069 | -H-- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\x4qburnz.default\searchplugins\icqplugin.xml
[2012.04.11 18:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.11 18:40:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.01 23:55:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.01 23:51:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 21:28:43 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.03.01 23:51:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.01 23:51:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.01 23:51:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.01 23:51:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.01 23:51:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={E6BBCE57-FB0A-4CA2-A217-BFF0D7E08D71}&mid=b654e22d545a47d185c0d16d67c5d5a9-20a487fa3ec4e580f544486c5f243e1fb95acfe4&lang=en&ds=ins14&pr=sa&d=2012-02-28 21:04:21&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: TheBflix = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg\5.0_0\
CHR - Extension: DivX HiQ = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TheBflix Class) - {DC53C427-BA7F-4BB8-BBB9-A23BD544C921} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RoccatIsku] C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [4Y3Y0C3A1W9V3D1IICSYKKHH] C:\ftpuser\0EBD69550D8.exe /q File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [NvCplDaemonTool] rundll32.exe _IWMPEvents File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [yiSNUTyakcfEQv.exe] C:\ProgramData\yiSNUTyakcfEQv.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE2A68-76BC-4FC6-BACF-669D5151985D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85F209B8-D01B-4166-BA03-E52214C66812}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d4fc979-547f-11df-8107-002421213c5a}\Shell\AutoRun\command - "" = I:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.17 22:32:03 | 000,000,000 | -H-D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.15 00:25:17 | 000,000,000 | -H-D | C] -- C:\Users\Basti\AppData\Roaming\.minecraft
[2012.04.13 03:20:03 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Documents\Meine empfangenen Dateien
[2012.04.12 03:01:18 | 000,000,000 | ---D | C] -- C:\e9c2918cfe896312de7a
[2012.04.03 22:36:10 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Desktop\9Gag
[2012.04.03 17:11:13 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Desktop\Neuer Ordner (3)
[2012.03.25 12:06:53 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Desktop\Neuer Ordner (2)
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Basti\AppData\Roaming\*.tmp files -> C:\Users\Basti\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.18 11:34:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.18 11:34:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.18 11:34:03 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.04.18 11:34:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.04.18 11:33:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.17 23:39:24 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2012.04.17 22:50:00 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.17 22:49:59 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.17 22:49:59 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.17 22:49:59 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.17 22:49:59 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.17 22:39:02 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 22:39:02 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.17 22:34:02 | 000,000,256 | -H-- | M] () -- C:\ProgramData\4WuYiK8t8K86MF
[2012.04.17 22:32:03 | 000,000,599 | -H-- | M] () -- C:\Users\Basti\Desktop\SMART_HDD.lnk
[2012.04.17 22:32:03 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-4WuYiK8t8K86MFr
[2012.04.17 22:32:03 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-4WuYiK8t8K86MF
[2012.04.17 22:31:59 | 000,222,208 | -H-- | M] () -- C:\ProgramData\4WuYiK8t8K86MF.exe
[2012.04.17 22:24:28 | 000,301,568 | -H-- | M] () -- C:\ProgramData\yiSNUTyakcfEQv.exe
[2012.04.17 17:10:15 | 000,028,672 | -H-- | M] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.17 16:17:57 | 000,231,148 | -H-- | M] () -- C:\Users\Basti\Desktop\refrgth.jpg
[2012.04.17 15:37:42 | 000,256,674 | -H-- | M] () -- C:\Users\Basti\Desktop\t5rzju.jpg
[2012.04.17 15:05:44 | 000,441,858 | -H-- | M] () -- C:\Users\Basti\Desktop\wefrgth.jpg
[2012.04.16 22:26:09 | 000,256,228 | -H-- | M] () -- C:\Users\Basti\Desktop\rghtz.jpg
[2012.04.16 21:43:02 | 000,273,934 | -H-- | M] () -- C:\Users\Basti\Desktop\fertfg.jpg
[2012.04.16 21:40:27 | 000,268,921 | -H-- | M] () -- C:\Users\Basti\Desktop\e2qr3ewt4rgzh.jpg
[2012.04.16 21:25:50 | 000,308,913 | -H-- | M] () -- C:\Users\Basti\Desktop\rw4tghz.jpg
[2012.04.16 20:31:06 | 000,256,555 | -H-- | M] () -- C:\Users\Basti\Desktop\gtnhgr.jpg
[2012.04.16 19:21:37 | 000,020,923 | -H-- | M] () -- C:\Users\Basti\Desktop\car_photo_513865_7.jpg
[2012.04.16 19:11:28 | 000,109,757 | -H-- | M] () -- C:\Users\Basti\Desktop\403055_142133165900514_100003114950599_187532_23190736_n.jpg
[2012.04.16 18:31:00 | 000,035,650 | -H-- | M] () -- C:\Users\Basti\Desktop\yooo.jpeg
[2012.04.15 20:16:22 | 000,014,146 | -H-- | M] () -- C:\Users\Basti\Desktop\meine kleine.jpg
[2012.04.15 20:08:42 | 000,023,061 | -H-- | M] () -- C:\Users\Basti\Desktop\sht xDDDDDD.jpg
[2012.04.15 19:46:00 | 000,075,480 | -H-- | M] () -- C:\Users\Basti\Desktop\türkei x3.jpg
[2012.04.15 19:44:33 | 000,781,367 | -H-- | M] () -- C:\Users\Basti\Desktop\DSC_0576.JPG
[2012.04.13 00:51:05 | 000,359,474 | -H-- | M] () -- C:\Users\Basti\Desktop\edwfrgftb.jpg
[2012.04.12 23:49:26 | 000,212,516 | -H-- | M] () -- C:\Users\Basti\Desktop\vbhfg.jpg
[2012.04.12 23:42:46 | 000,014,250 | -H-- | M] () -- C:\Users\Basti\Desktop\y1mii2caVglYO2KrIbPEv72qDo7U4IW104FFnjUsMwsSfe-70u9-Sd8Y0tjVqFtfCJNGXnsmhpwpQQO1_uXEziaEg.png
[2012.04.12 23:38:54 | 000,124,661 | -H-- | M] () -- C:\Users\Basti\Desktop\3820419_460s.jpg
[2012.04.12 22:36:19 | 000,011,928 | -H-- | M] () -- C:\Users\Basti\Desktop\392626_338411762854374_100000566604008_1291973_5712850_n.jpg
[2012.04.12 14:58:11 | 2137,120,767 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.11 20:44:12 | 000,289,575 | -H-- | M] () -- C:\Users\Basti\Desktop\fdervvs.jpg
[2012.04.10 04:59:52 | 000,274,590 | -H-- | M] () -- C:\Users\Basti\Desktop\dwefgrt.jpg
[2012.04.10 04:18:11 | 000,262,540 | -H-- | M] () -- C:\Users\Basti\Desktop\grrbthzjn.jpg
[2012.04.08 00:16:34 | 000,001,926 | -H-- | M] () -- C:\Windows\tasks\hpwebreg_CN17L334JG05MQ.job
[2012.04.06 13:22:43 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.04.06 13:22:43 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.06 13:18:41 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.04.04 13:17:45 | 000,138,212 | -H-- | M] () -- C:\Users\Basti\Desktop\3706393_460s.jpg
[2012.04.03 22:38:06 | 000,012,927 | -H-- | M] () -- C:\Users\Basti\.recently-used.xbel
[2012.04.03 19:17:37 | 000,795,540 | -H-- | M] () -- C:\Users\Basti\Desktop\12NewYork.jpg
[2012.04.03 19:09:00 | 000,037,296 | -H-- | M] () -- C:\Users\Basti\Desktop\Nutellaa.jpg
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Basti\AppData\Roaming\*.tmp files -> C:\Users\Basti\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.17 23:39:24 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2012.04.17 22:32:03 | 000,000,599 | -H-- | C] () -- C:\Users\Basti\Desktop\SMART_HDD.lnk
[2012.04.17 22:32:03 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-4WuYiK8t8K86MFr
[2012.04.17 22:32:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-4WuYiK8t8K86MF
[2012.04.17 22:31:59 | 000,000,256 | -H-- | C] () -- C:\ProgramData\4WuYiK8t8K86MF
[2012.04.17 22:31:58 | 000,222,208 | -H-- | C] () -- C:\ProgramData\4WuYiK8t8K86MF.exe
[2012.04.17 22:26:32 | 000,301,568 | -H-- | C] () -- C:\ProgramData\yiSNUTyakcfEQv.exe
[2012.04.17 16:17:57 | 000,231,148 | -H-- | C] () -- C:\Users\Basti\Desktop\refrgth.jpg
[2012.04.17 15:37:42 | 000,256,674 | -H-- | C] () -- C:\Users\Basti\Desktop\t5rzju.jpg
[2012.04.17 15:05:44 | 000,441,858 | -H-- | C] () -- C:\Users\Basti\Desktop\wefrgth.jpg
[2012.04.16 22:26:09 | 000,256,228 | -H-- | C] () -- C:\Users\Basti\Desktop\rghtz.jpg
[2012.04.16 21:43:02 | 000,273,934 | -H-- | C] () -- C:\Users\Basti\Desktop\fertfg.jpg
[2012.04.16 21:40:27 | 000,268,921 | -H-- | C] () -- C:\Users\Basti\Desktop\e2qr3ewt4rgzh.jpg
[2012.04.16 21:25:50 | 000,308,913 | -H-- | C] () -- C:\Users\Basti\Desktop\rw4tghz.jpg
[2012.04.16 20:31:06 | 000,256,555 | -H-- | C] () -- C:\Users\Basti\Desktop\gtnhgr.jpg
[2012.04.16 19:21:36 | 000,020,923 | -H-- | C] () -- C:\Users\Basti\Desktop\car_photo_513865_7.jpg
[2012.04.16 19:11:27 | 000,109,757 | -H-- | C] () -- C:\Users\Basti\Desktop\403055_142133165900514_100003114950599_187532_23190736_n.jpg
[2012.04.16 18:30:59 | 000,035,650 | -H-- | C] () -- C:\Users\Basti\Desktop\yooo.jpeg
[2012.04.15 20:16:20 | 000,014,146 | -H-- | C] () -- C:\Users\Basti\Desktop\meine kleine.jpg
[2012.04.15 20:08:39 | 000,023,061 | -H-- | C] () -- C:\Users\Basti\Desktop\sht xDDDDDD.jpg
[2012.04.15 19:45:57 | 000,075,480 | -H-- | C] () -- C:\Users\Basti\Desktop\türkei x3.jpg
[2012.04.15 19:44:52 | 000,781,367 | -H-- | C] () -- C:\Users\Basti\Desktop\DSC_0576.JPG
[2012.04.15 19:44:52 | 000,347,988 | -H-- | C] () -- C:\Users\Basti\Desktop\DSC_0581.JPG
[2012.04.13 00:51:05 | 000,359,474 | -H-- | C] () -- C:\Users\Basti\Desktop\edwfrgftb.jpg
[2012.04.12 23:49:26 | 000,212,516 | -H-- | C] () -- C:\Users\Basti\Desktop\vbhfg.jpg
[2012.04.12 23:42:45 | 000,014,250 | -H-- | C] () -- C:\Users\Basti\Desktop\y1mii2caVglYO2KrIbPEv72qDo7U4IW104FFnjUsMwsSfe-70u9-Sd8Y0tjVqFtfCJNGXnsmhpwpQQO1_uXEziaEg.png
[2012.04.12 23:38:53 | 000,124,661 | -H-- | C] () -- C:\Users\Basti\Desktop\3820419_460s.jpg
[2012.04.12 22:36:18 | 000,011,928 | -H-- | C] () -- C:\Users\Basti\Desktop\392626_338411762854374_100000566604008_1291973_5712850_n.jpg
[2012.04.11 20:44:12 | 000,289,575 | -H-- | C] () -- C:\Users\Basti\Desktop\fdervvs.jpg
[2012.04.10 13:45:02 | 003,327,428 | -H-- | C] () -- C:\Users\Basti\Desktop\DSC_0136.JPG
[2012.04.10 04:59:52 | 000,274,590 | -H-- | C] () -- C:\Users\Basti\Desktop\dwefgrt.jpg
[2012.04.10 04:18:11 | 000,262,540 | -H-- | C] () -- C:\Users\Basti\Desktop\grrbthzjn.jpg
[2012.04.04 13:17:36 | 000,138,212 | -H-- | C] () -- C:\Users\Basti\Desktop\3706393_460s.jpg
[2012.04.03 22:38:06 | 000,012,927 | -H-- | C] () -- C:\Users\Basti\.recently-used.xbel
[2012.04.03 19:17:27 | 000,795,540 | -H-- | C] () -- C:\Users\Basti\Desktop\12NewYork.jpg
[2012.03.30 14:57:38 | 000,186,946 | -H-- | C] () -- C:\Users\Basti\Desktop\img012.jpg
[2011.12.23 00:33:40 | 000,000,023 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\urhtps.dat
[2011.12.10 12:19:42 | 000,001,320 | ---- | C] () -- C:\Windows\cm108.ini
[2011.12.04 11:08:57 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.10.28 13:50:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.10.28 13:49:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.10.28 13:47:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.06 23:50:06 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.06 23:50:03 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.08 20:39:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Pad
[2011.05.08 20:39:29 | 000,000,268 | RH-- | C] () -- C:\Users\Basti\AppData\Roaming\Alerts
[2011.05.08 20:39:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.05.08 20:39:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Mono
[2011.05.08 20:39:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Ambient
[2011.05.08 20:39:28 | 000,000,268 | RH-- | C] () -- C:\Users\Basti\AppData\Roaming\Action Clauses
[2011.05.08 20:39:28 | 000,000,268 | RH-- | C] () -- C:\Users\Basti\AppData\Roaming\Action
[2011.05.08 20:39:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.05.08 20:39:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.09.07 21:51:35 | 000,002,032 | -H-- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat

< End of report >

--- --- ---

--- --- ---OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.04.2012 11:43:24 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\Basti\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,89 Gb Available Physical Memory | 64,93% Memory free
12,18 Gb Paging File | 8,70 Gb Available in Paging File | 71,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 603,18 Gb Free Space | 64,75% Space Free | Partition Type: NTFS
Drive D: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 77 CB 70 60 6F 95 CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B9982-42B3-43AD-B9E8-3B50D913488E}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{09EB4C0D-33FB-4480-B337-719D67BA8395}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{26607975-AC32-44D0-BDB1-5C5549A868FC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{37BD10DD-A8C7-4FD7-94FD-106D308371C3}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{386EEA2D-AF84-4543-8D9E-661B1A233051}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{49F96B41-8B98-4E21-912A-DE4B3622FC4F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4BB52335-0846-4C46-9068-288DCC9352B2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50B4E2A9-58C6-4B1B-90A7-64053AA71A7B}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{5CF1C46E-1AE5-423F-9BB8-F04240514E4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6938CC9A-9030-4188-AC66-276A8D52F27F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{716C195D-1F98-49ED-A0D6-17893800802B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{749499D0-6AF0-44AD-B742-019A8A2943EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77E66A77-0478-4FB4-864C-08CAA4D1CD92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85D1FEB2-302D-48EF-B103-08CFDEC0EC7F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BFE2ADD0-0C6B-442D-B480-C79EA6E21F56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E25D4E25-6C08-4371-B0E6-DD9DAC1F18B5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212811B-8D47-4BF4-AD9A-CBCC534D5F69}" = protocol=6 | dir=in | app=%programfiles% (x86)\microsoft games\age of empires iii\autopatcher2.exe | 
"{09A68BC8-5861-4641-AADA-DBCF333468DD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{0B34890A-543F-4D62-9B2B-4A1A7B3FBC1E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0F306896-0DC3-4194-A769-B9CEAB771816}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{1200AD26-CECB-4E12-823F-496E0EA3A1FC}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\codename panzers cold war\home\game\cpcw.exe | 
"{13E05EA2-2AB8-4CCE-B974-5889187D3025}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{15E1CF54-DBA9-40D5-86A3-9E0B20658E07}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{23A480BC-A5C9-447F-85E4-1D448CC0B51B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2C42A2E5-494C-4944-9882-AF34BCEC3A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{2D6C82C1-25F5-4316-87C4-C79ADD41093D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{2EE771B1-64C1-47F8-BDBC-2DC1977FEA34}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{2EF42F72-4DA5-4A9E-B1CC-7F556693EAC8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{313E0C09-9E8F-4973-973E-A2A5359FE243}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{314359FF-F84A-49C6-B532-0123786C6E16}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{31C500B2-126F-4618-A6E7-FC189EB850F7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4055147E-335C-48CA-B6E8-D64A0828881D}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{4121D527-62C5-44CF-A787-B78E9BFF5492}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\codename panzers cold war\home\game\cpcw.exe | 
"{432229DE-29E8-4B36-8BED-4A0A5CAB732A}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{437086D1-B4F0-4E88-BBD0-BC62DB4602AE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{46873DF0-DD87-4180-9D89-904F6D8567F9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{481AD5E8-2F36-4661-989A-24EE1CA89415}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{4A7A9575-AEF9-4E32-A046-D2C9E1BE14EA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4C14C78A-44C6-4C5C-936D-8E03E4AE971D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4C5F05FC-5959-4824-863E-2750B33B7C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{536D7255-0A38-40DA-BA18-FD3A006EC6A7}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{593F8736-4858-4461-870D-6DE86C56AD19}" = protocol=17 | dir=in | app=%programfiles% (x86)\microsoft games\age of empires iii\autopatcher2.exe | 
"{594624AD-E1DF-4DD7-A31A-27E62A7ED4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5B9F644E-F925-4AF9-B7D6-1B6E69A278FF}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\itsab204\counter-strike\hl.exe | 
"{5C965E69-A9F1-4A4D-B0CA-C09ED9E5766D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{65FF53E2-F50B-452A-815B-06C2E85B23C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{7045B957-9664-41E8-8CFD-877A982725D8}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{72387FBE-29D1-488C-B738-D86B9D84E8CE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{7A06A6E7-048D-4AB4-898A-4B2E408CC4B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7A3F3E96-3747-477B-9F8F-5CF2B998A625}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3-beta\bf3.exe | 
"{7D2D45FD-8A8D-495B-8F07-5FAE5FB6C9B3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{8188C0FA-F754-4586-BBB9-4621322BCF18}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{82A9CA07-6728-4029-B912-66153EDE38D1}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\itsab204\counter-strike\hl.exe | 
"{83F51FD6-BFF1-4B26-B15E-0B0000D418F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{865CB5CB-9A80-49F7-83AC-D4998719380D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{87CB4786-EFB2-4484-BCC5-8D2862D9C7C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{89F7DC71-A330-4139-9BCD-4EA027FFABDD}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{8CFCD632-7A92-4F82-A037-28AC796C5528}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8DBD1BF4-6E75-47C3-B970-1A7EDB6A63F1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8F540594-6C81-4147-8A4C-43C19BDF1DC0}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\itsab204\day of defeat\hl.exe | 
"{90ED316C-54D2-426D-AA28-CAA86B2F706E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{95CB663F-2A63-4B4B-8FBD-2EC44AE06C86}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{9715AA36-884C-482D-B1FF-8676AC56F9B3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{9829A70F-1A5B-4F01-83E3-EB061F6BFAB1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{98DFA6F4-924E-4AF0-AA7A-B5129795C096}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{9E9F9C55-16B5-4317-BC1F-B3B1BB703F67}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{A4D6AE6C-862D-468A-99CE-95E7977212BB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A56112D8-17B5-44C1-8CD9-B37D031D70A3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A75E5052-1714-4118-B646-A22C6DE33D82}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{B33F79B7-5D31-46FF-9CBE-02D5B793C66B}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{B777DE1D-5BE4-4C04-89D4-636401A5B498}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{B9EC2808-0721-4165-A03C-A43EB279237C}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{BDA74336-179B-4AA0-924D-EE3605040D2E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{C27F844C-92AD-4FDD-9956-13A9E7AC4E91}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{C580BD26-0882-49C0-A761-078D3A6345DF}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{C65C3F41-52F1-4613-A7C7-7E37F7DB9E2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C674EBBC-B826-46DF-A3AF-3CC07B3D6677}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\itsab204\counter-strike\hl.exe | 
"{CA68B4C3-DB29-4E07-BBAB-19CC503B886D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{D3F0765C-165E-47BE-84A2-09D6AEAE4A76}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\itsab204\counter-strike\hl.exe | 
"{D76192A0-1E5A-4499-ADF6-A129160AEAC9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{D9CE26D2-0B13-4ADC-9CF8-424BF6235A73}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{DDC192DC-6821-4B81-81E8-176104A0E4ED}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{DDDB3F78-C3D6-4B72-8278-2AF7FEC2F636}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{DFAF9C29-8518-4825-AEA5-15A5D4BBD2B2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{E057044E-0CD7-4079-AA6E-E77A6CEC2D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\itsab204\day of defeat\hl.exe | 
"{E149C820-9B29-4584-834B-164F4BB0CFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E4AA64BF-49A1-41A1-90A7-8E629C5E0D23}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{E543EE2C-7F69-4080-8182-4FC59CE50124}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{E864D3B6-035E-4367-AB21-CEF57DE06228}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{EF96DFFB-6F0B-4A05-A659-106F6FAADF26}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F5189CCA-8429-4997-A904-22B980D3E6E4}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | 
"{F6842DAE-8E95-4830-A725-8368B52BE7F6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3-beta\bf3.exe | 
"{F81B5CEF-DA5A-483C-A35B-9EE440EA4A1E}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{FB46A3A0-2260-4FB6-9F30-AEB8A4FC7D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | 
"TCP Query User{185FE3E5-2413-45B0-9A07-125A6CE8BF4A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{1EB2D20C-EE5A-4E37-B238-1277BADF84D0}C:\program files (x86)\codemasters\grid\grid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"TCP Query User{3A2EF98D-9726-49A8-95B1-AE5ED69C3417}C:\users\basti\desktop\usb-stick\callofduty4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\usb-stick\callofduty4\iw3mp.exe | 
"TCP Query User{3FD941BF-9E3C-495F-BD4F-D73A8F6BBFED}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"TCP Query User{4A58F585-D0A3-4A65-8F02-81AC57AAE6B7}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{4D83D2C5-B04A-4CF8-8B77-DE94FE8DF75D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{51036FAB-CD31-46FF-B833-BDCEA71569A9}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{5CC70B2A-4590-4D24-9DD1-C8CA9565BBFE}C:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{612D66A2-3EFA-45C2-A270-CC0CE123177D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{7CE73EC6-FE0E-4D12-A1AD-624484DBD6BF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{7D62207B-DA71-41A0-9BFB-8CAE542C751F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{845F61F5-C235-48D9-8924-5657FE065F86}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{89451826-F009-4DF9-8BE1-5D9E2CE82F55}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{98AD45A1-94E2-46C8-91E5-4A0AB2EA72FC}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{9A9841C3-92E7-4BCA-89E6-C4C9FBECEBDA}C:\users\basti\desktop\age 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\age 2\age2_x1\age2_x1.exe | 
"TCP Query User{9AE5A48C-38B4-4813-A6AA-310A08D22DDA}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{A3131F67-1DF6-40DC-987B-5279EAA7B10E}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{A7446166-E08D-4405-8030-571D7F58B5D5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{AAE1FC7F-96DC-4E27-ABD4-859A0C2C1D0A}I:\farcry 2\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=i:\farcry 2\far cry 2\bin\farcry2.exe | 
"TCP Query User{B4661B02-61ED-42B5-95CE-6E8D35799E08}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"TCP Query User{C441F850-55B9-4747-9C0F-A659A49FF314}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | 
"TCP Query User{C9EC0569-35A1-42E4-9B8A-6DA70B89C973}C:\users\basti\desktop\usb-stick\farcry 2\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\users\basti\desktop\usb-stick\farcry 2\far cry 2\bin\farcry2.exe | 
"TCP Query User{EF4E9571-D86E-4A7D-B096-98192E3354A3}C:\users\basti\appdata\local\temp\rar$ex01.048\routerclient.exe" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\temp\rar$ex01.048\routerclient.exe | 
"TCP Query User{F10F383B-A275-4BDA-BD13-8C9D50325A0B}C:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{F47FBDF0-85F8-4FF4-AD42-951933B1BD20}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{FF177911-B860-4704-907A-408348204C92}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{0B9C044E-80DF-46C5-8C6E-D3FC95729039}C:\program files (x86)\codemasters\grid\grid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"UDP Query User{1662C7AE-57C7-455C-8C88-5C755B706478}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{183C2366-0D24-4F9D-B4F6-FFD39DD6E834}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{2E6A5797-863A-4BBC-B64C-22B27AC9F782}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{3B49DC8C-0F13-4261-8FA9-8308336E44E3}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{5A860753-7F14-4B18-AC23-49D5BB7E149D}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{645893B7-A764-412D-B06F-0C07795EA4DF}C:\users\basti\desktop\usb-stick\callofduty4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\usb-stick\callofduty4\iw3mp.exe | 
"UDP Query User{68E5AD93-8036-4613-A64A-6DB5650B5C33}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{7A62683D-5468-445B-BDEE-0E0B326002D5}C:\users\basti\desktop\age 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\age 2\age2_x1\age2_x1.exe | 
"UDP Query User{8BB87BAF-CFE0-4649-ACE9-6DB89B673457}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{9D773602-C7FD-410E-95F6-EFFFD5B26809}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{A19DE35C-08A9-4978-9EEB-DADDFC7911C1}C:\users\basti\desktop\usb-stick\farcry 2\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\users\basti\desktop\usb-stick\farcry 2\far cry 2\bin\farcry2.exe | 
"UDP Query User{AED0616B-CBFF-43DE-82BB-83DA67E9C530}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{AEDD3843-5B10-463D-9519-34F80F119815}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{B19F0480-85CC-40E8-9955-D80F9D171F70}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | 
"UDP Query User{B1A5F72D-C2E5-4787-B33B-59601C6BAA72}I:\farcry 2\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=i:\farcry 2\far cry 2\bin\farcry2.exe | 
"UDP Query User{B6B7FD6B-6BAD-407E-ABD7-D15513E9C3F9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{D0BA3B9B-532B-4CA7-BDC0-8E48DCEA3AF3}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{D24E6309-E0D4-4ED9-90FC-E9906032961A}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"UDP Query User{D4340092-8584-491A-B098-47A3FE9EB746}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{DF375E32-AAC0-4B04-A8B1-4F771E7230BD}C:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{EA05B103-197A-4780-A80F-7FBFB0046FF9}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{EC301EBB-975F-4093-9779-C74B33EC6E68}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{ED236751-0A23-42A6-8C14-DEC66455047D}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{FBDE2460-6F7F-4F79-A005-CD37C3C77F4F}C:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"UDP Query User{FEE5F2CC-FF7A-4350-8F80-9849F34F548F}C:\users\basti\appdata\local\temp\rar$ex01.048\routerclient.exe" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\temp\rar$ex01.048\routerclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour-Druckdienste
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{479B309B-E6B4-4947-8B83-472CF4272582}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}" = ROCCAT Isku Keyboard Driver
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2485BF4-830D-4D7F-B553-3B125CCFB255}" = Codename: Panzers Cold War
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cities XL" = Cities XL
"Combat Arms EU" = Combat Arms EU
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Facecons" = Facecons
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"Juice" = Juice 2.2
"Miro" = Miro
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PSP Video 9" = PSP Video 9 5
"PunkBusterSvc" = PunkBuster Services
"Shoot'n Save 2011-11-12 14.16.45" = Shoot'n Save (Installation 12.11.2011)
"SopCast" = SopCast 3.2.4
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 150" = Counter-Strike Steamworks Beta
"Steam App 30" = Day of Defeat
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.01.2012 13:30:05 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 9.0.1.4371, Zeitstempel
 0x4ef15e74, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0005941c,  Prozess-ID 0x53d8, Anwendungsstartzeit
 01ccce28897de4fe.
 
Error - 08.01.2012 13:30:22 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 53d8  Anfangszeit: 01ccce28897de4fe  Zeitpunkt der Beendigung:
 53
 
Error - 08.01.2012 14:15:50 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 4ed8  Anfangszeit: 01ccce2b8f23cc4a  Zeitpunkt der Beendigung:
 254
 
Error - 08.01.2012 18:10:38 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 9.0.1.4371, Zeitstempel
 0x4ef15e74, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.6195, Zeitstempel
 0x4dcddbf3, Ausnahmecode 0xc0000005, Fehleroffset 0x00008d25,  Prozess-ID 0x4c0c,
 Anwendungsstartzeit 01ccce381c2fdb9a.
 
Error - 08.01.2012 18:11:05 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 5e8c  Anfangszeit: 01ccce525c998aea  Zeitpunkt der Beendigung:
 29
 
Error - 09.01.2012 15:01:07 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 9.0.1.4371, Zeitstempel
 0x4ef15e74, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0005941c,  Prozess-ID 0x5b38, Anwendungsstartzeit
 01cccf00bcc693d7.
 
Error - 09.01.2012 15:02:11 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 5b38  Anfangszeit: 01cccf00bcc693d7  Zeitpunkt der Beendigung:
 38
 
Error - 10.01.2012 15:24:51 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung java.exe, Version 6.0.250.6, Zeitstempel 0x4da6bb3f,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00036549,  Prozess-ID 0xd14, Anwendungsstartzeit 01cccfc738dbcbb5.
 
Error - 10.01.2012 19:05:14 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 5724  Anfangszeit: 01cccfc5e979ecb0  Zeitpunkt der Beendigung:
 83
 
Error - 11.01.2012 10:27:46 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 9.0.1.4371, Zeitstempel
 0x4ef15e74, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb7341c,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00060748,  Prozess-ID 0x5d10, Anwendungsstartzeit
 01ccd06d1505ac14.
 
[ System Events ]
Error - 11.04.2012 05:26:21 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 11.04.2012 12:32:49 | Computer Name = Basti-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 002421213C59 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 11.04.2012 21:00:16 | Computer Name = Basti-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 002421213C59 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 11.04.2012 21:00:23 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12.04.2012 08:58:45 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.04.2012 um 03:02:26 unerwartet heruntergefahren.
 
Error - 14.04.2012 07:10:54 | Computer Name = Basti-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 002421213C59 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 14.04.2012 17:54:08 | Computer Name = Basti-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 002421213C59 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 15.04.2012 07:19:46 | Computer Name = Basti-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 002421213C59 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 17.04.2012 08:39:00 | Computer Name = Basti-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 002421213C59 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 18.04.2012 05:33:58 | Computer Name = Basti-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 002421213C59 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

--- --- ---

Chris4You · 18.04.2012, 11:44

Hi,

bei den Files (davon gibt es einige mehr im Log...) bin ich mir nicht sicher, normalerweise würde ich sie "killen" (hidden)...
Bitte prüfen...

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Users\Basti\Desktop\refrgth.jpg
C:\Users\Basti\Desktop\rw4tghz.jpg

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
PRC - C:\ProgramData\4WuYiK8t8K86MF.exe ()
PRC - C:\ProgramData\yiSNUTyakcfEQv.exe ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [4Y3Y0C3A1W9V3D1IICSYKKHH] C:\ftpuser\0EBD69550D8.exe /q File not found
O4 - HKCU..\Run: [yiSNUTyakcfEQv.exe] C:\ProgramData\yiSNUTyakcfEQv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.04.12 03:01:18 | 000,000,000 | ---D | C] -- C:\e9c2918cfe896312de7a
[2012.04.17 22:32:03 | 000,000,599 | -H-- | C] () -- C:\Users\Basti\Desktop\SMART_HDD.lnk
[2012.04.17 22:32:03 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-4WuYiK8t8K86MFr
[2012.04.17 22:32:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-4WuYiK8t8K86MF
[2012.04.17 22:31:59 | 000,000,256 | -H-- | C] () -- C:\ProgramData\4WuYiK8t8K86MF
[2012.04.17 22:31:58 | 000,222,208 | -H-- | C] () -- C:\ProgramData\4WuYiK8t8K86MF.exe
[2012.04.17 22:26:32 | 000,301,568 | -H-- | C] () -- C:\ProgramData\yiSNUTyakcfEQv.exe

:Commands
[emptytemp]
[Reboot]

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

BastiBob · 18.04.2012, 12:54

SHA256: 3acc395d639a4705fd2aea76ccf51cd099d00823872cd2d246e6ad2c7b256f57
SHA1: 3defccce7f11d75af19f7e40158d1cc9490a6632
MD5: ff3fc6b79d4659d794ee6e18b4d5488c
File size: 225.7 KB ( 231148 bytes )
File name: refrgth.jpg
File type: JPEG
Detection ratio: 0 / 42
Analysis date: 2012-04-18 11:41:00 UTC ( 9 Minuten ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120417
AntiVir - 20120418
Antiy-AVL - 20120418
Avast - 20120418
AVG - 20120418
BitDefender - 20120418
ByteHero - 20120417
CAT-QuickHeal - 20120418
ClamAV - 20120418
Commtouch - 20120418
Comodo - 20120418
DrWeb - 20120418
Emsisoft - 20120418
eSafe - 20120417
eTrust-Vet - 20120417
F-Prot - 20120417
F-Secure - 20120418
Fortinet - 20120418
GData - 20120418
Ikarus - 20120418
Jiangmin - 20120418
K7AntiVirus - 20120417
Kaspersky - 20120418
McAfee - 20120418
McAfee-GW-Edition - 20120417
Microsoft - 20120418
NOD32 - 20120418
Norman - 20120417
nProtect - 20120418
Panda - 20120417
PCTools - 20120418
Rising - 20120417
Sophos - 20120418
SUPERAntiSpyware - 20120402
Symantec - 20120418
TheHacker - 20120417
TrendMicro - 20120418
TrendMicro-HouseCall - 20120418
VBA32 - 20120418
VIPRE - 20120418
ViRobot - 20120418
VirusBuster - 20120417

SHA256: 250965119d2af6ee11915ae9d8f8290c1da5eab098944e878d98e1e46562549d
SHA1: 39c4db1c87afbc73116291acdf1043acf4b2e3b0
MD5: 1a4d329bdd45a14f51f95b046376a12a
File size: 301.7 KB ( 308913 bytes )
File name: rw4tghz.jpg
File type: JPEG
Detection ratio: 0 / 42
Analysis date: 2012-04-18 11:52:00 UTC ( 1 Minute ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120417
AntiVir - 20120418
Antiy-AVL - 20120418
Avast - 20120418
AVG - 20120418
BitDefender - 20120418
ByteHero - 20120417
CAT-QuickHeal - 20120418
ClamAV - 20120418
Commtouch - 20120418
Comodo - 20120418
DrWeb - 20120418
Emsisoft - 20120418
eSafe - 20120417
eTrust-Vet - 20120417
F-Prot - 20120417
F-Secure - 20120418
Fortinet - 20120418
GData - 20120418
Ikarus - 20120418
Jiangmin - 20120418
K7AntiVirus - 20120417
Kaspersky - 20120418
McAfee - 20120418
McAfee-GW-Edition - 20120417
Microsoft - 20120418
NOD32 - 20120418
Norman - 20120417
nProtect - 20120418
Panda - 20120417
PCTools - 20120418
Rising - 20120417
Sophos - 20120418
SUPERAntiSpyware - 20120402
Symantec - 20120418
TheHacker - 20120417
TrendMicro - 20120418
TrendMicro-HouseCall - 20120418
VBA32 - 20120418
VIPRE - 20120418
ViRobot - 20120418
VirusBuster - 20120417

Zum zweiten Punkt "Fix für OTL":

Nachdem ich die Codebox da reinkopiert habe hab ich auf Fix geklickt?
All processes killed
========== OTL ==========
No active process named 4WuYiK8t8K86MF.exe was found!
No active process named yiSNUTyakcfEQv.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C3CD744D-2FAE-4640-8297-16B5DA423104} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3CD744D-2FAE-4640-8297-16B5DA423104}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4Y3Y0C3A1W9V3D1IICSYKKHH deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yiSNUTyakcfEQv.exe deleted successfully.
C:\ProgramData\yiSNUTyakcfEQv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\e9c2918cfe896312de7a folder moved successfully.
File C:\Users\Basti\Desktop\SMART_HDD.lnk not found.
C:\ProgramData\-4WuYiK8t8K86MFr moved successfully.
C:\ProgramData\-4WuYiK8t8K86MF moved successfully.
C:\ProgramData\4WuYiK8t8K86MF moved successfully.
C:\ProgramData\4WuYiK8t8K86MF.exe moved successfully.
File C:\ProgramData\yiSNUTyakcfEQv.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Basti
->Temp folder emptied: 173123230 bytes
->Temporary Internet Files folder emptied: 134281699 bytes
->Java cache emptied: 97451320 bytes
->FireFox cache emptied: 36002671 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 428299 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31888820 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782663 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 487,00 mb

OTL by OldTimer - Version 3.2.40.0 log created on 04182012_134706

Files\Folders moved on Reboot...
C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\265176f3-6a7ed483 moved successfully.
C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7c52cfe2-6c54414b moved successfully.
C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1b4ed89b-27ee056b moved successfully.
C:\Users\Basti\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\11df98c-785832dc moved successfully.
C:\Users\Basti\AppData\Local\Mozilla\Firefox\Profiles\x4qburnz.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Basti\AppData\Local\Mozilla\Firefox\Profiles\x4qburnz.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Basti\AppData\Local\Mozilla\Firefox\Profiles\x4qburnz.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Basti\AppData\Local\Mozilla\Firefox\Profiles\x4qburnz.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Basti\AppData\Local\Mozilla\Firefox\Profiles\x4qburnz.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Basti\AppData\Local\Mozilla\Firefox\Profiles\x4qburnz.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

Chris4You · 18.04.2012, 14:53

Hi,

ok, was gibt MAM so von sich?

chris

BastiBob · 18.04.2012, 15:29

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.18.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Basti :: BASTI-PC [Administrator]

18.04.2012 14:14:53
mbam-log-2012-04-18 (14-14-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 518184
Laufzeit: 1 Stunde(n), 50 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 14
HKCR\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{DC53C427-BA7F-4BB8-BBB9-A23BD544C921} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC53C427-BA7F-4BB8-BBB9-A23BD544C921} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC53C427-BA7F-4BB8-BBB9-A23BD544C921} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DC53C427-BA7F-4BB8-BBB9-A23BD544C921} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC53C427-BA7F-4BB8-BBB9-A23BD544C921} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 3
C:\ProgramData\TheBflix (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Basti\AppData\Roaming\Winbooterr (Backdoor.SpyNet.M) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 12
C:\_OTL\MovedFiles\04182012_134706\C_ProgramData\4WuYiK8t8K86MF.exe (Backdoor.Agent.RCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\04182012_134706\C_ProgramData\yiSNUTyakcfEQv.exe (Backdoor.Agent.RCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Basti\AppData\Roaming\cglogs.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und noch der Malware-Log.

Chris4You · 18.04.2012, 15:58

Hi,

was treibt der Rechner so? Läuft er wieder normal oder ist "tiefer bohren" angesagt?

chris

BastiBob · 18.04.2012, 16:17

Ja also laufen tut er ohne Probleme.

Ein paar Desktop-Icons sind verschwunden, zum Beispiel Firefox und Origin aber die kann man ja einfach neu machen.

Allerdings sind die ganzen Ordner und Bilder noch immer so "durchscheinend" und wenn ich unten links auf den Windows-Button Klicke wird dort nichts angezeigt außer "Computer".

Also schwer zum beschreiben aber normal steht da noch Dokumente, Systemsteuerung und so weiter...

Danke

Chris4You · 18.04.2012, 21:57

Hi,

ok, kümmer mich morgen darum ;o)...

chris

Chris4You · 19.04.2012, 06:38

Hi,

Smart HDD verstellt ein paar Sachen in Windows, daher Unhide

Bitte Feedback was alles wiederhergestellt wurde...

chris

BastiBob · 19.04.2012, 15:42

Vielen Dank!

Ehm also jetzt sind die Daten wieder sichtbar und eigentlich auch alles wieder da. Paar Programme wie Origin fehlen noch auf dem Desktop aber da kann man ja normale Verknüpfungen neu machen.

Die Symbole unten in der Schnellstartleiste fehlen auch noch wie Firefox etc. aber das kann man ja auch wieder richten, muss ich halt bisschen rumprobieren

Ich glaub ich sollte meinen Rechner mal entmüllen. Weiß zwar nicht wie das geht aber das ist hier ja auch das falsche Forum dafür :s

BastiBob · 08.05.2012, 16:28

Hallo, ich bins nochmal.

Also soweit war eigentlich nichts mehr zu merken.
Bis seit gestern mein Rechner nichtmehr richtig hochfährt.

Hab den PC gestartet aber das Bild blieb schwarz und nach 5-15sek hat er sich wieder selbst ausgeschalten und wieder an und wieder aus....

Ein Kollege meinte ich soll mal für 10min die BIOS Batterie rausnehmen zum das BIOS resetten. Hab ich gemacht mit dem Effekt, dass der PC zwar immer noch ca. 5mal an und aus geht aber danach erscheint der schwarze Bildschirm mit den PC Komponenten wie wenn man ihn normal hochfährt.

Dann dachte ich es wär soweit alles wieder in Ordnung, bis ich dann heute morgen wieder den PC starten wollte.
Es kam wieder dieser schwarze Bildschirm nur diesmal zusätzlich die rote Schrift mit den Worten:

"Warning !!! The previous overclocking had failed, and system will restore its default setting. Press any key to continue."

Dann kam ich ins BIOS und weil ich nicht wusste was zu machen ist auf exit und jetzt läuft er wieder wie gewohnt.

Aber ich hab das Teil nie overclocked?
Jetzt wollte ich nur nachfragen ob es dieser Smart HDD Trojaner sein kann, der BIOS-Einstellungen verändert?

Oder ob das an was anderem liegen muss?

Dankeschön!

Chris4You · 10.05.2012, 09:16

Hi,

nein, sollte er eigentlich nicht tun.
Eher solltest Du wohl mal die CMOS-Batterie wechseln...

chris

BastiBob · 11.05.2012, 16:24

Okay danke, das werd ich dann mal tun!

Smart HDD Trojaner

Plagegeister aller Art und deren Bekämpfung: Smart HDD Trojaner