Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Der weisse Bildschirm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.05.2013, 21:45   #1
Alpha.1
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Guten Abend

Heute Nachmittag habe ich im Internet gesurft. Plötzlich wurde der Bildschirm weiss und nichts mehr passierte. Anschliessen habe ich ihn Heruntergefahren. Nach mehreren Versuchen mich einzuloggen scheiterte ich. Jedes Mal kommt der weisse Bildschirm wieder. Erste Erfolge hatte ich als ich mich mit meinen Zweiten Benutzer einloggen konnte. Dort funktionierte alles einwandfrei und ich konnte den Kaspersky laufen lassen. Er wurde auf einen Trojaner fündig. Meine Frage ist nun wie ich ihn korrekt entferne. Ich habe ein bisschen Mühe mit Windows, da ich ein Mac User bin^^

Danke schon Mal im Voraus

mit freundlichen Grüssen Alpha.1

Alt 03.05.2013, 09:44   #2
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 03.05.2013, 17:02   #3
Alpha.1
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Ich habe jetzt den ersten Teil erledigt. Hier ist der Log von Malwarebyte

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.03.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
default :: DEFAULT-PC [Administrator]

Schutz: Aktiviert

03.05.2013 11:24:38
mbam-log-2013-05-03 (11-24-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 827327
Laufzeit: 4 Stunde(n), 37 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1388 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\YontooIEClient.Layers.1 (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\YontooIEClient.Layers (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Löschen bei Neustart.

Infizierte Dateien: 7
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Löschen bei Neustart.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benoît\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNGSZ16T\4fa973192b533[1].exe (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benoît\Downloads\etype_setup (1).exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benoît\Downloads\etype_setup.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\default.default-PC\AppData\Local\Temp\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Alt 03.05.2013, 19:59   #4
Alpha.1
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Hab jetzt den OTl scannen lassen.

Hier den Bericht. Tut mir leid das ich den nicht im Anhang Posten kann. Die Datei ist zu gross.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.05.2013 18:27:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\default.default-PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 66.41% Memory free
12.11 Gb Paging File | 9.89 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.27 Gb Total Space | 164.31 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 12.49 Gb Total Space | 1.69 Gb Free Space | 13.56% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\default.default-PC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Users\default.default-PC\AppData\Roaming\eType\eType.exe (DSNR Media Innovations)
PRC - C:\Users\default.default-PC\AppData\Roaming\eType\eTypeUpdate.exe (DSNR Media Innovations)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Users\default.default-PC\AppData\Roaming\eType\MyZip.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\FinePixViewerS\wia_register_event.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (HerculesDJControlMP3) -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (HDJMidi) -- C:\Windows\SysNative\DRIVERS\HDJMidi.sys (© Guillemot R&D, 2010. All rights reserved.)
DRV:64bit: - (Bulk) -- C:\Windows\SysNative\Drivers\HDJBulk.sys (© Guillemot R&D, 2010. All rights reserved.)
DRV:64bit: - (HDJAsioK) -- C:\Windows\SysNative\Drivers\HDJAsioK.sys (© Guillemot R&D, 2010. All rights reserved.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV - (PCD5SRVC{E2AF211B-86DA020A-05040000}) -- C:\PROGRA~2\PC-DOC~1\PCD5SRVC_x64.pkms (PC-Doctor, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A93AEDAF-5477-496D-985B-F2B9D246F625}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{A93AEDAF-5477-496D-985B-F2B9D246F625}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=83&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {A93AEDAF-5477-496D-985B-F2B9D246F625}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A93AEDAF-5477-496D-985B-F2B9D246F625}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=83&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\SearchScopes,DefaultScope = {C5E20A11-576C-4987-B225-A1F37A6D5385}
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\SearchScopes\{A210AED2-96D3-4943-84D5-DFEBF6C7C4D4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10262&src=kw&q={searchTerms}&locale=de_CH&apn_ptnrs=^AGT&apn_dtid=^YYYYYY^YY^CH&apn_uid=7cc22eee-498c-408e-98b7-98a76f709779&apn_sauid=035E55DC-5526-41A8-B858-A80ECADCC66B
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\SearchScopes\{A93AEDAF-5477-496D-985B-F2B9D246F625}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\SearchScopes\{C5E20A11-576C-4987-B225-A1F37A6D5385}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.8
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.16 13:17:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 16:04:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 16:04:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 16:04:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 23:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.28 15:55:12 | 000,000,000 | ---D | M]
 
[2010.11.28 14:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\default.default-PC\AppData\Roaming\mozilla\Extensions
[2013.05.02 23:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\default.default-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5xeroj4.default\extensions
[2012.01.09 11:29:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\default.default-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5xeroj4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.05.02 23:09:06 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\default.default-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5xeroj4.default\extensions\toolbar@ask.com
[2013.04.28 15:52:23 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\default.default-PC\AppData\Roaming\mozilla\firefox\profiles\z5xeroj4.default\extensions\plugin@yontoo.com.xpi
[2013.04.28 15:52:23 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\default.default-PC\AppData\Roaming\mozilla\firefox\profiles\z5xeroj4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.05.02 23:09:05 | 000,002,344 | ---- | M] () -- C:\Users\default.default-PC\AppData\Roaming\mozilla\firefox\profiles\z5xeroj4.default\searchplugins\askcom.xml
[2013.02.27 23:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.04 15:36:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.01.04 15:36:22 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2223682528-2230970596-139122905-1000..\Run: [eType] C:\Users\default.default-PC\AppData\Roaming\eType\eType.exe (DSNR Media Innovations)
O4 - HKU\S-1-5-21-2223682528-2230970596-139122905-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2223682528-2230970596-139122905-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Benoît\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\default.default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\default.default-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\default.default-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2223682528-2230970596-139122905-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D84AFA-4916-4560-842D-42E9A52AC4B6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.03 18:12:47 | 000,000,000 | -HSD | C] -- C:\found.001
[2013.05.03 11:23:05 | 000,000,000 | ---D | C] -- C:\Users\default.default-PC\AppData\Roaming\Malwarebytes
[2013.05.03 11:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.03 11:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.03 11:22:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.03 11:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.03 11:22:19 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\default.default-PC\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.03 01:53:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.05.02 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\default.default-PC\AppData\Roaming\Avira
[2013.05.02 23:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.02 23:08:50 | 000,000,000 | ---D | C] -- C:\Users\default.default-PC\AppData\Local\AskToolbar
[2013.05.02 23:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.05.02 23:07:34 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.02 23:07:34 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.02 23:07:34 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.02 23:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.02 23:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.02 21:17:32 | 270,174,968 | ---- | C] (Avira GmbH) -- C:\Users\default.default-PC\Desktop\rescue_system-common-en.exe
[2013.05.02 16:37:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%Report%
[2013.05.02 16:32:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.04.28 15:52:38 | 000,000,000 | ---D | C] -- C:\Users\default.default-PC\AppData\Local\Macromedia
[2013.04.12 22:50:48 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMa111.dll
[2013.04.12 22:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.04.11 08:42:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 08:42:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 08:42:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 08:42:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 08:42:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 08:42:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 08:42:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 08:42:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 08:42:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 08:42:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 08:42:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 08:42:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 08:42:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 08:42:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 08:42:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:45:37 | 004,691,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 08:45:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 08:45:37 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 08:44:41 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.04.10 08:44:13 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 08:44:13 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.05 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 18:34:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.03 18:25:14 | 000,001,789 | ---- | M] () -- C:\Users\default.default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2013.05.03 18:24:28 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 18:24:27 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2013.05.03 18:18:50 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.03 18:16:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 18:16:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 18:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 18:15:57 | 2145,902,591 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.03 17:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223682528-2230970596-139122905-1002UA.job
[2013.05.03 15:55:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2223682528-2230970596-139122905-1002Core.job
[2013.05.03 11:26:22 | 001,459,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.03 11:26:22 | 000,633,580 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.03 11:26:22 | 000,600,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.03 11:26:22 | 000,129,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.03 11:26:22 | 000,106,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.03 11:23:00 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.03 11:20:46 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\default.default-PC\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.02 23:09:16 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.02 23:06:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.02 23:06:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.02 23:06:17 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.02 17:05:34 | 270,174,968 | ---- | M] (Avira GmbH) -- C:\Users\default.default-PC\Desktop\rescue_system-common-en.exe
[2013.04.12 22:50:46 | 000,002,153 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2013.04.12 22:50:46 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Photosmart 5510 series.lnk
[2013.04.11 16:05:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.04.11 09:01:06 | 000,328,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.05 23:00:23 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.03 11:23:00 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.03 11:13:46 | 2145,902,591 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.02 23:09:16 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.12 23:42:11 | 000,105,483 | ---- | C] () -- C:\Users\default.default-PC\Desktop\Zeitplan LAP.pages
[2013.04.12 22:52:35 | 000,001,789 | ---- | C] () -- C:\Users\default.default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2013.04.12 22:50:46 | 000,002,153 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2013.04.12 22:50:46 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Shop für Zubehör - HP Photosmart 5510 series.lnk
[2013.04.11 16:05:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.06.06 17:24:19 | 000,000,104 | ---- | C] () -- C:\Users\default.default-PC\Papierkorb - Verknüpfung (2).lnk
[2012.06.03 20:04:46 | 000,000,104 | ---- | C] () -- C:\Users\default.default-PC\Papierkorb - Verknüpfung.lnk
[2011.11.06 21:21:51 | 000,160,226 | ---- | C] () -- C:\Windows\hpoins14.dat
[2011.08.24 17:53:44 | 000,001,483 | ---- | C] () -- C:\Users\default.default-PC\.recently-used.xbel
[2011.01.17 11:39:01 | 000,061,254 | ---- | C] () -- C:\Program Files (x86)\EULA.deu
[2010.02.07 20:23:38 | 000,000,680 | ---- | C] () -- C:\Users\default.default-PC\AppData\Local\d3d9caps.dat
[2009.12.22 13:06:41 | 000,000,000 | ---- | C] () -- C:\Users\default.default-PC\AppData\Roaming\wklnhst.dat
[2009.05.15 16:06:43 | 000,010,240 | ---- | C] () -- C:\Users\default.default-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.09 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\Benoît\AppData\Roaming\DVDVideoSoft
[2011.12.19 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\Benoît\AppData\Roaming\OpenOffice.org
[2012.06.27 16:29:37 | 000,000,000 | ---D | M] -- C:\Users\Benoît\AppData\Roaming\Template
[2013.04.14 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Benoît\AppData\Roaming\TS3Client
[2012.06.27 17:03:04 | 000,000,000 | ---D | M] -- C:\Users\Benoît\AppData\Roaming\uTorrent
[2009.08.22 09:52:52 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\Activision
[2010.11.17 21:06:49 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\Deckadance16
[2009.05.09 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\DeepBurner
[2012.01.09 11:29:25 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\DVDVideoSoft
[2012.01.09 11:29:08 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.03 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\eType
[2011.10.16 21:26:26 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\FUJIFILM
[2011.08.24 17:53:44 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\gtk-2.0
[2009.05.15 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\muvee Technologies
[2010.11.12 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\OpenCandy
[2008.05.09 20:13:26 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\OpenOffice.org
[2012.05.15 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\Reviversoft
[2011.12.29 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\Rovio
[2010.05.09 17:31:32 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\SecondLife
[2009.12.22 13:06:46 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\Template
[2011.01.26 20:06:46 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\TS3Client
[2012.06.27 13:54:27 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\uTorrent
[2009.05.09 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\WinBatch
[2012.01.16 00:41:59 | 000,000,000 | ---D | M] -- C:\Users\default.default-PC\AppData\Roaming\YoWindow
[2011.07.13 13:05:15 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Ableton
[2013.02.06 13:13:27 | 000,000,000 | -H-D | M] -- C:\Users\Nicolas\AppData\Roaming\B5B64C78
[2011.08.19 21:32:37 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoft
[2011.04.11 16:15:56 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.09 16:26:21 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Ehfe
[2012.06.16 15:43:00 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\FinalTorrent
[2011.08.24 18:05:57 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\FUJIFILM
[2013.04.29 11:32:26 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\gtk-2.0
[2011.07.17 12:38:37 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Image-Line
[2012.11.08 00:40:24 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\IrfanView
[2013.01.09 16:26:21 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Labood
[2010.10.13 15:45:18 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\OpenOffice.org
[2011.07.06 15:53:08 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\PeerNetworking
[2012.05.15 16:53:25 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Rovio
[2011.07.18 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\SynthMaker
[2012.05.19 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Template
[2013.04.07 01:26:44 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\TS3Client
[2013.02.10 18:49:23 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\uTorrent
[2013.01.09 16:26:21 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\Xyifn
[2011.05.08 15:52:40 | 000,000,000 | ---D | M] -- C:\Users\Nicolas\AppData\Roaming\YoWindow
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Und hier den zweitenOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.05.2013 18:27:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\default.default-PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 66.41% Memory free
12.11 Gb Paging File | 9.89 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.27 Gb Total Space | 164.31 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 12.49 Gb Total Space | 1.69 Gb Free Space | 13.56% Space Free | Partition Type: NTFS
 
Computer Name: DEFAULT-PC | User Name: default | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = C2 67 A0 CD DE 4A CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EF482A-4615-404F-B2CA-166553BA0BBC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{131A4D0F-AB9A-458B-B159-C5C9D92FFCE4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1BC8B551-B15C-4433-A31F-27F99BF492B2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{1C8248A2-9925-426C-B73F-6CDFE5180A01}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{24C4C02B-8334-4905-9D01-96202035570A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{2FEF35C4-DA13-4EEE-A493-79D717E18258}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{3757E9BA-AD57-402A-BDDC-AEBE20631ADD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{380F600B-929C-472A-AD80-C7B739F680F3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{38223AF8-19A0-4E75-A40E-9E10E88321D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{46B53186-3231-4004-9E70-25144E5F0168}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5305D5C2-E1BB-4CB5-8466-4F2D48245C97}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5F9DEBC5-F19A-4107-BB20-62862F8C625A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{61B3D3F6-4EC9-471B-BF71-8895C06C869C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{792C9D61-FA8F-4D86-BEB1-AD7267640028}" = rport=445 | protocol=6 | dir=out | app=system | 
"{84C37392-F6F0-4D46-8F31-7B7B7E333499}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8C8B4C55-16CA-4908-8FB4-B0C7600EB257}" = lport=6112 | protocol=6 | dir=in | name=port 2 | 
"{8D958761-A419-4114-B871-51209AAD4B19}" = rport=137 | protocol=17 | dir=out | app=system | 
"{90EE865E-241E-41C8-910A-81377E3218AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{995FCF10-9CE3-417F-B89C-9F2D08FC89F2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{998465FF-D4E7-444E-B77D-5D6AB2D23625}" = lport=6999 | protocol=6 | dir=in | name=port 4 | 
"{A166049F-C428-48E9-879E-12086854D7CA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A68CA80B-C818-45EC-975F-7DE9A02B0DE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA2FEADA-AA52-4124-87D2-E3E32627F0BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE42EA35-BFC1-4A36-9059-062F811CC81F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B2410148-DCD4-4CD3-B539-00AFF6D617E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2BB6CEF-8EF5-45E3-81A0-11D9A0B064F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C7895241-1EE7-42AA-9DFF-4ED551FF7C5D}" = lport=6881 | protocol=6 | dir=in | name=port 3 | 
"{D56B8BFE-4901-41C7-BE34-54B4571F6B51}" = lport=3724 | protocol=6 | dir=in | name=port 1 | 
"{D6EC1C93-C3BB-46E0-83DD-FEFB567E143D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D84C4A0E-8843-485B-822E-BE7A14B366FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB462DA6-D227-442A-9F1C-A576385D81DD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DB6F72EE-562C-4901-987E-640A99D96A61}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DEB39025-8E40-42F6-82E1-9D978AB26DC2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{ECB67D07-245B-4D3F-A33C-88AFB6D20661}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{EFA328D4-F8CC-45FE-A0CE-ED5C93E7B1F2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FE070DB1-D8C5-480A-8FA3-9DC6466F696C}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065D3488-72F9-451B-BF5E-A8946FB8D22D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{0C3644BC-6565-41DD-B117-F10CDE652918}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{10154C99-E690-4B4A-9BE2-9A96B36DCA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{1078C95F-4FEC-4480-8B3E-AAD7C8D13B40}" = dir=in | app=c:\program files (x86)\finaltorrent\ftcheckforupdates.exe | 
"{1350BAFF-FA9A-4ACA-B30E-44CEEE9BA57E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{19673B83-391B-457C-8430-A33B7E217DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{1AA71A4F-D344-4D15-8033-99EBA484C2E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{1B75F7F0-3539-42D2-B2D1-E45D14C3E3CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{227A8BC3-21C3-4A7D-B148-5E33EFB16B36}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{29C2BA9B-3683-4281-8E47-9169B7C37209}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2D61BEF9-639E-492D-8206-F7E658050C88}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{30BA5192-366B-46B8-BDA8-C029EF8F6498}" = dir=in | app=c:\program files (x86)\finaltorrent\finaltorrent.exe | 
"{30E37601-17AE-4EBC-B328-5DB8BDB239B0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{3192CFB3-1B4C-430B-A4EE-0E28BD62F704}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{342E4F10-7847-4AF8-858D-33D6BA8489AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{37E0AC60-8484-4A58-90B0-53754C12AC4D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{47516FE8-3598-47E4-AED1-8CAC4D7FEEA6}" = dir=in | app=c:\users\defaul~1.def\appdata\local\temp\ibtmpfa54336\component_184.decrpt | 
"{47BCDD49-BBA4-48A4-8AA9-FC28299190EB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{50EB7AB7-6DCC-4A7F-B17B-E509ED423692}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{55B552D6-88DE-4D71-9B4B-A4F4836C4DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{5B0B8AA0-D8F6-4170-89A4-ADA6CCB3802C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{5B1EBB4E-2D33-4E64-A53C-25076C3AE015}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{60602C55-1C72-42CF-8335-D2AD54FEC79C}" = protocol=17 | dir=in | app=c:\program files (x86)\dvdvideosoft\free youtube to mp3 converter\freeyoutubetomp3converter.exe | 
"{61628409-FA8A-4D0D-9740-BB55CA2E2DA6}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{65F82E33-FB42-4F4D-AA90-F55CB9F7139E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{669C9AD7-0FE1-4D75-8ED9-A8B2650DE848}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{714775F0-D49A-4A2B-A425-48E3B9BAB081}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{72BD4A3F-8B53-4E89-AD0E-9030B21AA7FD}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{83731CB1-4CCA-4FE1-AD90-AB4D49478D16}" = dir=in | app=c:\users\defaul~1.def\appdata\local\temp\ibtmpfa54336\etypesetup.exe | 
"{85B45547-811E-47B1-B2C4-DD5FA21FFF57}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{86F3EBEA-B586-4EAE-BDC7-BDEA29D2D70E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8701F668-38D8-4094-9791-E34B92EE484B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8F6CD8C9-659F-4F17-80C9-D76EFAAFA6C5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{90EC3D57-558B-4841-8575-FF3429B76833}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9143162E-3BC6-4436-8ED4-5E7623BD1056}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{97992593-F524-441F-8DD6-A45A35D5FCA0}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{991540CE-B485-4AFA-A63C-24729349D78A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{9D0BB2F4-2AE6-4929-A4CC-35EEDAF410D5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{A95E4249-F837-43E8-9D84-1BFC603FCD5B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{B05C8A4E-C72A-46D8-A22B-F0E08237C4E6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BC5627B6-3A2B-4F88-8B1E-909BF30DC8FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BD07C7A3-4747-4352-9A12-990808C09D53}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BFA01BA1-98C6-416D-B776-04C020960BDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C2F65DBB-C8E8-403F-AE3A-EFD4267B227D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{C3FC177D-3EA1-4862-86E1-F57027AE1686}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{C64596B0-34A4-4E3B-B12F-C161D4204461}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{C8017132-900F-4C75-9314-A5AB94B85D8E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CB8AA11C-58F3-4D89-84FD-93EC3384489E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{CC022EB8-F363-4673-83D6-62E82CAB4CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CEC6C0BF-6C26-4F78-8C65-59F33EB251D7}" = protocol=6 | dir=in | app=c:\program files (x86)\dvdvideosoft\free youtube to mp3 converter\freeyoutubetomp3converter.exe | 
"{CEFE90A6-E003-42BA-9271-BABF69A82E0F}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{D1026944-9CCD-408B-9405-88E2B5BA03D2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{D23A88C7-4C7A-472D-9C28-EEE61EFFB8CE}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicatorcom.exe | 
"{DC4837D6-915D-4DA2-BB91-7BC41BBD99CE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{DDBDB07B-A4CF-45C5-989F-5F45D42B4738}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{E59BBE34-EE18-4812-AE6C-2995ACA929A2}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{EB6E8BE2-2D77-4195-81B2-40C30B261BDC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FC125EF7-262F-4847-B71D-90231D6117AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FC4B20D1-CDD9-4115-A1E9-1F68610B469C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{059A0F22-F9B8-4941-AE07-63415E368F23}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{07447582-3997-40A0-BF86-56C1D56580DE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{123B8F99-30FF-4556-A08D-51CAE86280E5}C:\program files (x86)\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\recordingmanager.exe | 
"TCP Query User{13B906E2-D8BF-40E0-A94D-09BA59FE21D9}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{13BA1513-A917-480F-B08B-66D05AC70C99}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{150F3AE4-B221-423E-AB2A-3974F2F6CDD9}C:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"TCP Query User{16706FE4-3E6F-4119-BA90-FF9518CDD0E8}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{197A6503-E69C-4743-9162-7E71E9F10CA3}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{21CD7BC2-99B5-469E-B9DB-24EEC707073D}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{3FFD39E2-1078-4AC9-B85B-80F789C00A11}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{41DB5ED8-07E3-4CEF-88ED-CDC7FB2F1AD2}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{4273F72C-52B9-4FBE-8043-4F34C245F930}C:\users\benoît\downloads\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\benoît\downloads\wow-dede-installer-downloader.exe | 
"TCP Query User{44F73D3F-7D14-4249-83FF-92CB516BAE64}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"TCP Query User{4ABC1F6A-4698-46D1-8A1F-1D8E7135B3C9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{55897B6D-B418-42BA-A444-4674B71E1D7D}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"TCP Query User{5B7C0D7B-510E-465D-AE24-9DDF932D46F8}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{5C9B42C1-63E3-4278-8CBF-063A5DBDFBBC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{63D3DDAE-F9F3-4A63-A63C-9FABB8FCA3DE}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{6CB1C151-98EB-45C9-87EA-F9D102F8C472}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{7DA2CC3A-0B70-4C03-A2FF-2A11BF976663}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{7EB85B5C-F342-4E55-A7B0-A6F37C978BA2}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{875867D7-BBC5-4B82-B567-105C0DBDA6BF}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{8A53568A-FD39-4789-AD56-E05300166368}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{8A7DBAA7-F910-4DC0-B253-18A815B8C682}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{8DB0D9D7-522E-4AFD-9BF2-A7EF521D1495}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{8FB6CCD6-B58C-4737-8462-2E3D9ED67886}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"TCP Query User{9A04A141-D018-4494-AEF0-AE1CC8B99B84}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | 
"TCP Query User{9E24D625-BF43-410F-92F5-F7B3F60AD2E5}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe | 
"TCP Query User{A24C2C5B-B809-4C27-8A0C-3FAC434F6165}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{A74944FA-7254-4580-ABA9-90391DA2FD6F}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{AEDFA71F-C415-411B-8CEC-C7CDE5000BD6}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{B4D5A74A-872D-4E69-8888-CF757B5E9C80}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{BC0E6AAC-4E1F-46E5-A9BE-76746D27C2D8}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{BF5C6412-786D-42DF-ACD6-4343509895DF}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{C4E38529-EAA9-47D9-8CB1-833059E1ECA5}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{C7929809-0206-430D-AE81-92285E7D9937}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{CBF051EC-6A40-4785-887E-5799B2ADEA48}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{CCDFD55C-4DEB-4682-AEB4-695066FB6C8E}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{DADE85C1-47F0-42D8-8D1F-99A7B562CA08}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{E1767568-B179-458D-9918-FE7B1A592275}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{E7C36CEC-E84C-4501-98A7-6FC35E763E3F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{E9541FDC-339F-4B59-A5E7-0DDC8577CFFB}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"TCP Query User{EA1C5293-54DD-4D5B-81E8-2B14E591CED5}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{F1D79B57-64DA-440D-B3C7-83CA7003D8FE}C:\program files (x86)\pauli\pauli.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pauli\pauli.exe | 
"TCP Query User{F21099E2-21AC-4F37-A91C-1816D0D01D67}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{042B663C-923A-4573-B858-EE5A6A9C50AD}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{0C373013-F617-4DEE-A209-C39FA3B8DB28}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"UDP Query User{103B423D-8604-435E-A211-6BAE78B28732}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{165A5E04-7957-4282-B4E0-4DA94FEE481A}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{16C5F7DE-A319-415B-BEFE-B29170697736}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{17F0A934-5C45-4181-A4A6-99D7EE85443B}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{17F38D75-8568-4D5F-A8A6-0CF437857089}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"UDP Query User{2077956D-9623-480A-B6BB-24180822E000}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{20CCEEE5-F8BF-40B8-901D-D6418DA90C65}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{25DBBDCC-A323-4B8B-B0B8-826A0074FB73}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{2EA406BC-6F1E-4C24-B45E-65BFCF068EB2}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{340A1021-0B1B-407D-9B6C-448ED24E5E85}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{430BEED7-6DE5-4A32-AE51-F78C42FD22C1}C:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\eflc.exe | 
"UDP Query User{440A7432-EEE9-498E-945D-A5BE612505FD}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{558C975C-EEF7-4D2B-AEF1-5D90B4B0AEFC}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{6C432FFA-237A-43DC-B091-FD3B87C85CA8}C:\program files (x86)\pauli\pauli.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pauli\pauli.exe | 
"UDP Query User{74D0AA88-7C3F-42EE-90E7-586E3D57BED4}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{7C9C71AC-E666-4824-8F03-68FA277AA84C}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{838FD01E-38DF-4B7D-8CFB-B17B3156F00C}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{84747098-1A93-4424-83E5-8323F2898E87}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{8B66CEB8-A3D7-44F3-AE93-E75C79ADBEA8}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{8D37ABBC-2A43-4DFE-8DDC-3C1124F0D457}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{9014F803-ACCB-4199-BD9D-C13D7DAD5A00}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe | 
"UDP Query User{A04E4A33-1C70-4A10-9C4B-0850135DC90E}C:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"UDP Query User{A2BD73F1-BA7E-4AD2-9978-068EBC58E791}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{A4C3B740-5EBE-4416-8EC3-EDED7B363E53}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{A67284D3-F13D-4A62-BC71-97A9E937B0C7}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | 
"UDP Query User{A8DB3CAF-770E-44E7-AAD4-A0995C0D7FC8}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{AEFC9F0C-02FC-4C9D-B6D8-F892B2F0091E}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{B31C6D9E-5617-4375-A34B-57D9007E4F49}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{BB37B8BF-C1E6-4601-8526-A4ABBB465D01}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{BE0D491D-3B92-4DFE-B6B0-AFF2098E19A9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{BE755FFC-FB0E-4E3A-8D7D-633B82D3FDFD}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{C506244A-0CF5-4956-9464-5E011A43CACA}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{C879CEB9-DAED-4D30-9A95-A7E4DD9151A3}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"UDP Query User{C8C67015-655F-46E3-B6B7-FF2FF8A680CA}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{CD0BBA81-0261-45E7-9F50-6891CC9E7600}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{D4836466-6D20-478E-8C35-E02D805A1FEF}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"UDP Query User{E05D53C2-A389-475D-8E21-22ADBC5185CA}C:\program files (x86)\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\recordingmanager.exe | 
"UDP Query User{E8D91FFC-A10F-4AFD-92D5-72227DD3FF03}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{EAFE839F-8BCE-4081-BF5F-D22A27264F78}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{ECB580CC-E392-4243-B402-7D0749174EE7}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{F587B5CE-A464-4BB1-B7A3-7575274057E8}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{F722E323-89B4-4B1B-8992-302A665C8663}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{F7A4372A-062C-4BA4-B5F4-44ED4D4E3516}C:\users\benoît\downloads\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\benoît\downloads\wow-dede-installer-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{53EAA030-4FE6-0B32-DD63-1DB9C02AA917}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8133D9DE-F412-4CFB-A359-5E3EE38A9A19}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBB09F04-CD3E-CDEC-F3C7-28046FD94657}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0B9F567A-A261-9D33-96A9-2F3ED15EF253}" = Catalyst Control Center Localization Danish
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1B1E9E78-17BC-330C-7457-EE02D4E446EB}" = Catalyst Control Center Localization Korean
"{1D4A0D1F-AAE6-17F6-3F36-62D354A60D8A}" = Catalyst Control Center Localization French
"{1E52A991-5CD6-C991-7A1C-C525A0ABC7C9}" = CCC Help Hungarian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{256E8498-F0A4-716E-1DE8-BFDEEB538E24}" = Catalyst Control Center Localization German
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B5AB43C-747C-EAE9-E13F-6F54EA4891DC}" = Catalyst Control Center Localization Polish
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A5E395C-9A26-6391-A0F4-BF7C5A1AC93F}" = Catalyst Control Center Localization Thai
"{3B262C61-9057-5E9D-A116-01CC95FA42F7}" = CCC Help Greek
"{3B79C31C-017E-330E-2F43-A4DAA30AE866}" = Catalyst Control Center Localization Russian
"{3CF26D05-B485-F5D7-55BB-630B3F79BD12}" = CCC Help Finnish
"{3E4A9B38-8CE5-BBA3-6B43-1894A8951115}" = Catalyst Control Center Graphics Previews Common
"{3E71F423-BF4B-5819-D4E1-97F637DDDE24}" = CCC Help Russian
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F233675-A6F7-603C-11EC-978C739E5816}" = Skins
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4214E948-8BDF-2C92-2D22-7F7E66328DD8}" = CCC Help Czech
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A22192C-9A13-335F-9B78-A98DA869DDBE}" = Catalyst Control Center Localization Norwegian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{505B3FE0-6FDD-F678-99D8-6FB0DA772EEA}" = Catalyst Control Center Localization Chinese Traditional
"{52B56D73-A4A6-BEBF-8020-3EB6069BB1DA}" = CCC Help German
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55D45808-2A62-2AB3-3007-F2B72C4F64C0}" = Catalyst Control Center Localization Hungarian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{65EF902A-353C-F427-B38F-F15E6ADA3A4A}" = CCC Help Polish
"{66791CBF-0EC8-6692-CF6C-9AB7B97EA1BB}" = CCC Help Turkish
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67409EEC-0910-CB45-0D10-4F87D6098F95}" = CCC Help Japanese
"{688EC4E0-5A7A-E115-7994-3E70AB076AD6}" = ccc-core-static
"{6C5781D8-1D61-34DA-210A-288D4EA288B3}" = CCC Help Chinese Standard
"{6D93B7BA-8C2B-F378-89A2-652B78614BF9}" = Catalyst Control Center Localization Italian
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7604A79D-245D-45BB-AFBB-975DE69FFF80}" = Digidesign M-Audio Keyboard Personality 8.0
"{76827A9C-175C-80D0-D4AF-7BAFC34898CF}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78706146-05DB-32C5-1AD7-4761441A345E}" = CCC Help Swedish
"{7880C3EC-BC24-DFF5-139B-E6F7FE67E14B}" = Catalyst Control Center Localization Spanish
"{7A88D6AF-5C96-065A-7CAE-6CE8FE2FBD08}" = Catalyst Control Center Localization Greek
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{80554058-0D76-AC77-9C32-A1B9B0450E1D}" = Catalyst Control Center Localization Czech
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1C2A13-FC30-739E-9446-73EA102370B5}" = Catalyst Control Center Core Implementation
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9160C033-28B2-3AC7-4B7B-8B25DE370CB7}" = Catalyst Control Center Localization Chinese Standard
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96FB7D0F-A1E7-7600-2D20-E1F67F1236C8}" = Catalyst Control Center Graphics Full Existing
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D7351FA-363A-EA0E-BC75-461A9A7B3BEF}" = Catalyst Control Center Localization Japanese
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A14B06FF-8534-4077-BF29-9D98631B2079}" = Patch 1.20 für Pauli Rezept-Katalog 3. Auflage
"{A3FB2596-0947-ACFA-D8CB-69D9718C4E59}" = CCC Help Thai
"{A5C02A59-A29F-C1B7-D4F5-F4918E52B7F6}" = CCC Help Chinese Traditional
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BA0E9A20-010C-45C4-9E9A-EC3EFB6A7F91}" = Pauli Rezept-Katalog 3. Auflage
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C792D09B-E005-8001-620C-89AD387376F8}" = CCC Help Danish
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC4F61E2-FA71-A7E3-1097-828154E72127}" = CCC Help Korean
"{CD5336D0-D366-F202-2F8C-7B5447458ECB}" = Catalyst Control Center Localization Finnish
"{CE0AD738-E5B4-8E5C-58B9-76C4B78DD5CA}" = CCC Help Italian
"{CECF842E-5A4B-9579-3A17-923C6C352065}" = Catalyst Control Center Graphics Previews Vista
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten
"{D82082EB-8CA7-2804-3AD2-AB85C54534E9}" = Catalyst Control Center Localization Dutch
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E1321911-8D73-AA22-9083-2B8FBD9C8CF0}" = CCC Help French
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{E23DD36D-44A3-8167-2E56-73E5DB8F06BE}" = CCC Help Dutch
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E447158D-1AAA-5406-2AF6-0F250BE05321}" = Catalyst Control Center Localization Portuguese
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E7F2FEA3-9C9D-CFCC-02F7-1442A7F370C3}" = CCC Help English
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9FD9E47-6614-9CF9-8205-D92959262C12}" = CCC Help Portuguese
"{EC337A47-4A6B-BC9C-E656-5D7C92657962}" = Catalyst Control Center Graphics Full New
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFA2328F-EE03-57D8-3EC0-A0F337BB21C9}" = CCC Help Norwegian
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE
"{FB2AE6E0-BBF6-6E36-6150-C24046CF4DF9}" = Catalyst Control Center Localization Turkish
"{FBBD5444-17D0-E955-2292-513E48091208}" = Catalyst Control Center Graphics Light
"{FD521AF1-AE27-4BAB-B042-D23403E19EA1}" = Catalyst Control Center Localization Swedish
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"7-Zip" = 7-Zip 9.20
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cities XL" = Cities XL
"DUNE Demo (x64)_is1" = DUNE Demo 1.4
"FinalTorrent_is1" = FinalTorrent 2011
"FishTales_is1" = Fish Tales ver 1.0
"FL Studio 10" = FL Studio 10
"Free Audio Converter_is1" = Free Audio Converter version 2.3.1.718
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"IL Download Manager" = IL Download Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"reFX Nexus 1.3.7_is1" = reFX Nexus 1.3.7
"reFX Nexus Demo_is1" = reFX Nexus Demo
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"StarCraft II" = StarCraft II
"SynapseHydra_is1" = Hydra VSTi/DXi v1.2 Demo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"yowindow" = YoWindow
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2223682528-2230970596-139122905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"eType" = eType
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.05.2013 14:43:10 | Computer Name = default-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 02.05.2013 15:16:12 | Computer Name = default-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2013 16:24:46 | Computer Name = default-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 02.05.2013 16:36:21 | Computer Name = default-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2013 16:37:38 | Computer Name = default-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16476, Zeitstempel 
0x5126ee6c, Ausnahmecode 0xc00002b4, Fehleroffset 0x00414e98,  Prozess-ID 0x548, Anwendungsstartzeit
 01ce4774ad9f7c98.
 
Error - 02.05.2013 16:55:09 | Computer Name = default-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2013 16:59:08 | Computer Name = default-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16476 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 96c  Anfangszeit: 01ce4777a2f3bcab  Zeitpunkt
 der Beendigung: 15
 
Error - 03.05.2013 05:14:15 | Computer Name = default-PC | Source = Windows Search Service | ID = 3030
Description = 
 
Error - 03.05.2013 05:15:35 | Computer Name = default-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2013 12:17:29 | Computer Name = default-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.05.2013 09:27:53 | Computer Name = default-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03.05.2013 10:37:45 | Computer Name = default-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03.05.2013 10:49:45 | Computer Name = default-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03.05.2013 11:57:53 | Computer Name = default-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "HP" aus.
 
Error - 03.05.2013 12:00:15 | Computer Name = default-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "HP" aus.
 
Error - 03.05.2013 12:03:40 | Computer Name = default-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "HP" aus.
 
Error - 03.05.2013 12:06:13 | Computer Name = default-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "HP" aus.
 
Error - 03.05.2013 12:06:13 | Computer Name = default-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "HP" aus.
 
Error - 03.05.2013 12:17:20 | Computer Name = default-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 03.05.2013 12:22:17 | Computer Name = default-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 03.05.2013, 20:00   #5
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

DRV - (PCD5SRVC{E2AF211B-86DA020A-05040000}) -- C:\PROGRA~2\PC-DOC~1\PCD5SRVC_x64.pkms (PC-Doctor, Inc.) 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () 
[2013.05.03 18:24:27 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job 
[2013.02.06 13:13:27 | 000,000,000 | -H-D | M] -- C:\Users\Nicolas\AppData\Roaming\B5B64C78 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\default\*.tmp
C:\Users\default\AppData\*.dll
C:\Users\default\AppData\*.exe
C:\Users\default\AppData\Local\Temp\*.exe
C:\Users\default\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

__________________
Mfg, t'john
Das TB unterstützen

Alt 03.05.2013, 20:50   #6
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



http://www.trojaner-board.de/134405-...ml#post1055882
__________________
--> Der weisse Bildschirm

Alt 03.05.2013, 21:38   #7
Alpha.1
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Schritt 1:

Habe den OTL laufen lassen. Nach kurzer Zeit hat das Programm nicht mehr reagiert. Folgender Log ist gemeldet worden:


Files\Folders moved on Reboot...
File\Folder C:\Users\default.default-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\74LOXTF2\NFgplm4,0Rc0PLDdb55oQbiNZlbocFg2oML33krTluZMdAHB9oEE1vHlBc449vbnfXI3Q321mBSnrnjUPFXJU-hySfTHA3owAP6eubGhuCdHCfZ5elJhnew9T8G6tBcFYWZzRChefrX0iQ&callback=google.LU[1].js not found!
File\Folder C:\Users\default.default-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3EV3906H\;var7=truetarget;var7=265;var7=16010;var7=16016;var7=16030;;sz=300x250;u=id=hGVm7fMqA1A3miP_FgUUUw_7=154,truetarget,265,160 10,16016,16030__;ord=5400274250708601[1].gif not found!
File\Folder C:\Users\default.default-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3EV3906H\LDYoIWcfVXxvZu9XwJ55OX7Ag,0Rc0PLDdb55oQbiNZlbocFg2oML33krTluZMdAHB9oEE1vHlBc449vbnfXI3Q321mBSnrnjUPFXJU-hySfTHA3owAP6eubGhuCdHCfZ5elJhnew9T8G6tBcFYWZzRChefrX0iQ[1].gif not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 04.05.2013, 08:38   #8
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Neustarten, Fix nochmal versuchen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.05.2013, 13:04   #9
Alpha.1
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Hmmm... Ich erhalte jetzt zum zweiten Mal die Meldung das OTL ein Problem verursacht. Ich musste nach etwa zwei Stunden das Programm schliessen.

Alt 04.05.2013, 13:32   #10
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



OK, ab Schritt 2 weitermachen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.05.2013, 21:21   #11
Alpha.1
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Schritt 2:


Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.04.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
default :: DEFAULT-PC [administrator]

04.05.2013 21:20:00
mbar-log-2013-05-04 (21-20-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 42120
Time elapsed: 5 hour(s), 56 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
c:\Users\Nicolas\AppData\Local\Temp\1834056.exe (Trojan.Ransom.RRE) -> Delete on reboot.
c:\Users\Nicolas\AppData\Local\Temp\exp145A.tmp (Trojan.FkMplayer) -> Delete on reboot.
c:\Users\Nicolas\AppData\Local\Temp\exp58BA.tmp (Spyware.Zbot.ED) -> Delete on reboot.
c:\Users\Nicolas\AppData\Local\Temp\exp6872.tmp (Trojan.FkMplayer) -> Delete on reboot.
c:\Users\Nicolas\AppData\Local\Temp\exp711.tmp (Spyware.Zeus) -> Delete on reboot.
c:\Users\Nicolas\AppData\Local\Temp\expB615.tmp (Trojan.FkMplayer) -> Delete on reboot.

(end)

Alt 05.05.2013, 08:26   #12
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Gut, Schritt 3 noch!
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.05.2013, 13:31   #13
Alpha.1
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Und schliesslich Schritt drei:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 05/05/2013 um 14:21:18 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : default - DEFAULT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\default.default-PC\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Free Offers from Freeze.com
Gelöscht mit Neustart : C:\Program Files (x86)\Yontoo Layers Runtime
Gelöscht mit Neustart : C:\ProgramData\InstallMate
Gelöscht mit Neustart : C:\ProgramData\Premium
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [eType]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

*************************

AdwCleaner[S1].txt - [9259 octets] - [05/05/2013 14:21:18]

########## EOF - C:\AdwCleaner[S1].txt - [9319 octets] ##########
         
--- --- ---

Alt 05.05.2013, 14:04   #14
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.06.2013, 07:35   #15
t'john
/// Helfer-Team
 
Der weisse Bildschirm - Standard

Der weisse Bildschirm



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Der weisse Bildschirm
adware.yontoo, benutzer, bildschirm, einloggen, funktionier, interne, internet, kaspersky, plötzlich, pup.bundleinstaller.ib, pup.downloadnsave, pup.installbrain, scheiterte, schliessen, spyware.zbot.ed, spyware.zeus, troja, trojan.fkmplayer, trojan.ransom.rre, trojaner, versuche, weisse, windows



Ähnliche Themen: Der weisse Bildschirm


  1. Windows 7 Bildschirm bei hochfahren an / beim Einlog-Bildschirm kein Bild
    Alles rund um Windows - 23.08.2015 (1)
  2. weißer bildschirm, schwarzer bildschirm, maus laggs nach systemstart, mausbewegungen in boxen.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  3. BKA WIN7 nur mehr weisse Fläche
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (26)
  4. "Weißer Bildschirm Trojaner", Nach dem Windowsstart nur weißer Bildschirm!
    Log-Analyse und Auswertung - 01.09.2012 (1)
  5. Blauer Bildschirm beim booten von USB (Bekämpfung d."Weißer Bildschirm-please wait")
    Log-Analyse und Auswertung - 08.07.2012 (6)
  6. weisse Seite
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  7. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm "warten s
    Log-Analyse und Auswertung - 17.04.2012 (13)
  8. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm
    Log-Analyse und Auswertung - 15.04.2012 (1)
  9. weißer Bildschirm bitten warten Sie jetzt schwarzer Bildschirm
    Log-Analyse und Auswertung - 13.04.2012 (1)
  10. Achtung! aus Sicherheitsgründen wurde ihr Windowssystem blockiert (dunkler bildschirm) bildschirm
    Log-Analyse und Auswertung - 06.01.2012 (8)
  11. Weisse seite erscheint nach einer Suchangabe.
    Plagegeister aller Art und deren Bekämpfung - 21.09.2011 (3)
  12. Internet Explorer öffnet immer weisse seite
    Log-Analyse und Auswertung - 02.12.2008 (0)
  13. Problem...weisse Seite bei Mails. HJT Logfile ansehen
    Mülltonne - 23.08.2007 (3)
  14. TFT-Bildschirm
    Diskussionsforum - 05.08.2007 (5)
  15. "weisse Seiten" im IE?!?! was ist das?
    Plagegeister aller Art und deren Bekämpfung - 27.06.2007 (6)
  16. Bildschirm?
    Netzwerk und Hardware - 07.03.2004 (14)
  17. Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 06.10.2003 (9)

Zum Thema Der weisse Bildschirm - Guten Abend Heute Nachmittag habe ich im Internet gesurft. Plötzlich wurde der Bildschirm weiss und nichts mehr passierte. Anschliessen habe ich ihn Heruntergefahren. Nach mehreren Versuchen mich einzuloggen scheiterte ich. - Der weisse Bildschirm...
Archiv
Du betrachtest: Der weisse Bildschirm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.