Und wieder der 50€ Virus....

machete81 · 08.03.2012, 21:51

Hallo, entschuldige das ich so lange gebraucht habe, viel Arbeit momentan,spät zu Hause aber ich vermisse meinen Rechner und so hab ich mir jetzt die Zeit genommen.
Die ganzen Neustarts: Sollen die im abgesicherten Modus laufen?
Ich habe jetzt bei dem CC-Neustart und nach dem OTL-Fix beide Male den Rechner normal hochfahren lassen mit dem Ergebniss das das Problem weiter besteht, ich also über den Taskmanager herunter fahre, beim Neustart ständig ( ? ) F8 drücke und im abgesicherten Modus dann fortfahre.

Jetzt aber erstmal das OTL-Dokument nach Punkt 3 :

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\askcom.xml moved successfully.
C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\conduit.xml moved successfully.
C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\forestle-de.xml moved successfully.
C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\gmx-suche.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
C:\Users\Machete 81\AppData\Local\Skype\Skype.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\xmldm folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\UAs folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\kock folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\updates folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\logs\save folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\dht\net3 folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\devices folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\Machete 81\AppData\Roaming\Azureus folder moved successfully.
Folder C:\Users\Machete 81\AppData\Roaming\kock\ not found.
Folder C:\Users\Machete 81\AppData\Roaming\UAs\ not found.
Folder C:\Users\Machete 81\AppData\Roaming\xmldm\ not found.
C:\Windows\Tasks\{1A4C63F3-D99B-4E54-ABAE-B8C141A77285}.job moved successfully.
C:\Windows\Tasks\{8E7BED68-89BC-42D0-AC2B-7EAFA2401441}.job moved successfully.
C:\Windows\Tasks\{924E7366-90C2-4894-B792-BFEEDC25589F}.job moved successfully.
C:\Windows\Tasks\{991E9A86-84A9-4D5D-AEC3-B1A066CFB0CB}.job moved successfully.
========== REGISTRY ==========
Registry key Invalid\\"TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" \ not found.
Registry key Invalid\\"TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" \ not found.
Registry key Invalid\\"UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" \ not found.
Registry key Invalid\\"UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" \ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Machete 81\Desktop\cmd.bat deleted successfully.
C:\Users\Machete 81\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Machete 81
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 3312925 bytes
->Java cache emptied: 338413 bytes
->FireFox cache emptied: 45596268 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 720 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 943 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 47,00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Machete 81
->Java cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.34.0 log created on 03082012_213604

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Ok, ich kann gar nicht fortfahren, da ich nicht einmal etwas deinstallieren kann. Meldung: Windows Installer kann nicht zugegriffen werden....kann passieren wenn nicht richtig installiert....wenden sie sich an den Support.
????? Hilfe.....

kira · 09.03.2012, 09:05

also im normalen Modus mit dem PC zu Arbeiten nicht möglich?

das OTL kannst im abgesicherten Modus auch laufen lassen:
-> (drücke beim Hochfahren des Rechners [F8] solange, bis du eine Auswahlmöglichkeit hast, da "abgesicherten Modus " wählen)

erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

machete81 · 09.03.2012, 20:48

Nein, arbeiten im normalen Modus nicht möglich. Auch das Kontextmenü um als Administrator auszuführen öffnet nicht.Hängt sich immer auf der Rechner, mach dann ne Abmeldung über Taskmanager ( was anderes geht auch nicht, immer Sanduhr,keine Reaktion) und starte OTL per Doppelklick.

OTL-File:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.03.2012 20:38:19 - Run 7
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,09% Memory free
4,23 Gb Paging File | 3,98 Gb Available in Paging File | 94,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 37,49 Gb Free Space | 12,36% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
PRC - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.04 18:50:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.03 17:24:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.01 00:37:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.09 11:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.24 14:21:07 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.24 14:21:06 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.07.04 18:50:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 18:50:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.25 08:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 13:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 15:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlyCamComm.sys -- (OlyCamComm)
DRV - [2009.09.04 13:16:14 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/29 19:27:57] [Kernel | Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009.06.28 15:35:04 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.06.28 15:35:03 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.04.01 18:38:54 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.11.08 04:36:39 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.09.17 22:17:36 | 000,098,816 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.01.23 13:36:46 | 000,299,776 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2007.01.23 13:25:30 | 000,207,872 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2007.01.23 13:25:14 | 000,011,904 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2006.10.24 14:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.10.24 14:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.10.20 05:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http:google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6e: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Machete 81\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 22:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 08:28:43 | 000,000,000 | ---D | M]
 
[2009.01.25 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions
[2011.11.05 17:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions
[2011.03.31 23:01:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.23 21:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.11 17:44:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.20 22:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.10 18:28:26 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.17 21:16:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 21:16:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 21:16:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 21:16:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.03.27 19:49:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4EBF793-506B-451D-9089-69550F5DD742}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg
O24 - Desktop BackupWallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.05 19:44:44 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe
[2012.03.02 21:59:56 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2012.03.02 00:34:50 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.01 18:51:21 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Apps
[2012.03.01 18:07:12 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.03.01 17:55:05 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.03.01 17:55:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.03.01 17:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.03.01 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.03.01 17:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.03.01 17:51:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.03.01 17:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIP ST
[2012.03.01 17:35:30 | 000,000,000 | ---D | C] -- C:\Vista Icon Pack ST
[2012.03.01 17:21:26 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Handykram
[2012.03.01 17:18:24 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\Downloads\Documents\Steuererkl
[2012.02.24 08:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.02.17 20:59:43 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.02.17 20:59:43 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.02.17 20:59:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.17 20:59:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.17 20:59:43 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.17 20:59:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.17 20:59:42 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.17 20:59:42 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.17 20:59:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.17 20:59:38 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.09 18:49:51 | 000,008,592 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2012.03.09 18:15:22 | 000,395,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.09 18:15:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.08 21:37:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 21:37:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 21:19:25 | 000,747,252 | ---- | M] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg
[2012.03.05 19:45:49 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.05 19:44:40 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe
[2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2012.03.02 16:02:24 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.02 16:02:22 | 000,000,080 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res
[2012.03.02 00:35:33 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.02 00:34:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.01 19:18:18 | 000,000,365 | ---- | M] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk
[2012.03.01 19:11:31 | 000,001,755 | ---- | M] () -- C:\Users\Machete 81\Desktop\,,.lnk
[2012.03.01 19:05:09 | 000,001,274 | ---- | M] () -- C:\Users\Machete 81\Desktop\DL.lnk
[2012.03.01 18:58:10 | 000,001,251 | ---- | M] () -- C:\Users\Machete 81\Desktop\....lnk
[2012.03.01 18:56:41 | 000,001,246 | ---- | M] () -- C:\Users\Machete 81\Desktop\..lnk
[2012.03.01 17:43:35 | 000,001,243 | ---- | M] () -- C:\Users\Machete 81\Desktop\...lnk
[2012.02.28 20:15:31 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll
[2012.02.24 13:44:45 | 000,005,416 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.24 12:48:45 | 000,211,968 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.21 12:47:34 | 009,759,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.21 12:47:34 | 003,409,688 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.21 12:47:34 | 003,064,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.21 12:47:34 | 002,787,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.09 11:59:10 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.08 21:19:11 | 000,747,252 | ---- | C] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg
[2012.03.05 19:45:49 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.02 16:02:24 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.02 00:35:33 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.01 19:18:18 | 000,000,365 | ---- | C] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk
[2012.03.01 19:11:31 | 000,001,755 | ---- | C] () -- C:\Users\Machete 81\Desktop\,,.lnk
[2012.03.01 17:54:51 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.02.28 20:15:31 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll
[2012.02.24 13:44:45 | 000,005,416 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.24 08:29:58 | 000,000,080 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res
[2012.02.24 08:20:03 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.02.24 08:20:03 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.02.24 08:20:03 | 000,001,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.08.31 20:56:42 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2011.08.31 20:56:39 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2011.07.17 13:10:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5C9A236D9A.sys
[2011.07.17 13:10:39 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.03.25 15:30:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.03.25 15:30:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.03.25 15:30:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.03.25 15:30:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.03.25 15:30:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.21 00:29:26 | 000,000,760 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss
[2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2010.04.23 22:23:47 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
 
========== LOP Check ==========
 
[2008.10.19 00:51:33 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ankh - Heart of Osiris
[2008.03.13 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Audacity
[2011.04.10 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\BITS
[2008.11.29 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DAEMON Tools Pro
[2011.10.15 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoft
[2011.03.31 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.19 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\elsterformular
[2011.04.10 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Foxit
[2010.03.20 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Free Audio Editor
[2010.04.26 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\FreeFLVConverter
[2011.05.28 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\go
[2011.02.10 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\gtk-2.0
[2010.10.16 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Leadertech
[2011.07.31 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\MAGIX
[2010.03.20 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\NCH Swift Sound
[2010.10.24 02:05:49 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\OpenOffice.org
[2009.02.25 02:33:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\PeerNetworking
[2011.01.23 01:59:00 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\ProtectDisc
[2010.07.10 03:08:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\SparweltGutschein
[2008.12.15 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Template
[2012.03.01 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TuneUp Software
[2010.03.22 16:38:34 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009.06.28 15:37:56 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ubisoft
[2010.07.04 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\VoozieMaker
[2010.09.12 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Xilisoft
[2010.12.11 20:29:03 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_202902_0886.job
[2010.12.11 23:33:36 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_233336_0744.job
[2010.10.27 01:38:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2008.03.22 22:46:17 | 000,307,910 | ---- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr
[2008.03.18 21:10:04 | 000,307,910 | ---- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr

< End of report >

--- --- ---

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 09.03.2012 20:38:19 - Run 7
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,09% Memory free
4,23 Gb Paging File | 3,98 Gb Available in Paging File | 94,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 37,49 Gb Free Space | 12,36% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"D:\FlashGet universal\FlashGet.exe" = D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"D:\FlashGet universal\LiveUpdate.exe" = D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"D:\FlashGet universal\LiveUpdateEx.exe" = D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B97D4C3-D840-452A-8C63-47E2F8E6EDF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F2FD710-DA98-4C93-BD76-804A97FE498C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{102D1E55-E56E-43CE-B9AF-CB9771FA3B15}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1BD9E6B7-5A2D-456D-9C04-3C4FB9E71BFB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1C7829E9-1585-4B6F-9B52-4B76E50B375D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1DDCDABD-1B6B-42C2-8D00-8929C3749389}" = rport=139 | protocol=6 | dir=out | app=system | 
"{213CC10A-5CF9-4BD3-99DB-FDE5773EA072}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{22F2CDB8-24E6-4073-95FB-629CACB4537C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CB57AED-0F96-47DE-8F80-10590A3BA0C5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4546667E-1244-4C38-8FE3-DC67A589C99F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{59ABE83B-24B7-4870-A703-BAAD94500984}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61D74005-F7E4-447F-872D-F051806DF0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64567F94-2ADE-46ED-8712-7F4E822FA0A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66CA1113-5FF9-4773-8C8B-03CD584ACB9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6940F09E-DEF1-4AF3-9B9C-1F65CEC785C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{752469A8-B52F-45BF-825A-25A3E91ECD5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{806CF8E1-45E2-419F-81DB-590A77431C7B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{96ED15EE-4291-4895-B5A9-5E287BD44256}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{99DA131A-3CA5-4431-91DF-272FA55ECA26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9CFC36EA-B43B-461F-BB97-8B077AD0C21A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A592195F-3853-447D-97CC-04A56390286F}" = lport=3074 | protocol=6 | dir=in | name=xbox | 
"{B284701C-DA75-46EA-9F4D-89525C5BED8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B789B512-15D7-4935-89C4-203C1AB66F38}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BECC43A2-56E1-434F-B815-3142EB394004}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3F12391-F406-4FC8-8EDA-8F658822B581}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D3F7E48D-01C6-4D2E-B9CF-DE67514692FF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E2A96DAB-A929-41D4-B053-78CAD86D5545}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F010680A-11D9-4480-82F0-B25ABC5A8CFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045D0F5B-F82F-4C2B-8EE5-D0FC4084D816}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04758101-B3F9-4BDD-8D3D-841C2660EAC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0614E0E1-FEE1-47BC-A2AB-A414B31C8CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{08EBB26F-C52B-410E-A1C7-9448C23010C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B0863C0-3E55-43AF-B9A9-EB08A7C24A95}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B8E0619-FA84-43B0-91AA-2AE504CB7AA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1186921C-3036-41DF-80ED-965280E2C839}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12CC7ED6-2795-4C88-A8B8-156C4E37AE56}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{164E2CA5-7D20-48AD-B6F6-C6BDE354FEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{171BEE58-157F-4BE5-8394-64CEA8D020FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1A6D6D10-0DC6-49D1-B078-E31D50F1D222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{22390F94-5690-4028-B35D-2E5F94EC224A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24494E33-0BD3-4640-8425-29458F42BF85}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{259AEB18-A001-4329-8DD8-143ECBB5F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25EE09B7-B0BA-4875-92BE-B591083113C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2707859D-DD2D-40B1-A0BD-88AD1A9A867C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A57D064-CB30-4D98-8762-0A0162D2D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AC80058-DFA8-4D35-85A3-64496D2883E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C18CB93-96A5-4031-ABCC-7933FFA8DBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C236274-B307-4EEA-8165-1431A5EECE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D18454C-00DA-4B46-BF34-7B8FAEAFD686}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{2E7F3BAF-EA97-4CEC-813C-50EB064BC40C}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | 
"{3348DDC0-154D-4CFC-B753-8DFD9420C5C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33FFBAFD-40C1-423D-9E36-8A80B4976493}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34F7FEED-5A34-4169-B4A5-EB926551FAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3550F539-3454-4A03-80DF-91944DB8EA36}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36D34AAB-8F69-4E07-B7C7-96AC28EEC003}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37805A21-C448-4852-8E36-6A15283E00E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AFBFC11-A486-4E74-8EB6-1753624725F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3CD37345-D80C-4328-A79C-3ADE666A64E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44340A1D-975C-4BCF-AFF7-61E7274051FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{49F50F32-4D7D-4EDB-991E-A1BEC19CA342}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A5A2922-F660-44CB-ACCC-39261DCAD9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50802897-8042-4289-8690-6CF354C3F5C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{564709A0-BE91-4B7A-A0DC-497019E2FA10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58D3916A-7CF0-4A95-A2C0-007D818F548A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59EB79A6-2A57-4094-BD8F-5BB5606BA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B8CAEFF-B4CC-43E9-B771-6C2717A3A349}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C373DE3-A7AE-4A91-89CF-6A8A0D5E742C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E36D34D-A8D8-4186-ADA0-1E0E92C46921}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E55062F-9EEA-4895-821E-5F3B1C85D409}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{622D0098-FAB5-4C89-8380-9886B0479135}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | 
"{64342821-097D-451D-8FE1-D36F92355ABC}" = protocol=6 | dir=out | app=system | 
"{66B62E80-4858-4429-9997-2BF7EF8C3943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{67DE7D5E-DECB-44E2-ADBB-A9778177DE53}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{689B3037-F52B-4753-8953-4DBA398773C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D05A97F-4587-48A2-8E33-2CAFE9CEF4D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DDB2E27-94B9-46AC-9746-5ABF74698700}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6FD74FC8-F9CE-4E2D-8D76-04C00D43FBFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{724AE84B-6120-4F17-87D0-346620B7D3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{724B3A19-3FC8-4961-8DA5-EA578258A6F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72B8BA8B-1B16-49C9-9589-FC49C45CB16C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73E1AD91-065D-49D0-B93B-071B09CACF60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{74A43D91-388E-4C04-8110-7FC568BF6F86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7701D70D-6110-4988-80B3-DEF57F4DF188}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79BA966B-EDD1-418C-BED2-B911404ED313}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A8F9DC6-271A-40EB-B606-3A20E4C936C5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B333CE5-F9CD-4554-9068-E2618C44DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{816165EB-9D23-40BF-AEBF-6B5BE4ADA43F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{829C9A20-F460-41EA-8B76-874172D48B40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{86C28F8A-B72E-4D0D-A9AD-02B5B9A2D4E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{89835FAB-93B7-4D16-B2A2-4C7C34BEF9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{89CDAB74-35A9-40E1-9639-4D154CC3EF44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8CE352CB-B0C3-4697-9CCA-1B2D2C506425}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90DDB494-1316-47A4-B674-78E240A1A0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91264671-1AA1-4397-9928-E2695C6EBC2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{912BDF7B-9B2D-4F5F-AADE-29DC3A8A43C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{919AD030-5D4D-47BA-B633-40D7CF7DC9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{959B0F02-6C0D-476E-B069-CF6553DAB5E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9619A50B-FBC3-4B86-A7E3-EAA486C1A49C}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{96EA8C50-965E-4F9E-811E-CCE93888BFE4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{977C2266-ECF4-41CE-88E7-CBF72399B3B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DA55D1A-D2CE-4923-9E9E-FEECF0BA5868}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9EA4DBBB-DCD6-4337-B395-4B5B9146181A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{9F02B04C-A374-4C59-AA2A-8C4DF403E051}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F2181F6-D4DB-451C-8D30-33AE9A61B1FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FAAF4C3-7D39-46F4-A7D1-74AC420E174B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A875CC5B-8776-4708-8FAC-68F170F7709B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8DF47FD-846F-4A8F-AAA0-81CB672FE370}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A9792BCA-17AE-4D8F-815E-665317468A60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AFBE62D2-C76D-4CF7-8C0C-02EE2D66E256}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7D45E18-7C59-4178-9E01-727C1BFFD588}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9AE10E7-0A0B-4C13-B316-93D381A66D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB26BBF2-47BA-4576-93A4-54F8EB3DA3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDB1CC27-0714-48DF-A6BB-175A95BD0E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BDEDCEC1-5DE5-4A1F-A8A4-8C0357C62B00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF23A919-743A-43A6-8642-A72AE73CFD67}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{C05B72CC-B3DD-4CF3-80A7-F2E4A8CBAE48}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C296BA3C-1EE3-4D72-A210-E62D3952CD8C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{C997E58C-5FA3-41B6-AB7E-0F73335F2ACC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA51F6EC-9575-484C-BD94-6C44CECE4E2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D05B0F58-9962-403F-9EDC-1A0BAE70E12E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D45D9309-BDFF-4FF7-96C7-58C32B76EE72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D585D8E0-58C4-4BA5-84F4-4C6B8779EFC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6C09D8E-4DA8-42D8-9221-542CD4249FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE206CDD-C56C-4A3F-90D3-FFBF69968B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0F09885-846C-4E44-A823-9B4164D519EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E186E6A7-5033-49B3-A8DE-3E5F52726D27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E32F1C42-F82E-4C69-9ADE-149C019B8C2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4B3668E-F36F-41E1-A269-E00ADBFCFE71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6084C69-1CB9-4DC4-A28A-559AEEF639D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7FBBE6C-B169-44FA-B4F4-54A718EA3D59}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9BB054A-BAB3-4163-8352-57600A9C6094}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC34750E-92B7-4DE0-AE4D-46C72D9732FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECD7B9F7-4E23-464F-A0E0-EBA4AD58954B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFBD7BF4-CA20-41CB-A775-D28A4AE47559}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F06C3B19-80C2-4C9B-8924-2C0AD0801BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F18D825F-B77F-4F31-8F19-DA9BBC07DC0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1F8BA62-34C7-414E-A0E3-980DBFEA91D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6DA034C-68B5-4DE0-8A4C-2B39CA060864}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F799F199-77E0-49CB-9852-34BCEC001E18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F79EA545-83E7-46C0-87B4-222A4C02C58D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F7EA93F2-35BB-4D50-8AC2-2E9989C138CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8D47FFE-6313-4D13-9431-3F681B9A3CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F9DDBC7D-D5B8-4D58-A32A-698DD5F793CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FBC823D7-FBE3-4B44-8E06-84652CBEBF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC0B3799-7376-4710-A6F6-962BC9B2A260}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FF4D05AF-A441-412F-935F-2104EF42DD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{31355AF5-552F-451F-9CCF-2240EF6DD52C}D:\flashget universal\flashget.exe" = protocol=6 | dir=in | app=d:\flashget universal\flashget.exe | 
"TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{6B4AF642-7806-4DE8-96F1-A1C0C68D229D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe | 
"TCP Query User{95E06D6A-8AFB-4D16-9F63-3612DCEBB306}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E9EAFED8-F8D1-4ADE-ACAA-42E83970FE00}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{F1E9E252-55BE-4CA5-B4A0-53F046966A74}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{F538F40B-DB74-431C-BCA7-20B09C37F5C9}C:\users\machete 81\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | 
"TCP Query User{F995EF0B-823D-4884-B55C-2D728FA2C354}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{1D2DAE66-2704-4EED-8E98-4691A7D0F6FC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{238501B8-F605-44F2-A2BD-B8C70325870E}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe | 
"UDP Query User{25FDB9A4-81A6-4F33-B348-87EFDC1E6EE3}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{53165DFE-4380-4B54-A753-E6186DB0849D}D:\flashget universal\flashget.exe" = protocol=17 | dir=in | app=d:\flashget universal\flashget.exe | 
"UDP Query User{5650E075-E8AB-46F1-B5D3-0B58559FCD60}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{D67B791C-459C-44D6-A69A-4BDEEF56FF3F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{E9048B17-641B-4DCA-B5F7-503864F0252F}C:\users\machete 81\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ 
"{761B4ADA-254C-461F-A446-A167E41FA6DD}" = Foxit PDF IFilter
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7FA32C2E-E218-4A04-966D-DECCB0B9C81E}" = MAGIX Speed 2 (MSI)
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{815D1E58-17F7-4DF4-BF8E-59D2EE575FCA}" = MAGIX Video deluxe 16 Plus Sonderedition
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31C9A68-7F07-4B96-AC58-F71D5DF3DA89}" = MAGIX Screenshare
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.35
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"FlashGet 2.0" = FlashGet 2.0
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Audio Editor" = Free Audio Editor
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ 
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"MAGIX_MSI_Videodeluxe16_plus" = MAGIX Video deluxe 16 Plus Sonderedition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"Vista Icon Pack ST_is1" = Vista Icon Pack ST
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Voozie Maker" = Voozie Maker
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Xilisoft Video Converter" = Xilisoft Video Converter 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Move Media Player" = Move Media Player
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.07.2010 18:44:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.07.2010 18:45:01 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.07.2010 17:11:06 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.07.2010 17:11:06 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.07.2010 03:38:53 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.07.2010 03:38:53 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 21.03.2010 18:47:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.04.2010 20:33:37 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.06.2010 10:55:04 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 19.08.2010 17:05:19 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.10.2010 21:44:15 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/14/2010 03:44:15
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 22.10.2010 20:31:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.10.2010 19:56:49 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 05.11.2010 15:28:56 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/05/2010 20:28:56
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 28.11.2010 13:51:21 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 01.05.2011 15:09:17 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 08.03.2012 16:44:32 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.03.2012 16:54:06 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.03.2012 13:15:43 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.03.2012 13:15:52 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.03.2012 13:15:53 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.03.2012 13:15:57 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.03.2012 13:15:59 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.03.2012 13:16:21 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.03.2012 13:16:21 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.03.2012 13:16:21 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

Mfg

kira · 10.03.2012, 07:28

kannst Du mir über diese Dateien Info geben? Hast Du Veränderungen an diesem Text vorgenommen bzw Dateiname durch "...." erstezt?

Zitat:

[2012.03.01 19:18:18 | 000,000,365 | ---- | M] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk
[2012.03.01 19:11:31 | 000,001,755 | ---- | M] () -- C:\Users\Machete 81\Desktop\,,.lnk
[2012.03.01 19:05:09 | 000,001,274 | ---- | M] () -- C:\Users\Machete 81\Desktop\DL.lnk
[2012.03.01 18:58:10 | 000,001,251 | ---- | M] () -- C:\Users\Machete 81\Desktop\....lnk
[2012.03.01 18:56:41 | 000,001,246 | ---- | M] () -- C:\Users\Machete 81\Desktop\..lnk
[2012.03.01 17:43:35 | 000,001,243 | ---- | M] () -- C:\Users\Machete 81\Desktop\...lnk
[2012.02.28 20:15:31 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll
[2012.02.24 13:44:45 | 000,005,416 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.24 08:29:58 | 000,000,080 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res

→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - nklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren::
→ Tipps für die Suche nach Dateien

Code:

ATTFilter

C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll

→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:

Code:

ATTFilter

Datei  File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
    
VT Community

goodware/badware
 Safety score: 100.0% 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.22.00    2010.10.21    -
AntiVir    7.10.13.15    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.22    -
Authentium    5.2.0.5    2010.10.22    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
usw........

...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!

Zitat:

Falls die Datei nicht auffindbar:-> System-Dateien und -Ordner unter Windows sichtbar machen

machete81 · 10.03.2012, 12:52

also die .lnk-Dateien sind ja Verknüpfungen und da habe ich die Namen auf dem Desktop geändert, ich hatte vorher ( bevor das Drama losging ) mir ein Vista-IconPack heruntergeladen.Hatte ein paar Icons und Namen verändert.

machete81 · 10.03.2012, 13:08

Du hast geschrieben:
"das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)"
Dazu die Frage wo "da reinkopieren" gemeint ist?Bei VirusTotal reinkopieren?

Über Virustotal öffne ich die Datei :" C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll " aus dem Ordner, aber wie kopiere ich Dateigröße und Name, MD5 und SHA1 ??
Und einen "Sende die Datei" finde ich bei Virustotal nicht?
Ich habe auf "Scan it" gedrückt und keine Logfile erhalten oder wo finde ich die? Hab dann auf Reanalyse geklickt und jetzt irgendwie mal alles kopiert was der ausgespuckt hat.

Code:

ATTFilter

SHA256: 	aa0a8d34d3721d31429186e842099d378290f8c6bccb6a5ae1859c868cef0937
SHA1: 	acf4d9fbbd8c79b5da7d91ecdb49743693a1ddc9
MD5: 	83cb5caac3c97efc702db47ccb82f31b
File size: 	5.4 KB ( 5528 bytes )
File name: 	BAcroIEHelpe080.dll
File type: 	Win32 DLL
Detection ratio: 	4 / 43
Analysis date: 	2012-03-10 12:03:42 UTC ( 3 Minuten ago )
0
1
Antivirus 	Result 	Update
AhnLab-V3 	- 	20120309
AntiVir 	- 	20120309
Antiy-AVL 	- 	20120310
Avast 	Win32:Agent-AOFF [Trj] 	20120309
AVG 	- 	20120310
BitDefender 	- 	20120310
ByteHero 	- 	20120309
CAT-QuickHeal 	- 	20120310
ClamAV 	- 	20120309
Commtouch 	- 	20120310
Comodo 	- 	20120310
DrWeb 	- 	20120310
Emsisoft 	Trojan.Win32.Agent!IK 	20120310
eSafe 	- 	20120308
eTrust-Vet 	- 	20120310
F-Prot 	- 	20120310
F-Secure 	- 	20120310
Fortinet 	- 	20120310
GData 	Win32:Agent-AOFF 	20120310
Ikarus 	Trojan.Win32.Agent 	20120310
Jiangmin 	- 	20120301
K7AntiVirus 	- 	20120309
Kaspersky 	- 	20120310
McAfee 	- 	20120308
McAfee-GW-Edition 	- 	20120310
Microsoft 	- 	20120310
NOD32 	- 	20120310
Norman 	- 	20120309
nProtect 	- 	20120310
Panda 	- 	20120310
PCTools 	- 	20120310
Prevx 	- 	20120310
Rising 	- 	20120309
Sophos 	- 	20120310
SUPERAntiSpyware 	- 	20120308
Symantec 	- 	20120310
TheHacker 	- 	20120309
TrendMicro 	- 	20120309
TrendMicro-HouseCall 	- 	20120310
VBA32 	- 	20120307
VIPRE 	- 	20120310
ViRobot 	- 	20120310
VirusBuster 	- 	20120309

    Comments
    Additional information

ssdeep
48:yaCoWHpadMvN+xYs9n0cKsBZqCyAXkTgNxHr2360MnanaWmwQOXjTYq:2+dMQxnbjqChUTyHr21MnanaW5jTY
TrID
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ExifTool

MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2012:02:27 09:44:53+01:00
FileType.................: Win32 DLL
PEType...................: PE32
CodeSize.................: 1024
LinkerVersion............: 5.12
EntryPoint...............: 0x1000
InitializedDataSize......: 3072
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
UninitializedDataSize....: 0

Portable Executable structural information

PE Sections...................:

Name        Virtual Address  Virtual Size  Raw Size  Entropy  MD5
.text                  4096           834      1024     5.24  4921302b047da473a10dbbfc5347da68
.rdata                 8192           537      1024     2.58  d536aef567291ab00218c0e68677337e
.data                 12288          1185       512     2.01  097edba434214dc1467a46eaa7506b69
.reloc                16384           112       512     1.41  882028edddc0a9be61e4094328980ac8

PE Imports....................:

advapi32.dll
	RegCloseKey

kernel32.dll
	GetModuleFileNameA, GetModuleHandleA, VirtualProtect, lstrcmpiA, lstrlenA

shlwapi.dll
	SHCopyKeyW

user32.dll
	SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx


PE Exports....................:

C, l, o, s, e, G, u, a, r, d, ,,  , S, e, t, G, u, a, r, d

First seen by VirusTotal
2012-02-27 13:29:25 UTC ( 1 Woche, 4 Tage ago )
Last seen by VirusTotal
2012-03-10 12:03:42 UTC ( 3 Minuten ago )
File names (max. 25)

    BAcroIEHelpe080.dll
    BAcroIEHelpe080.dll
    C:\Users\sys_baltru\Desktop\Virusverdacht\BAcroIEHelpe.dll
    BAcroIEHelpe.dll
    BAcroIEHelpe.dll
    BAcroIEHelpe.dll
    file-3603090_dll
    BAcroIEHelpe079.dll
    8903B96E987B8B1F15C4006A13EF050086200C46.dll

kira · 10.03.2012, 13:54

passt so, hast Du richtig gemacht

1.
Datei-Kontrolle
Mach bitte einen Rechtsklick auf die im folgenden genannten Dateien (mit der Maus), schau dir an, was unter Eigenschaften steht, kopiere diese Angaben (Datei Version, Beschreibung der Datei, Copyright bei wem? FirmenName) hier in deinen Thread von diesen Anwendungen:

Code:

ATTFilter

C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll

2.
die Schritte 7. und 8. fehlen noch:-> http://www.trojaner-board.de/110718-...tml#post786270

machete81 · 10.03.2012, 14:11

Hallo, danke.
Alle Infos die ich unter Eigenschaften finden konnte ( Kontextmenü hakt noch immer...

)

Code:

ATTFilter

Dateityp: Programmbibliothek (.dll)
Öffnen mit: Unbekannte Anwendung
Ort : C:\Users\Machete 81\AppData\Roaming
Größe :5,39 KB (5.528 Bytes)

auf Daten-
träger        :8,00 KB (8.192 Bytes)  

Erstellt :   Dienstag, ‎28. ‎Februar ‎2012, ‏‎20:15:31
Geändert : Dienstag, ‎28. ‎Februar ‎2012, ‏‎20:15:31
Letzt.zugriff : Dienstag, ‎28. ‎Februar ‎2012, ‏‎20:15:31

Digitale Signaturen:
Name: Acer
Email: support@samsung.de

ok, mach dann jetzt mit Punkt 7 und 8 weiter....
Gruß...

Andi

machete81 · 10.03.2012, 15:58

GMER-Logfile

hä...keine Datei in der Zwischablage....ich mach den Scan nochmal, menno!!!

machete81 · 10.03.2012, 16:51

So, jetzt die GMER-Logfie....

[code]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-10 16:45:06
Windows 6.0.6002 Service Pack 2 
Running: z22uc1oi.exe; Driver: C:\Users\MACHET~1\AppData\Local\Temp\kwddiuoc.sys


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                         771343423
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                         285507792
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                         2
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                           
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                        C:\Spiele\Alcohol 120\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                        0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                     0xDA 0x07 0x92 0x42 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                            0xE1 0x25 0xD4 0x68 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                           
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                     0xA9 0xB7 0xA3 0x7F ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                           
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                        C:\Program Files\DAEMON Tools Pro\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                        1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                     0x7A 0xD2 0x8F 0x66 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                            0xB8 0xBD 0xEB 0xDC ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                             
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                       0x61 0x79 0xA1 0x52 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                       
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                            C:\Spiele\Alcohol 120\
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                            0
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                         0xDA 0x07 0x92 0x42 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                              
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                   0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                0xE1 0x25 0xD4 0x68 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                       
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                         0xA9 0xB7 0xA3 0x7F ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                       
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                            C:\Program Files\DAEMON Tools Pro\
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                            1
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                         0x7A 0xD2 0x8F 0x66 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                              
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                   0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                0xB8 0xBD 0xEB 0xDC ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                         
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                           0x61 0x79 0xA1 0x52 ...
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Spiele\SimCity\x2122 Societies\vcredist_x86.exe      1
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Spiele\SimCity\x2122 Societies\dotnetfx.exe          1
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Spiele\SimCity\x2122 Societies\PackageInstaller.exe  1

---- EOF - GMER 1.0.15 ----

--- --- ---

mbr-log

Code:

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD5000AAKS-07YGA0 rev.12.01C02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85D011F8]<< 
1 nt!IofCallDriver[0x82C7B11B] -> \Device\Harddisk0\DR0[0x85F658E0]
3 CLASSPNP[0x888AA8B3] -> nt!IofCallDriver[0x82C7B11B] -> [0x84841878]
5 acpi[0x887786BC] -> nt!IofCallDriver[0x82C7B11B] -> \Device\Ide\IdeDeviceP2T0L0-4[0x85D4A5A8]
\Driver\atapi[0x85DEEEE8] -> IRP_MJ_CREATE -> 0x85D011F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x85d011f8
user & kernel MBR OK 
Warning: possible MBR rootkit infection !

kira · 11.03.2012, 06:53

klingt nicht gut:

Zitat:

Warning: possible MBR rootkit infection !

um es ausschließen oder bestätigen, prüfen wir genauer:

1.
CD-Emulatoren mit DeFogger deaktivieren

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen.

Lade DeFogger herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

Es öffnet sich das Programm-Fenster des Tools.
Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
Klicke Ja, um fortzufahren.
Wenn die Nachricht 'Finished!' erscheint,
klicke OK.
DeFogger wird nun einen Reboot erfragen - klicke OK
Poste mir das defogger_disable.log hier in den Thread.

Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

2.
TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

machete81 · 13.03.2012, 22:03

Hallo, mal wieder!Hmm,schade das sich das nicht gut anhört...
Jedenfalls heute den Rechner hochgefahren und er läuft momentan im normalen Modus.
Ich werde die Emulatoren mit Defogger deinstallieren, weil anscheinend die Deinstallation über Windows Systemsteuerung nicht wirkt, die habe ich schon bestimmt vor 2 Jahren deinstalliert die Programme.

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:04 on 13/03/2012 (Machete 81)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

TDSS-Log:

Code:

ATTFilter

22:16:13.0689 4584	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
22:16:13.0811 4584	============================================================
22:16:13.0811 4584	Current date / time: 2012/03/13 22:16:13.0811
22:16:13.0811 4584	SystemInfo:
22:16:13.0812 4584	
22:16:13.0812 4584	OS Version: 6.0.6002 ServicePack: 2.0
22:16:13.0812 4584	Product type: Workstation
22:16:13.0812 4584	ComputerName: MACHETE81-PC
22:16:13.0812 4584	UserName: Machete 81
22:16:13.0812 4584	Windows directory: C:\Windows
22:16:13.0812 4584	System windows directory: C:\Windows
22:16:13.0812 4584	Processor architecture: Intel x86
22:16:13.0812 4584	Number of processors: 4
22:16:13.0812 4584	Page size: 0x1000
22:16:13.0812 4584	Boot type: Normal boot
22:16:13.0812 4584	============================================================
22:16:16.0155 4584	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:16:16.0157 4584	Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:16:16.0173 4584	\Device\Harddisk0\DR0:
22:16:16.0173 4584	MBR used
22:16:16.0173 4584	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x25EB1800
22:16:16.0173 4584	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800
22:16:16.0173 4584	\Device\Harddisk1\DR1:
22:16:16.0173 4584	MBR used
22:16:16.0174 4584	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
22:16:16.0502 4584	Initialize success
22:16:16.0502 4584	============================================================
22:16:18.0897 3852	============================================================
22:16:18.0897 3852	Scan started
22:16:18.0897 3852	Mode: Manual; 
22:16:18.0897 3852	============================================================
22:16:21.0999 3852	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
22:16:22.0001 3852	acedrv11 - ok
22:16:22.0231 3852	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:16:22.0234 3852	ACPI - ok
22:16:22.0321 3852	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:16:22.0324 3852	adp94xx - ok
22:16:22.0382 3852	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:16:22.0384 3852	adpahci - ok
22:16:22.0422 3852	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:16:22.0423 3852	adpu160m - ok
22:16:22.0468 3852	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:16:22.0470 3852	adpu320 - ok
22:16:22.0590 3852	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:16:22.0592 3852	AFD - ok
22:16:22.0663 3852	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:16:22.0664 3852	agp440 - ok
22:16:22.0826 3852	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:16:22.0827 3852	aic78xx - ok
22:16:23.0009 3852	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:16:23.0010 3852	aliide - ok
22:16:23.0030 3852	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:16:23.0030 3852	amdagp - ok
22:16:23.0046 3852	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:16:23.0047 3852	amdide - ok
22:16:23.0080 3852	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:16:23.0081 3852	AmdK7 - ok
22:16:23.0554 3852	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:16:23.0554 3852	AmdK8 - ok
22:16:23.0675 3852	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:16:23.0675 3852	arc - ok
22:16:23.0945 3852	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:16:23.0946 3852	arcsas - ok
22:16:24.0136 3852	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:24.0137 3852	AsyncMac - ok
22:16:24.0537 3852	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:16:24.0538 3852	atapi - ok
22:16:25.0110 3852	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
22:16:25.0112 3852	atksgt - ok
22:16:25.0193 3852	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:16:25.0193 3852	avgntflt - ok
22:16:25.0230 3852	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:16:25.0231 3852	avipbb - ok
22:16:25.0306 3852	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:16:25.0306 3852	Beep - ok
22:16:25.0347 3852	blbdrive - ok
22:16:25.0405 3852	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:16:25.0406 3852	bowser - ok
22:16:25.0459 3852	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:16:25.0459 3852	BrFiltLo - ok
22:16:25.0475 3852	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:16:25.0475 3852	BrFiltUp - ok
22:16:25.0525 3852	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:16:25.0526 3852	Brserid - ok
22:16:25.0544 3852	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:16:25.0545 3852	BrSerWdm - ok
22:16:25.0563 3852	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:16:25.0564 3852	BrUsbMdm - ok
22:16:25.0780 3852	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:16:25.0780 3852	BrUsbSer - ok
22:16:25.0796 3852	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:16:25.0797 3852	BTHMODEM - ok
22:16:26.0183 3852	catchme - ok
22:16:26.0221 3852	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:26.0222 3852	cdfs - ok
22:16:26.0268 3852	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:16:26.0269 3852	cdrom - ok
22:16:26.0534 3852	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
22:16:26.0535 3852	circlass - ok
22:16:26.0721 3852	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:16:26.0724 3852	CLFS - ok
22:16:27.0206 3852	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:16:27.0206 3852	cmdide - ok
22:16:27.0478 3852	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:16:27.0479 3852	Compbatt - ok
22:16:27.0628 3852	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:16:27.0628 3852	crcdisk - ok
22:16:27.0791 3852	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:16:27.0791 3852	Crusoe - ok
22:16:27.0874 3852	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:16:27.0875 3852	DfsC - ok
22:16:27.0952 3852	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:16:27.0953 3852	disk - ok
22:16:28.0028 3852	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:16:28.0028 3852	drmkaud - ok
22:16:29.0028 3852	DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:29.0033 3852	DXGKrnl - ok
22:16:29.0628 3852	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:16:29.0629 3852	E1G60 - ok
22:16:29.0759 3852	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:16:29.0760 3852	Ecache - ok
22:16:29.0827 3852	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:16:29.0829 3852	elxstor - ok
22:16:29.0892 3852	EraserUtilRebootDrv - ok
22:16:30.0324 3852	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:16:30.0366 3852	exfat - ok
22:16:30.0593 3852	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:16:30.0595 3852	fastfat - ok
22:16:30.0625 3852	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:16:30.0625 3852	fdc - ok
22:16:30.0744 3852	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:16:30.0744 3852	FileInfo - ok
22:16:30.0762 3852	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:16:30.0762 3852	Filetrace - ok
22:16:30.0913 3852	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:16:30.0913 3852	flpydisk - ok
22:16:30.0945 3852	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:16:30.0947 3852	FltMgr - ok
22:16:30.0991 3852	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:30.0992 3852	Fs_Rec - ok
22:16:31.0082 3852	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:16:31.0083 3852	gagp30kx - ok
22:16:31.0636 3852	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:16:31.0637 3852	GEARAspiWDM - ok
22:16:32.0093 3852	HCW88AUD        (b40c06b5438716366f2ca6239a741f39) C:\Windows\system32\drivers\hcw88aud.sys
22:16:32.0094 3852	HCW88AUD - ok
22:16:32.0146 3852	HCW88BDA        (6c85512c2b958b2d0e82814915390050) C:\Windows\system32\drivers\hcw88bda.sys
22:16:32.0148 3852	HCW88BDA - ok
22:16:32.0193 3852	HCW88TSE        (d1b38599f3678f536eb61406f4f0da6d) C:\Windows\system32\drivers\hcw88tse.sys
22:16:32.0195 3852	HCW88TSE - ok
22:16:32.0242 3852	HCW88TUNE       (36baa5ace16bb31e2b0bfaf551ac9786) C:\Windows\system32\drivers\hcw88tun.sys
22:16:32.0243 3852	HCW88TUNE - ok
22:16:32.0279 3852	hcw88vid        (2688cd88b87e0f5996ed4330e42d344a) C:\Windows\system32\drivers\hcw88vid.sys
22:16:32.0283 3852	hcw88vid - ok
22:16:32.0301 3852	HCW88XBAR       (462f10c8b88cddeb2fdaa47fa34793bb) C:\Windows\system32\drivers\HCW88BAR.sys
22:16:32.0302 3852	HCW88XBAR - ok
22:16:32.0665 3852	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:16:32.0667 3852	HdAudAddService - ok
22:16:32.0788 3852	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:16:32.0793 3852	HDAudBus - ok
22:16:32.0858 3852	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:16:32.0859 3852	HidBth - ok
22:16:32.0996 3852	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
22:16:32.0997 3852	HidIr - ok
22:16:33.0147 3852	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:33.0148 3852	HidUsb - ok
22:16:33.0307 3852	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:16:33.0308 3852	HpCISSs - ok
22:16:33.0843 3852	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:16:33.0846 3852	HTTP - ok
22:16:33.0928 3852	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:16:33.0928 3852	i2omp - ok
22:16:33.0989 3852	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:16:33.0990 3852	i8042prt - ok
22:16:34.0945 3852	iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
22:16:34.0947 3852	iaStor - ok
22:16:35.0299 3852	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:16:35.0301 3852	iaStorV - ok
22:16:35.0570 3852	IDSvix86        (78432a57d085328cf8baf125985425d2) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys
22:16:35.0572 3852	IDSvix86 - ok
22:16:35.0942 3852	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:16:35.0942 3852	iirsp - ok
22:16:36.0786 3852	IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
22:16:36.0801 3852	IntcAzAudAddService - ok
22:16:36.0840 3852	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:16:36.0841 3852	intelide - ok
22:16:36.0878 3852	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:16:36.0878 3852	intelppm - ok
22:16:36.0929 3852	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:36.0929 3852	IpFilterDriver - ok
22:16:36.0952 3852	IpInIp - ok
22:16:36.0975 3852	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:16:36.0976 3852	IPMIDRV - ok
22:16:36.0994 3852	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:16:36.0995 3852	IPNAT - ok
22:16:37.0041 3852	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:16:37.0041 3852	IRENUM - ok
22:16:37.0264 3852	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:16:37.0265 3852	isapnp - ok
22:16:37.0313 3852	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:16:37.0315 3852	iScsiPrt - ok
22:16:37.0612 3852	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:16:37.0613 3852	iteatapi - ok
22:16:37.0784 3852	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:16:37.0785 3852	iteraid - ok
22:16:37.0836 3852	JRAID           (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
22:16:37.0837 3852	JRAID - ok
22:16:38.0199 3852	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:38.0199 3852	kbdclass - ok
22:16:38.0336 3852	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:38.0337 3852	kbdhid - ok
22:16:38.0826 3852	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:16:38.0829 3852	KSecDD - ok
22:16:38.0918 3852	LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:16:38.0918 3852	LHidFilt - ok
22:16:38.0957 3852	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
22:16:38.0958 3852	lirsgt - ok
22:16:38.0985 3852	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:16:38.0985 3852	lltdio - ok
22:16:39.0265 3852	LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:16:39.0265 3852	LMouFilt - ok
22:16:39.0299 3852	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:16:39.0300 3852	LSI_FC - ok
22:16:39.0673 3852	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:16:39.0674 3852	LSI_SAS - ok
22:16:40.0515 3852	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:16:40.0516 3852	LSI_SCSI - ok
22:16:40.0769 3852	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:16:40.0770 3852	luafv - ok
22:16:40.0883 3852	MagicTune       (7acae9601b3eb413f8bf5c90a77a6848) C:\Windows\system32\drivers\MTiCtwl.sys
22:16:40.0883 3852	MagicTune - ok
22:16:40.0912 3852	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:16:40.0913 3852	megasas - ok
22:16:41.0117 3852	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:16:41.0117 3852	Modem - ok
22:16:41.0176 3852	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:16:41.0177 3852	monitor - ok
22:16:41.0431 3852	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:16:41.0432 3852	mouclass - ok
22:16:41.0564 3852	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:16:41.0565 3852	mouhid - ok
22:16:41.0649 3852	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:16:41.0650 3852	MountMgr - ok
22:16:42.0264 3852	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:16:42.0265 3852	mpio - ok
22:16:42.0551 3852	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:16:42.0552 3852	mpsdrv - ok
22:16:42.0929 3852	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:16:42.0930 3852	Mraid35x - ok
22:16:43.0061 3852	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:16:43.0062 3852	MRxDAV - ok
22:16:43.0186 3852	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:43.0186 3852	mrxsmb - ok
22:16:43.0281 3852	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:43.0283 3852	mrxsmb10 - ok
22:16:43.0314 3852	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:43.0315 3852	mrxsmb20 - ok
22:16:43.0449 3852	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:16:43.0450 3852	msahci - ok
22:16:43.0474 3852	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:16:43.0475 3852	msdsm - ok
22:16:43.0550 3852	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:16:43.0551 3852	Msfs - ok
22:16:43.0582 3852	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:16:43.0582 3852	msisadrv - ok
22:16:43.0613 3852	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:16:43.0613 3852	MSKSSRV - ok
22:16:43.0977 3852	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:43.0978 3852	MSPCLOCK - ok
22:16:44.0215 3852	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:16:44.0216 3852	MSPQM - ok
22:16:44.0242 3852	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:16:44.0244 3852	MsRPC - ok
22:16:44.0270 3852	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:44.0270 3852	mssmbios - ok
22:16:45.0275 3852	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:16:45.0275 3852	MSTEE - ok
22:16:45.0394 3852	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:16:45.0395 3852	Mup - ok
22:16:45.0460 3852	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:16:45.0462 3852	NativeWifiP - ok
22:16:45.0579 3852	NCPro           (7acae9601b3eb413f8bf5c90a77a6848) C:\Windows\system32\drivers\MTictwl.sys
22:16:45.0580 3852	NCPro - ok
22:16:45.0705 3852	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:16:45.0709 3852	NDIS - ok
22:16:45.0766 3852	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:45.0766 3852	NdisTapi - ok
22:16:46.0210 3852	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:46.0211 3852	Ndisuio - ok
22:16:46.0361 3852	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:46.0363 3852	NdisWan - ok
22:16:46.0537 3852	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:16:46.0538 3852	NDProxy - ok
22:16:46.0569 3852	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:16:46.0570 3852	NetBIOS - ok
22:16:46.0579 3852	netbt - ok
22:16:46.0627 3852	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:16:46.0628 3852	nfrd960 - ok
22:16:46.0653 3852	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:16:46.0653 3852	Npfs - ok
22:16:47.0206 3852	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:16:47.0206 3852	nsiproxy - ok
22:16:47.0401 3852	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:16:47.0410 3852	Ntfs - ok
22:16:47.0505 3852	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:16:47.0505 3852	ntrigdigi - ok
22:16:47.0667 3852	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:16:47.0667 3852	Null - ok
22:16:49.0810 3852	nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:16:49.0872 3852	nvlddmkm - ok
22:16:50.0456 3852	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:16:50.0457 3852	nvraid - ok
22:16:50.0672 3852	nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
22:16:50.0673 3852	nvrd32 - ok
22:16:50.0727 3852	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:16:50.0728 3852	nvstor - ok
22:16:50.0761 3852	nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
22:16:50.0763 3852	nvstor32 - ok
22:16:52.0056 3852	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:16:52.0057 3852	nv_agp - ok
22:16:52.0281 3852	NwlnkFlt - ok
22:16:52.0357 3852	NwlnkFwd - ok
22:16:52.0451 3852	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:16:52.0452 3852	ohci1394 - ok
22:16:52.0758 3852	OlyCamComm      (f4cb9c1991314b1352ddbd8a968e4471) C:\Windows\system32\DRIVERS\OlyCamComm.sys
22:16:52.0759 3852	OlyCamComm - ok
22:16:52.0853 3852	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
22:16:52.0854 3852	Parport - ok
22:16:52.0929 3852	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:16:52.0930 3852	partmgr - ok
22:16:53.0039 3852	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
22:16:53.0039 3852	Parvdm - ok
22:16:53.0239 3852	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:16:53.0241 3852	pci - ok
22:16:53.0279 3852	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
22:16:53.0280 3852	pciide - ok
22:16:53.0391 3852	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:16:53.0393 3852	pcmcia - ok
22:16:54.0007 3852	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:16:54.0014 3852	PEAUTH - ok
22:16:54.0140 3852	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:16:54.0141 3852	PptpMiniport - ok
22:16:54.0312 3852	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:16:54.0312 3852	Processor - ok
22:16:54.0365 3852	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:16:54.0366 3852	PSched - ok
22:16:54.0413 3852	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:16:54.0420 3852	ql2300 - ok
22:16:54.0552 3852	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:16:54.0554 3852	ql40xx - ok
22:16:54.0589 3852	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:16:54.0589 3852	QWAVEdrv - ok
22:16:54.0898 3852	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:16:54.0899 3852	RasAcd - ok
22:16:55.0126 3852	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:55.0127 3852	Rasl2tp - ok
22:16:55.0215 3852	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:55.0216 3852	RasPppoe - ok
22:16:55.0278 3852	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:16:55.0278 3852	RasSstp - ok
22:16:55.0425 3852	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:16:55.0427 3852	rdbss - ok
22:16:55.0585 3852	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:55.0585 3852	RDPCDD - ok
22:16:56.0083 3852	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:16:56.0085 3852	rdpdr - ok
22:16:56.0258 3852	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:16:56.0259 3852	RDPENCDD - ok
22:16:56.0307 3852	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:16:56.0308 3852	RDPWD - ok
22:16:56.0553 3852	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:16:56.0554 3852	rspndr - ok
22:16:56.0593 3852	RTL8169         (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:16:56.0594 3852	RTL8169 - ok
22:16:56.0663 3852	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:16:56.0663 3852	SASDIFSV - ok
22:16:56.0736 3852	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:16:56.0737 3852	SASKUTIL - ok
22:16:56.0831 3852	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:16:56.0832 3852	sbp2port - ok
22:16:57.0108 3852	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:16:57.0109 3852	secdrv - ok
22:16:57.0295 3852	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
22:16:57.0295 3852	Serenum - ok
22:16:57.0735 3852	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
22:16:57.0736 3852	Serial - ok
22:16:58.0124 3852	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:16:58.0124 3852	sermouse - ok
22:16:58.0288 3852	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:16:58.0289 3852	sffdisk - ok
22:16:58.0305 3852	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:16:58.0306 3852	sffp_mmc - ok
22:16:58.0352 3852	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:16:58.0353 3852	sffp_sd - ok
22:16:59.0031 3852	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:16:59.0032 3852	sfloppy - ok
22:16:59.0221 3852	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:16:59.0222 3852	sisagp - ok
22:16:59.0449 3852	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:16:59.0450 3852	SiSRaid2 - ok
22:16:59.0474 3852	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:16:59.0474 3852	SiSRaid4 - ok
22:17:00.0018 3852	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:17:00.0019 3852	Smb - ok
22:17:00.0138 3852	SPBBCDrv - ok
22:17:00.0470 3852	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:17:00.0470 3852	spldr - ok
22:17:00.0531 3852	sptd            (0c1dad75274cb6e31f053ce3e08bf9c3) C:\Windows\System32\Drivers\sptd.sys
22:17:00.0537 3852	sptd - ok
22:17:00.0740 3852	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:17:00.0742 3852	srv - ok
22:17:00.0818 3852	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:17:00.0819 3852	srv2 - ok
22:17:01.0464 3852	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:01.0465 3852	srvnet - ok
22:17:01.0594 3852	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:17:01.0595 3852	ssmdrv - ok
22:17:01.0719 3852	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:17:01.0720 3852	swenum - ok
22:17:01.0820 3852	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:17:01.0820 3852	Symc8xx - ok
22:17:01.0919 3852	SymEvent        (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:17:01.0920 3852	SymEvent - ok
22:17:01.0955 3852	SYMREDRV        (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
22:17:01.0956 3852	SYMREDRV - ok
22:17:02.0032 3852	SYMTDI          (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
22:17:02.0034 3852	SYMTDI - ok
22:17:02.0164 3852	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:17:02.0165 3852	Sym_hi - ok
22:17:02.0188 3852	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:17:02.0189 3852	Sym_u3 - ok
22:17:02.0615 3852	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:17:02.0622 3852	Tcpip - ok
22:17:02.0718 3852	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:17:02.0725 3852	Tcpip6 - ok
22:17:03.0018 3852	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:17:03.0019 3852	tcpipreg - ok
22:17:03.0394 3852	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:17:03.0394 3852	TDPIPE - ok
22:17:03.0643 3852	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:17:03.0643 3852	TDTCP - ok
22:17:03.0681 3852	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:17:03.0682 3852	tdx - ok
22:17:04.0405 3852	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:17:04.0405 3852	TermDD - ok
22:17:04.0766 3852	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:17:04.0766 3852	tssecsrv - ok
22:17:05.0300 3852	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
22:17:05.0301 3852	TuneUpUtilitiesDrv - ok
22:17:05.0354 3852	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:17:05.0355 3852	tunmp - ok
22:17:05.0854 3852	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:17:05.0855 3852	tunnel - ok
22:17:05.0887 3852	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:17:05.0888 3852	uagp35 - ok
22:17:06.0477 3852	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:17:06.0480 3852	udfs - ok
22:17:06.0764 3852	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:17:06.0765 3852	uliagpkx - ok
22:17:07.0045 3852	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:17:07.0047 3852	uliahci - ok
22:17:07.0239 3852	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:17:07.0241 3852	UlSata - ok
22:17:07.0270 3852	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:17:07.0271 3852	ulsata2 - ok
22:17:07.0300 3852	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:17:07.0301 3852	umbus - ok
22:17:07.0370 3852	USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
22:17:07.0371 3852	USBAAPL - ok
22:17:07.0454 3852	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:17:07.0455 3852	usbaudio - ok
22:17:07.0916 3852	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:17:07.0917 3852	usbccgp - ok
22:17:08.0221 3852	usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
22:17:08.0222 3852	usbcir - ok
22:17:08.0316 3852	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:17:08.0317 3852	usbehci - ok
22:17:09.0073 3852	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:17:09.0075 3852	usbhub - ok
22:17:09.0307 3852	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:17:09.0308 3852	usbohci - ok
22:17:09.0709 3852	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:17:09.0710 3852	usbprint - ok
22:17:09.0797 3852	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:17:09.0798 3852	usbscan - ok
22:17:09.0920 3852	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:17:09.0921 3852	USBSTOR - ok
22:17:10.0265 3852	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:17:10.0266 3852	usbuhci - ok
22:17:10.0310 3852	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:17:10.0312 3852	usbvideo - ok
22:17:11.0105 3852	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:17:11.0106 3852	vga - ok
22:17:11.0169 3852	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:17:11.0170 3852	VgaSave - ok
22:17:11.0287 3852	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:17:11.0288 3852	viaagp - ok
22:17:11.0355 3852	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:17:11.0356 3852	ViaC7 - ok
22:17:11.0419 3852	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:17:11.0420 3852	viaide - ok
22:17:11.0743 3852	viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
22:17:11.0744 3852	viamraid - ok
22:17:11.0808 3852	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:17:11.0809 3852	volmgr - ok
22:17:12.0196 3852	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:17:12.0199 3852	volmgrx - ok
22:17:12.0418 3852	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:17:12.0420 3852	volsnap - ok
22:17:12.0484 3852	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:17:12.0486 3852	vsmraid - ok
22:17:13.0047 3852	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:17:13.0047 3852	WacomPen - ok
22:17:13.0364 3852	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:13.0365 3852	Wanarp - ok
22:17:13.0416 3852	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:13.0417 3852	Wanarpv6 - ok
22:17:13.0453 3852	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:17:13.0454 3852	Wd - ok
22:17:13.0893 3852	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:17:13.0896 3852	Wdf01000 - ok
22:17:14.0524 3852	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:17:14.0524 3852	WmiAcpi - ok
22:17:15.0106 3852	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:17:15.0107 3852	WpdUsb - ok
22:17:15.0148 3852	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:17:15.0149 3852	ws2ifsl - ok
22:17:15.0231 3852	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:17:15.0232 3852	WUDFRd - ok
22:17:15.0310 3852	{95808DC4-FA4A-4C74-92FE-5B863F82066B} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD\000.fcl
22:17:15.0311 3852	{95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
22:17:15.0335 3852	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:17:15.0434 3852	\Device\Harddisk0\DR0 - ok
22:17:15.0438 3852	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
22:17:15.0442 3852	\Device\Harddisk1\DR1 - ok
22:17:15.0539 3852	Boot (0x1200)   (5c588533e8bd3d0a441b9beddea6982d) \Device\Harddisk0\DR0\Partition0
22:17:15.0626 3852	\Device\Harddisk0\DR0\Partition0 - ok
22:17:15.0659 3852	Boot (0x1200)   (ac86878c6da1866eed2b8cebbb3a20d6) \Device\Harddisk0\DR0\Partition1
22:17:15.0751 3852	\Device\Harddisk0\DR0\Partition1 - ok
22:17:15.0755 3852	Boot (0x1200)   (5ae2f22fc5d7da33ac8fb8eb203b09d7) \Device\Harddisk1\DR1\Partition0
22:17:15.0757 3852	\Device\Harddisk1\DR1\Partition0 - ok
22:17:15.0757 3852	============================================================
22:17:15.0757 3852	Scan finished
22:17:15.0757 3852	============================================================
22:17:15.0766 3176	Detected object count: 0
22:17:15.0766 3176	Actual detected object count: 0
22:18:04.0597 4560	Deinitialize success

Sooo, fahre den Rechner jetzt wieder runter und freue mich auf Antwort...bis jetzt verhält sich alles ruhig

kira · 14.03.2012, 08:46

1.
ob ich schon mal gefragt...?:

Zitat:

Symantec Corporation - wird nicht (mehr) verwendet nehme ich an?

► Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software :
-> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software
► AV Deinstallations Hinweise

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

machete81 · 17.03.2012, 01:57

Hallo mal wieder. Erstmal guten Morgen oder so und ein schönes Wochenende.
Kurz mal ne Statusmeldung:

[code]

Arbeite im normalen Modus

AntiVir hat nach dem hochfahren diese Warnmeldung angezeigt, habe sie mit " x " geschlossen...(?!)

Code:

ATTFilter

In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Versuche jetzt " Magix Firebird SQL zu deinstallieren, die Java-Updates durchzuführen, Symantec zu deinstallieren

PS: Gerade kommt die Meldung im küzeren Abständen....

mache abschließend wieder den OTL-Scan und freue mich auf Antwort.Grüße in den sonnigen Süden.

machete81 · 17.03.2012, 04:24

OTL-Log

Code:

ATTFilter

OTL logfile created on: 17.03.2012 04:05:28 - Run 8
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,93% Memory free
4,24 Gb Paging File | 3,10 Gb Available in Paging File | 73,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 32,27 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.17 02:34:57 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
PRC - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.07.04 18:50:31 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.25 08:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.25 08:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.01 00:37:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2008.05.02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.17 03:01:10 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.03.17 03:01:10 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.08.24 14:26:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.08.24 14:26:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.04.05 10:40:32 | 000,443,488 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.07.04 18:50:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.03 17:24:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.01 00:37:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Unknown | Running] --  -- (SYMTDI)
DRV - File not found [Kernel | Unknown | Running] --  -- (SymEvent)
DRV - [2012.02.09 11:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.24 14:21:07 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.24 14:21:06 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.07.04 18:50:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 18:50:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.25 08:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 13:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 15:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlyCamComm.sys -- (OlyCamComm)
DRV - [2009.09.04 13:16:14 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/29 19:27:57] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009.06.28 15:35:04 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.06.28 15:35:03 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.04.01 18:38:54 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.09.17 22:17:36 | 000,098,816 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.01.23 13:36:46 | 000,299,776 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2007.01.23 13:25:30 | 000,207,872 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2007.01.23 13:25:14 | 000,011,904 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15015&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http:google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6e: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Machete 81\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 22:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 08:28:43 | 000,000,000 | ---D | M]
 
[2009.01.25 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions
[2011.11.05 17:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions
[2011.03.31 23:01:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.17 02:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.11 17:44:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.17 02:23:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.20 22:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.17 02:23:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.10 18:28:26 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.17 21:16:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 21:16:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 21:16:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 21:16:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.03.27 19:49:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4EBF793-506B-451D-9089-69550F5DD742}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg
O24 - Desktop BackupWallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.17 02:35:24 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\Desktop\TrojanerOdysee2012
[2012.03.17 02:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.17 02:23:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.17 02:23:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.17 02:23:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.17 02:22:14 | 017,205,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Machete 81\Desktop\jre-6u31-windows-i586-s.exe
[2012.03.17 01:48:52 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.17 01:48:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.17 01:48:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.17 01:48:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.17 01:48:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.17 01:48:50 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.13 22:14:38 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Machete 81\Desktop\TDSSKiller.exe
[2012.03.13 21:53:36 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.10 16:20:00 | 000,100,864 | ---- | C] (GMER) -- C:\kwddiuoc.sys
[2012.03.05 19:44:44 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe
[2012.03.02 21:59:56 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2012.03.02 00:34:50 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.01 18:51:21 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Apps
[2012.03.01 18:07:12 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.03.01 17:55:05 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.03.01 17:55:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.03.01 17:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.03.01 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.03.01 17:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.03.01 17:51:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.03.01 17:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIP ST
[2012.03.01 17:35:30 | 000,000,000 | ---D | C] -- C:\Vista Icon Pack ST
[2012.03.01 17:21:26 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Handykram
[2012.03.01 17:18:24 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\Downloads\Documents\Steuererkl
[2012.02.24 08:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.02.17 20:59:43 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.02.17 20:59:43 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.02.17 20:59:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.02.17 20:59:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.02.17 20:59:43 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.17 20:59:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.17 20:59:42 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.17 20:59:42 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.02.17 20:59:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 03:16:33 | 000,928,216 | ---- | M] () -- C:\Users\Machete 81\Desktop\Norton_Removal_Tool.exe
[2012.03.17 02:56:37 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 02:56:37 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 02:56:29 | 000,395,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.17 02:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 02:54:37 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.17 02:23:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.17 02:23:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.17 02:23:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.17 02:23:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.03.17 02:22:16 | 017,205,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Machete 81\Desktop\jre-6u31-windows-i586-s.exe
[2012.03.13 22:22:15 | 000,008,592 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2012.03.13 22:13:32 | 002,044,822 | ---- | M] () -- C:\Users\Machete 81\Desktop\tdsskiller.zip
[2012.03.13 22:04:59 | 000,000,020 | ---- | M] () -- C:\Users\Machete 81\defogger_reenable
[2012.03.13 22:03:26 | 000,050,477 | ---- | M] () -- C:\Users\Machete 81\Desktop\Defogger.exe
[2012.03.10 16:55:05 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.03.10 16:20:00 | 000,100,864 | ---- | M] (GMER) -- C:\kwddiuoc.sys
[2012.03.10 14:13:44 | 000,302,592 | ---- | M] () -- C:\Users\Machete 81\Desktop\z22uc1oi.exe
[2012.03.09 21:07:56 | 000,211,456 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Machete 81\Desktop\TDSSKiller.exe
[2012.03.08 21:19:25 | 000,747,252 | ---- | M] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg
[2012.03.05 19:45:49 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.05 19:44:40 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe
[2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2012.03.02 16:02:24 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.02 16:02:22 | 000,000,080 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res
[2012.03.02 00:35:33 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.02 00:34:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.01 19:18:18 | 000,000,365 | ---- | M] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk
[2012.03.01 19:11:31 | 000,001,755 | ---- | M] () -- C:\Users\Machete 81\Desktop\,,.lnk
[2012.03.01 19:05:09 | 000,001,274 | ---- | M] () -- C:\Users\Machete 81\Desktop\DL.lnk
[2012.03.01 18:58:10 | 000,001,251 | ---- | M] () -- C:\Users\Machete 81\Desktop\....lnk
[2012.03.01 18:56:41 | 000,001,246 | ---- | M] () -- C:\Users\Machete 81\Desktop\..lnk
[2012.03.01 17:43:35 | 000,001,243 | ---- | M] () -- C:\Users\Machete 81\Desktop\...lnk
[2012.02.28 20:15:31 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll
[2012.02.24 13:44:45 | 000,005,416 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.21 12:47:34 | 009,759,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.21 12:47:34 | 003,409,688 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.21 12:47:34 | 003,064,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.21 12:47:34 | 002,787,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.17 03:16:37 | 000,928,216 | ---- | C] () -- C:\Users\Machete 81\Desktop\Norton_Removal_Tool.exe
[2012.03.13 22:13:22 | 002,044,822 | ---- | C] () -- C:\Users\Machete 81\Desktop\tdsskiller.zip
[2012.03.13 22:04:30 | 000,000,020 | ---- | C] () -- C:\Users\Machete 81\defogger_reenable
[2012.03.13 22:03:31 | 000,050,477 | ---- | C] () -- C:\Users\Machete 81\Desktop\Defogger.exe
[2012.03.13 21:43:25 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.10 16:55:15 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.03.10 14:13:47 | 000,302,592 | ---- | C] () -- C:\Users\Machete 81\Desktop\z22uc1oi.exe
[2012.03.08 21:19:11 | 000,747,252 | ---- | C] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg
[2012.03.05 19:45:49 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.02 16:02:24 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.02 00:35:33 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.01 19:18:18 | 000,000,365 | ---- | C] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk
[2012.03.01 19:11:31 | 000,001,755 | ---- | C] () -- C:\Users\Machete 81\Desktop\,,.lnk
[2012.03.01 17:54:51 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.02.28 20:15:31 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll
[2012.02.24 13:44:45 | 000,005,416 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.24 08:29:58 | 000,000,080 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res
[2012.02.24 08:20:03 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.02.24 08:20:03 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.02.24 08:20:03 | 000,001,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.08.31 20:56:42 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2011.08.31 20:56:39 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2011.07.17 13:10:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5C9A236D9A.sys
[2011.07.17 13:10:39 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.03.25 15:30:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.03.25 15:30:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.03.25 15:30:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.03.25 15:30:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.03.25 15:30:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.21 00:29:26 | 000,000,760 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss
[2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2010.04.23 22:23:47 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
 
========== LOP Check ==========
 
[2008.10.19 00:51:33 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ankh - Heart of Osiris
[2008.03.13 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Audacity
[2011.04.10 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\BITS
[2008.11.29 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DAEMON Tools Pro
[2011.10.15 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoft
[2011.03.31 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.19 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\elsterformular
[2011.04.10 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Foxit
[2010.03.20 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Free Audio Editor
[2010.04.26 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\FreeFLVConverter
[2011.05.28 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\go
[2011.02.10 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\gtk-2.0
[2010.10.16 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Leadertech
[2011.07.31 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\MAGIX
[2010.03.20 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\NCH Swift Sound
[2010.10.24 02:05:49 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\OpenOffice.org
[2009.02.25 02:33:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\PeerNetworking
[2011.01.23 01:59:00 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\ProtectDisc
[2010.07.10 03:08:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\SparweltGutschein
[2008.12.15 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Template
[2012.03.01 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TuneUp Software
[2010.03.22 16:38:34 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009.06.28 15:37:56 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ubisoft
[2010.07.04 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\VoozieMaker
[2010.09.12 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Xilisoft
[2010.12.11 20:29:03 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_202902_0886.job
[2010.12.11 23:33:36 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_233336_0744.job
[2010.10.27 01:38:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2008.03.22 22:46:17 | 000,307,910 | ---- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr
[2008.03.18 21:10:04 | 000,307,910 | ---- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr

< End of report >

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 17.03.2012 04:05:28 - Run 8
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,93% Memory free
4,24 Gb Paging File | 3,10 Gb Available in Paging File | 73,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 32,27 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"D:\FlashGet universal\FlashGet.exe" = D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"D:\FlashGet universal\LiveUpdate.exe" = D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"D:\FlashGet universal\LiveUpdateEx.exe" = D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B97D4C3-D840-452A-8C63-47E2F8E6EDF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F2FD710-DA98-4C93-BD76-804A97FE498C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{102D1E55-E56E-43CE-B9AF-CB9771FA3B15}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1BD9E6B7-5A2D-456D-9C04-3C4FB9E71BFB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1C7829E9-1585-4B6F-9B52-4B76E50B375D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1DDCDABD-1B6B-42C2-8D00-8929C3749389}" = rport=139 | protocol=6 | dir=out | app=system | 
"{213CC10A-5CF9-4BD3-99DB-FDE5773EA072}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{22F2CDB8-24E6-4073-95FB-629CACB4537C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CB57AED-0F96-47DE-8F80-10590A3BA0C5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4546667E-1244-4C38-8FE3-DC67A589C99F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{59ABE83B-24B7-4870-A703-BAAD94500984}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61D74005-F7E4-447F-872D-F051806DF0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64567F94-2ADE-46ED-8712-7F4E822FA0A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66CA1113-5FF9-4773-8C8B-03CD584ACB9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6940F09E-DEF1-4AF3-9B9C-1F65CEC785C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{752469A8-B52F-45BF-825A-25A3E91ECD5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{806CF8E1-45E2-419F-81DB-590A77431C7B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{96ED15EE-4291-4895-B5A9-5E287BD44256}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{99DA131A-3CA5-4431-91DF-272FA55ECA26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9CFC36EA-B43B-461F-BB97-8B077AD0C21A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A592195F-3853-447D-97CC-04A56390286F}" = lport=3074 | protocol=6 | dir=in | name=xbox | 
"{B284701C-DA75-46EA-9F4D-89525C5BED8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B789B512-15D7-4935-89C4-203C1AB66F38}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BECC43A2-56E1-434F-B815-3142EB394004}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3F12391-F406-4FC8-8EDA-8F658822B581}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D3F7E48D-01C6-4D2E-B9CF-DE67514692FF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E2A96DAB-A929-41D4-B053-78CAD86D5545}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F010680A-11D9-4480-82F0-B25ABC5A8CFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045D0F5B-F82F-4C2B-8EE5-D0FC4084D816}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04758101-B3F9-4BDD-8D3D-841C2660EAC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0614E0E1-FEE1-47BC-A2AB-A414B31C8CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{08EBB26F-C52B-410E-A1C7-9448C23010C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B0863C0-3E55-43AF-B9A9-EB08A7C24A95}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B8E0619-FA84-43B0-91AA-2AE504CB7AA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1186921C-3036-41DF-80ED-965280E2C839}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12CC7ED6-2795-4C88-A8B8-156C4E37AE56}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{164E2CA5-7D20-48AD-B6F6-C6BDE354FEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{171BEE58-157F-4BE5-8394-64CEA8D020FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1A6D6D10-0DC6-49D1-B078-E31D50F1D222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{22390F94-5690-4028-B35D-2E5F94EC224A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24494E33-0BD3-4640-8425-29458F42BF85}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{259AEB18-A001-4329-8DD8-143ECBB5F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25EE09B7-B0BA-4875-92BE-B591083113C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2707859D-DD2D-40B1-A0BD-88AD1A9A867C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A57D064-CB30-4D98-8762-0A0162D2D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AC80058-DFA8-4D35-85A3-64496D2883E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C18CB93-96A5-4031-ABCC-7933FFA8DBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C236274-B307-4EEA-8165-1431A5EECE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D18454C-00DA-4B46-BF34-7B8FAEAFD686}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{2E7F3BAF-EA97-4CEC-813C-50EB064BC40C}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | 
"{3348DDC0-154D-4CFC-B753-8DFD9420C5C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33FFBAFD-40C1-423D-9E36-8A80B4976493}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34F7FEED-5A34-4169-B4A5-EB926551FAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3550F539-3454-4A03-80DF-91944DB8EA36}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36D34AAB-8F69-4E07-B7C7-96AC28EEC003}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37805A21-C448-4852-8E36-6A15283E00E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AFBFC11-A486-4E74-8EB6-1753624725F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3CD37345-D80C-4328-A79C-3ADE666A64E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44340A1D-975C-4BCF-AFF7-61E7274051FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{49F50F32-4D7D-4EDB-991E-A1BEC19CA342}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A5A2922-F660-44CB-ACCC-39261DCAD9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50802897-8042-4289-8690-6CF354C3F5C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{564709A0-BE91-4B7A-A0DC-497019E2FA10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58D3916A-7CF0-4A95-A2C0-007D818F548A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{58E39A2D-8DE4-4377-A87B-5500DB7781B5}" = protocol=6 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zs3533.tmp\symnrt.exe | 
"{59EB79A6-2A57-4094-BD8F-5BB5606BA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B8CAEFF-B4CC-43E9-B771-6C2717A3A349}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C373DE3-A7AE-4A91-89CF-6A8A0D5E742C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E36D34D-A8D8-4186-ADA0-1E0E92C46921}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E55062F-9EEA-4895-821E-5F3B1C85D409}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{622D0098-FAB5-4C89-8380-9886B0479135}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | 
"{64342821-097D-451D-8FE1-D36F92355ABC}" = protocol=6 | dir=out | app=system | 
"{66B62E80-4858-4429-9997-2BF7EF8C3943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{67DE7D5E-DECB-44E2-ADBB-A9778177DE53}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{689B3037-F52B-4753-8953-4DBA398773C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D05A97F-4587-48A2-8E33-2CAFE9CEF4D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DDB2E27-94B9-46AC-9746-5ABF74698700}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6FD74FC8-F9CE-4E2D-8D76-04C00D43FBFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{715FB247-4C77-44C5-9213-C93113D479F4}" = protocol=17 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zs3533.tmp\symnrt.exe | 
"{724AE84B-6120-4F17-87D0-346620B7D3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{724B3A19-3FC8-4961-8DA5-EA578258A6F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72B8BA8B-1B16-49C9-9589-FC49C45CB16C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73E1AD91-065D-49D0-B93B-071B09CACF60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{74A43D91-388E-4C04-8110-7FC568BF6F86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7701D70D-6110-4988-80B3-DEF57F4DF188}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79BA966B-EDD1-418C-BED2-B911404ED313}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A8F9DC6-271A-40EB-B606-3A20E4C936C5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B333CE5-F9CD-4554-9068-E2618C44DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C735A83-1C4B-48F5-8209-EB3B262784FF}" = protocol=17 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zse582.tmp\symnrt.exe | 
"{816165EB-9D23-40BF-AEBF-6B5BE4ADA43F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{829C9A20-F460-41EA-8B76-874172D48B40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{86C28F8A-B72E-4D0D-A9AD-02B5B9A2D4E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{89835FAB-93B7-4D16-B2A2-4C7C34BEF9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{89CDAB74-35A9-40E1-9639-4D154CC3EF44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8CE352CB-B0C3-4697-9CCA-1B2D2C506425}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90DDB494-1316-47A4-B674-78E240A1A0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91264671-1AA1-4397-9928-E2695C6EBC2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{912BDF7B-9B2D-4F5F-AADE-29DC3A8A43C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{919AD030-5D4D-47BA-B633-40D7CF7DC9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{959B0F02-6C0D-476E-B069-CF6553DAB5E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9619A50B-FBC3-4B86-A7E3-EAA486C1A49C}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{96EA8C50-965E-4F9E-811E-CCE93888BFE4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{977C2266-ECF4-41CE-88E7-CBF72399B3B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DA55D1A-D2CE-4923-9E9E-FEECF0BA5868}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9EA4DBBB-DCD6-4337-B395-4B5B9146181A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{9F02B04C-A374-4C59-AA2A-8C4DF403E051}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F2181F6-D4DB-451C-8D30-33AE9A61B1FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FAAF4C3-7D39-46F4-A7D1-74AC420E174B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A875CC5B-8776-4708-8FAC-68F170F7709B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8DF47FD-846F-4A8F-AAA0-81CB672FE370}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A9792BCA-17AE-4D8F-815E-665317468A60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AFBE62D2-C76D-4CF7-8C0C-02EE2D66E256}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7D45E18-7C59-4178-9E01-727C1BFFD588}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9AE10E7-0A0B-4C13-B316-93D381A66D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB26BBF2-47BA-4576-93A4-54F8EB3DA3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDB1CC27-0714-48DF-A6BB-175A95BD0E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BDEDCEC1-5DE5-4A1F-A8A4-8C0357C62B00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF23A919-743A-43A6-8642-A72AE73CFD67}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{C05B72CC-B3DD-4CF3-80A7-F2E4A8CBAE48}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C296BA3C-1EE3-4D72-A210-E62D3952CD8C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{C997E58C-5FA3-41B6-AB7E-0F73335F2ACC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA51F6EC-9575-484C-BD94-6C44CECE4E2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D05B0F58-9962-403F-9EDC-1A0BAE70E12E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D45D9309-BDFF-4FF7-96C7-58C32B76EE72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D585D8E0-58C4-4BA5-84F4-4C6B8779EFC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6C09D8E-4DA8-42D8-9221-542CD4249FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE206CDD-C56C-4A3F-90D3-FFBF69968B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0F09885-846C-4E44-A823-9B4164D519EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E186E6A7-5033-49B3-A8DE-3E5F52726D27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E32F1C42-F82E-4C69-9ADE-149C019B8C2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4B3668E-F36F-41E1-A269-E00ADBFCFE71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6084C69-1CB9-4DC4-A28A-559AEEF639D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7FBBE6C-B169-44FA-B4F4-54A718EA3D59}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9BB054A-BAB3-4163-8352-57600A9C6094}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC34750E-92B7-4DE0-AE4D-46C72D9732FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECD7B9F7-4E23-464F-A0E0-EBA4AD58954B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFBD7BF4-CA20-41CB-A775-D28A4AE47559}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F06C3B19-80C2-4C9B-8924-2C0AD0801BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F18D825F-B77F-4F31-8F19-DA9BBC07DC0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1F8BA62-34C7-414E-A0E3-980DBFEA91D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6DA034C-68B5-4DE0-8A4C-2B39CA060864}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F799F199-77E0-49CB-9852-34BCEC001E18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F79EA545-83E7-46C0-87B4-222A4C02C58D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F7EA93F2-35BB-4D50-8AC2-2E9989C138CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8D47FFE-6313-4D13-9431-3F681B9A3CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F9DDBC7D-D5B8-4D58-A32A-698DD5F793CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FAEBE2A7-754E-4CDA-95C4-10DA38FB6175}" = protocol=6 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zse582.tmp\symnrt.exe | 
"{FBC823D7-FBE3-4B44-8E06-84652CBEBF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC0B3799-7376-4710-A6F6-962BC9B2A260}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FF4D05AF-A441-412F-935F-2104EF42DD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{31355AF5-552F-451F-9CCF-2240EF6DD52C}D:\flashget universal\flashget.exe" = protocol=6 | dir=in | app=d:\flashget universal\flashget.exe | 
"TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{6B4AF642-7806-4DE8-96F1-A1C0C68D229D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe | 
"TCP Query User{95E06D6A-8AFB-4D16-9F63-3612DCEBB306}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E9EAFED8-F8D1-4ADE-ACAA-42E83970FE00}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{F1E9E252-55BE-4CA5-B4A0-53F046966A74}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{F538F40B-DB74-431C-BCA7-20B09C37F5C9}C:\users\machete 81\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | 
"TCP Query User{F995EF0B-823D-4884-B55C-2D728FA2C354}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{1D2DAE66-2704-4EED-8E98-4691A7D0F6FC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{238501B8-F605-44F2-A2BD-B8C70325870E}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe | 
"UDP Query User{25FDB9A4-81A6-4F33-B348-87EFDC1E6EE3}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{53165DFE-4380-4B54-A753-E6186DB0849D}D:\flashget universal\flashget.exe" = protocol=17 | dir=in | app=d:\flashget universal\flashget.exe | 
"UDP Query User{5650E075-E8AB-46F1-B5D3-0B58559FCD60}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{D67B791C-459C-44D6-A69A-4BDEEF56FF3F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{E9048B17-641B-4DCA-B5F7-503864F0252F}C:\users\machete 81\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ 
"{761B4ADA-254C-461F-A446-A167E41FA6DD}" = Foxit PDF IFilter
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7FA32C2E-E218-4A04-966D-DECCB0B9C81E}" = MAGIX Speed 2 (MSI)
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{815D1E58-17F7-4DF4-BF8E-59D2EE575FCA}" = MAGIX Video deluxe 16 Plus Sonderedition
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31C9A68-7F07-4B96-AC58-F71D5DF3DA89}" = MAGIX Screenshare
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.35
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"FlashGet 2.0" = FlashGet 2.0
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Audio Editor" = Free Audio Editor
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ 
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"MAGIX_MSI_Videodeluxe16_plus" = MAGIX Video deluxe 16 Plus Sonderedition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"Vista Icon Pack ST_is1" = Vista Icon Pack ST
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Voozie Maker" = Voozie Maker
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Xilisoft Video Converter" = Xilisoft Video Converter 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Move Media Player" = Move Media Player
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.07.2010 17:40:28 | Computer Name = Machete81-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3776 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 15c4  Anfangszeit: 01cb1d538342fc73  Zeitpunkt der Beendigung:
 4
 
Error - 06.07.2010 17:40:43 | Computer Name = Machete81-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung brsvc01a.exe, Version 1.0.0.3, Zeitstempel 0x3cb65dc7,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x5e4, Anwendungsstartzeit 01cb1d469961e6fc.
 
Error - 06.07.2010 17:43:36 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.07.2010 17:43:36 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.07.2010 18:44:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.07.2010 18:45:01 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 21.03.2010 18:47:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.04.2010 20:33:37 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.06.2010 10:55:04 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 19.08.2010 17:05:19 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.10.2010 21:44:15 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/14/2010 03:44:15
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 22.10.2010 20:31:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.10.2010 19:56:49 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 05.11.2010 15:28:56 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/05/2010 20:28:56
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 28.11.2010 13:51:21 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 01.05.2011 15:09:17 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 16.03.2012 21:03:55 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 16.03.2012 21:31:19 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.03.2012 21:31:56 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 16.03.2012 21:31:58 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 16.03.2012 21:42:41 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 16.03.2012 21:57:10 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.03.2012 21:58:41 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 16.03.2012 21:58:42 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 16.03.2012 22:23:22 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 16.03.2012 22:48:24 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >

Und AntiVir haut immer fleißig Meldungen raus über die Datei:

Code:

ATTFilter

Exportierte Ereignisse:

17.03.2012 04:25 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 04:10 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 04:10 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 04:10 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 04:09 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 04:09 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 04:09 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 03:51 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 03:43 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 03:17 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 03:13 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 03:13 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 03:01 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 02:58 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 02:04 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 02:04 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 02:02 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 02:02 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 01:56 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 01:56 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 01:56 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 01:56 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 01:40 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.03.2012 01:40 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.03.2012 22:14 [Guard] AntiVir Guard deaktiviert
      AntiVir Guard wurde deaktiviert.

29.02.2012 12:49 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Local\temp\Photo.class'
      wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-0840' [exploit] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

26.02.2012 15:09 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

26.02.2012 15:09 [Guard] Malware gefunden
      In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Und wieder der 50€ Virus....

Plagegeister aller Art und deren Bekämpfung: Und wieder der 50€ Virus....