|
Plagegeister aller Art und deren Bekämpfung: Und wieder der 50€ Virus....Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.03.2012, 21:51 | #16 |
| Und wieder der 50€ Virus.... Hallo, entschuldige das ich so lange gebraucht habe, viel Arbeit momentan,spät zu Hause aber ich vermisse meinen Rechner und so hab ich mir jetzt die Zeit genommen. Die ganzen Neustarts: Sollen die im abgesicherten Modus laufen? Ich habe jetzt bei dem CC-Neustart und nach dem OTL-Fix beide Male den Rechner normal hochfahren lassen mit dem Ergebniss das das Problem weiter besteht, ich also über den Taskmanager herunter fahre, beim Neustart ständig ( ? ) F8 drücke und im abgesicherten Modus dann fortfahre. Jetzt aber erstmal das OTL-Dokument nach Punkt 3 : Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\askcom.xml moved successfully. C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\conduit.xml moved successfully. C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\forestle-de.xml moved successfully. C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\gmx-suche.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully. C:\Users\Machete 81\AppData\Local\Skype\Skype.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. C:\xmldm folder moved successfully. C:\Users\Machete 81\AppData\Roaming\UAs folder moved successfully. C:\Users\Machete 81\AppData\Roaming\xmldm folder moved successfully. C:\Users\Machete 81\AppData\Roaming\kock folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\updates folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\torrents folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\tmp folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\subs folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\shares folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\rss folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\plugins folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\net folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\logs\save folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\logs folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\dht\net3 folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\dht folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\devices folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus\active folder moved successfully. C:\Users\Machete 81\AppData\Roaming\Azureus folder moved successfully. Folder C:\Users\Machete 81\AppData\Roaming\kock\ not found. Folder C:\Users\Machete 81\AppData\Roaming\UAs\ not found. Folder C:\Users\Machete 81\AppData\Roaming\xmldm\ not found. C:\Windows\Tasks\{1A4C63F3-D99B-4E54-ABAE-B8C141A77285}.job moved successfully. C:\Windows\Tasks\{8E7BED68-89BC-42D0-AC2B-7EAFA2401441}.job moved successfully. C:\Windows\Tasks\{924E7366-90C2-4894-B792-BFEEDC25589F}.job moved successfully. C:\Windows\Tasks\{991E9A86-84A9-4D5D-AEC3-B1A066CFB0CB}.job moved successfully. ========== REGISTRY ========== Registry key Invalid\\"TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" \ not found. Registry key Invalid\\"TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" \ not found. Registry key Invalid\\"UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" \ not found. Registry key Invalid\\"UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" \ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Machete 81\Desktop\cmd.bat deleted successfully. C:\Users\Machete 81\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Machete 81 ->Temp folder emptied: 31832 bytes ->Temporary Internet Files folder emptied: 3312925 bytes ->Java cache emptied: 338413 bytes ->FireFox cache emptied: 45596268 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 720 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 943 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 47,00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Machete 81 ->Java cache emptied: 0 bytes User: Public User: UpdatusUser Total Java Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.34.0 log created on 03082012_213604 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Ok, ich kann gar nicht fortfahren, da ich nicht einmal etwas deinstallieren kann. Meldung: Windows Installer kann nicht zugegriffen werden....kann passieren wenn nicht richtig installiert....wenden sie sich an den Support. ????? Hilfe..... Geändert von machete81 (08.03.2012 um 21:59 Uhr) Grund: Nachtrag, Ergänzung |
09.03.2012, 09:05 | #17 |
/// Helfer-Team | Und wieder der 50€ Virus.... also im normalen Modus mit dem PC zu Arbeiten nicht möglich?
__________________das OTL kannst im abgesicherten Modus auch laufen lassen: -> (drücke beim Hochfahren des Rechners [F8] solange, bis du eine Auswahlmöglichkeit hast, da "abgesicherten Modus " wählen) erneut einen Scan mit OTL:
__________________ |
09.03.2012, 20:48 | #18 |
| Und wieder der 50€ Virus.... Nein, arbeiten im normalen Modus nicht möglich. Auch das Kontextmenü um als Administrator auszuführen öffnet nicht.Hängt sich immer auf der Rechner, mach dann ne Abmeldung über Taskmanager ( was anderes geht auch nicht, immer Sanduhr,keine Reaktion) und starte OTL per Doppelklick.
__________________OTL-File: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.03.2012 20:38:19 - Run 7 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Machete 81\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,09% Memory free 4,23 Gb Paging File | 3,98 Gb Available in Paging File | 94,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 37,49 Gb Free Space | 12,36% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe PRC - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.04 18:50:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.03 17:24:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.05.01 00:37:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2012.02.09 11:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.08.24 14:21:07 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.08.24 14:21:06 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011.07.04 18:50:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.04 18:50:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.25 08:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 13:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.09.10 15:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlyCamComm.sys -- (OlyCamComm) DRV - [2009.09.04 13:16:14 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/29 19:27:57] [Kernel | Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) DRV - [2009.06.28 15:35:04 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.06.28 15:35:03 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.04.01 18:38:54 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.11.08 04:36:39 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2007.09.17 22:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.01.23 13:36:46 | 000,299,776 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw88tse.sys -- (HCW88TSE) DRV - [2007.01.23 13:25:30 | 000,207,872 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw88bda.sys -- (HCW88BDA) DRV - [2007.01.23 13:25:14 | 000,011,904 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\hcw88aud.sys -- (HCW88AUD) DRV - [2006.10.24 14:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006.10.24 14:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006.10.20 05:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86) DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro) DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http:google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6e: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Machete 81\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 22:42:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 08:28:43 | 000,000,000 | ---D | M] [2009.01.25 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions [2011.11.05 17:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions [2011.03.31 23:01:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.23 21:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.11 17:44:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.20 22:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.04.10 18:28:26 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.02.17 21:16:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.17 21:16:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 21:16:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 21:16:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.03.27 19:49:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4EBF793-506B-451D-9089-69550F5DD742}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg O24 - Desktop BackupWallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.05 19:44:44 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe [2012.03.02 21:59:56 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe [2012.03.02 00:34:50 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.01 18:51:21 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Apps [2012.03.01 18:07:12 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.03.01 17:55:05 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.03.01 17:55:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.03.01 17:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.03.01 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.03.01 17:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.03.01 17:51:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.03.01 17:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIP ST [2012.03.01 17:35:30 | 000,000,000 | ---D | C] -- C:\Vista Icon Pack ST [2012.03.01 17:21:26 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Handykram [2012.03.01 17:18:24 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\Downloads\Documents\Steuererkl [2012.02.24 08:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2012.02.17 20:59:43 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.02.17 20:59:43 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.02.17 20:59:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.02.17 20:59:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.02.17 20:59:43 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.17 20:59:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.17 20:59:42 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.17 20:59:42 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.02.17 20:59:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.17 20:59:38 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.09 18:49:51 | 000,008,592 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat [2012.03.09 18:15:22 | 000,395,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.09 18:15:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.08 21:37:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.08 21:37:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.08 21:19:25 | 000,747,252 | ---- | M] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg [2012.03.05 19:45:49 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.05 19:44:40 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe [2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe [2012.03.02 16:02:24 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll [2012.03.02 16:02:22 | 000,000,080 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res [2012.03.02 00:35:33 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.02 00:34:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.01 19:18:18 | 000,000,365 | ---- | M] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk [2012.03.01 19:11:31 | 000,001,755 | ---- | M] () -- C:\Users\Machete 81\Desktop\,,.lnk [2012.03.01 19:05:09 | 000,001,274 | ---- | M] () -- C:\Users\Machete 81\Desktop\DL.lnk [2012.03.01 18:58:10 | 000,001,251 | ---- | M] () -- C:\Users\Machete 81\Desktop\....lnk [2012.03.01 18:56:41 | 000,001,246 | ---- | M] () -- C:\Users\Machete 81\Desktop\..lnk [2012.03.01 17:43:35 | 000,001,243 | ---- | M] () -- C:\Users\Machete 81\Desktop\...lnk [2012.02.28 20:15:31 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll [2012.02.24 13:44:45 | 000,005,416 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll [2012.02.24 12:48:45 | 000,211,968 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.21 12:47:34 | 009,759,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.21 12:47:34 | 003,409,688 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.21 12:47:34 | 003,064,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.21 12:47:34 | 002,787,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.09 11:59:10 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.08 21:19:11 | 000,747,252 | ---- | C] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg [2012.03.05 19:45:49 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.02 16:02:24 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll [2012.03.02 00:35:33 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.01 19:18:18 | 000,000,365 | ---- | C] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk [2012.03.01 19:11:31 | 000,001,755 | ---- | C] () -- C:\Users\Machete 81\Desktop\,,.lnk [2012.03.01 17:54:51 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.02.28 20:15:31 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll [2012.02.24 13:44:45 | 000,005,416 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll [2012.02.24 08:29:58 | 000,000,080 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res [2012.02.24 08:20:03 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.02.24 08:20:03 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.02.24 08:20:03 | 000,001,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.08.31 20:56:42 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini [2011.08.31 20:56:39 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe [2011.07.17 13:10:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5C9A236D9A.sys [2011.07.17 13:10:39 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.03.25 15:30:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.25 15:30:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.25 15:30:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.25 15:30:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.25 15:30:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.21 00:29:26 | 000,000,760 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss [2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2010.04.23 22:23:47 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI ========== LOP Check ========== [2008.10.19 00:51:33 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ankh - Heart of Osiris [2008.03.13 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Audacity [2011.04.10 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\BITS [2008.11.29 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DAEMON Tools Pro [2011.10.15 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoft [2011.03.31 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.19 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\elsterformular [2011.04.10 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Foxit [2010.03.20 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Free Audio Editor [2010.04.26 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\FreeFLVConverter [2011.05.28 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\go [2011.02.10 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\gtk-2.0 [2010.10.16 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Leadertech [2011.07.31 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\MAGIX [2010.03.20 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\NCH Swift Sound [2010.10.24 02:05:49 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\OpenOffice.org [2009.02.25 02:33:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\PeerNetworking [2011.01.23 01:59:00 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\ProtectDisc [2010.07.10 03:08:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\SparweltGutschein [2008.12.15 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Template [2012.03.01 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TuneUp Software [2010.03.22 16:38:34 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2009.06.28 15:37:56 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ubisoft [2010.07.04 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\VoozieMaker [2010.09.12 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Xilisoft [2010.12.11 20:29:03 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_202902_0886.job [2010.12.11 23:33:36 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_233336_0744.job [2010.10.27 01:38:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2008.03.22 22:46:17 | 000,307,910 | ---- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr [2008.03.18 21:10:04 | 000,307,910 | ---- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr < End of report > Extras: Code:
ATTFilter OTL Extras logfile created on: 09.03.2012 20:38:19 - Run 7 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Machete 81\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 80,09% Memory free 4,23 Gb Paging File | 3,98 Gb Available in Paging File | 94,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 37,49 Gb Free Space | 12,36% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "D:\FlashGet universal\FlashGet.exe" = D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET) "D:\FlashGet universal\LiveUpdate.exe" = D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate "D:\FlashGet universal\LiveUpdateEx.exe" = D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B97D4C3-D840-452A-8C63-47E2F8E6EDF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0F2FD710-DA98-4C93-BD76-804A97FE498C}" = lport=138 | protocol=17 | dir=in | app=system | "{102D1E55-E56E-43CE-B9AF-CB9771FA3B15}" = lport=137 | protocol=17 | dir=in | app=system | "{1BD9E6B7-5A2D-456D-9C04-3C4FB9E71BFB}" = rport=10243 | protocol=6 | dir=out | app=system | "{1C7829E9-1585-4B6F-9B52-4B76E50B375D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1DDCDABD-1B6B-42C2-8D00-8929C3749389}" = rport=139 | protocol=6 | dir=out | app=system | "{213CC10A-5CF9-4BD3-99DB-FDE5773EA072}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{22F2CDB8-24E6-4073-95FB-629CACB4537C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2CB57AED-0F96-47DE-8F80-10590A3BA0C5}" = lport=10243 | protocol=6 | dir=in | app=system | "{4546667E-1244-4C38-8FE3-DC67A589C99F}" = rport=445 | protocol=6 | dir=out | app=system | "{59ABE83B-24B7-4870-A703-BAAD94500984}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61D74005-F7E4-447F-872D-F051806DF0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{64567F94-2ADE-46ED-8712-7F4E822FA0A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{66CA1113-5FF9-4773-8C8B-03CD584ACB9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6940F09E-DEF1-4AF3-9B9C-1F65CEC785C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{752469A8-B52F-45BF-825A-25A3E91ECD5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{806CF8E1-45E2-419F-81DB-590A77431C7B}" = lport=139 | protocol=6 | dir=in | app=system | "{96ED15EE-4291-4895-B5A9-5E287BD44256}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{99DA131A-3CA5-4431-91DF-272FA55ECA26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9CFC36EA-B43B-461F-BB97-8B077AD0C21A}" = rport=137 | protocol=17 | dir=out | app=system | "{A592195F-3853-447D-97CC-04A56390286F}" = lport=3074 | protocol=6 | dir=in | name=xbox | "{B284701C-DA75-46EA-9F4D-89525C5BED8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B789B512-15D7-4935-89C4-203C1AB66F38}" = rport=138 | protocol=17 | dir=out | app=system | "{BECC43A2-56E1-434F-B815-3142EB394004}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3F12391-F406-4FC8-8EDA-8F658822B581}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D3F7E48D-01C6-4D2E-B9CF-DE67514692FF}" = lport=445 | protocol=6 | dir=in | app=system | "{E2A96DAB-A929-41D4-B053-78CAD86D5545}" = lport=2869 | protocol=6 | dir=in | app=system | "{F010680A-11D9-4480-82F0-B25ABC5A8CFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045D0F5B-F82F-4C2B-8EE5-D0FC4084D816}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{04758101-B3F9-4BDD-8D3D-841C2660EAC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0614E0E1-FEE1-47BC-A2AB-A414B31C8CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{08EBB26F-C52B-410E-A1C7-9448C23010C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0B0863C0-3E55-43AF-B9A9-EB08A7C24A95}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0B8E0619-FA84-43B0-91AA-2AE504CB7AA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1186921C-3036-41DF-80ED-965280E2C839}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12CC7ED6-2795-4C88-A8B8-156C4E37AE56}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{164E2CA5-7D20-48AD-B6F6-C6BDE354FEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{171BEE58-157F-4BE5-8394-64CEA8D020FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{1A6D6D10-0DC6-49D1-B078-E31D50F1D222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{22390F94-5690-4028-B35D-2E5F94EC224A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{24494E33-0BD3-4640-8425-29458F42BF85}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{259AEB18-A001-4329-8DD8-143ECBB5F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{25EE09B7-B0BA-4875-92BE-B591083113C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2707859D-DD2D-40B1-A0BD-88AD1A9A867C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A57D064-CB30-4D98-8762-0A0162D2D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2AC80058-DFA8-4D35-85A3-64496D2883E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C18CB93-96A5-4031-ABCC-7933FFA8DBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C236274-B307-4EEA-8165-1431A5EECE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D18454C-00DA-4B46-BF34-7B8FAEAFD686}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{2E7F3BAF-EA97-4CEC-813C-50EB064BC40C}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{3348DDC0-154D-4CFC-B753-8DFD9420C5C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33FFBAFD-40C1-423D-9E36-8A80B4976493}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{34F7FEED-5A34-4169-B4A5-EB926551FAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3550F539-3454-4A03-80DF-91944DB8EA36}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{36D34AAB-8F69-4E07-B7C7-96AC28EEC003}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{37805A21-C448-4852-8E36-6A15283E00E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AFBFC11-A486-4E74-8EB6-1753624725F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3CD37345-D80C-4328-A79C-3ADE666A64E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{44340A1D-975C-4BCF-AFF7-61E7274051FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{49F50F32-4D7D-4EDB-991E-A1BEC19CA342}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A5A2922-F660-44CB-ACCC-39261DCAD9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{50802897-8042-4289-8690-6CF354C3F5C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{564709A0-BE91-4B7A-A0DC-497019E2FA10}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58D3916A-7CF0-4A95-A2C0-007D818F548A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{59EB79A6-2A57-4094-BD8F-5BB5606BA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B8CAEFF-B4CC-43E9-B771-6C2717A3A349}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C373DE3-A7AE-4A91-89CF-6A8A0D5E742C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E36D34D-A8D8-4186-ADA0-1E0E92C46921}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E55062F-9EEA-4895-821E-5F3B1C85D409}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{622D0098-FAB5-4C89-8380-9886B0479135}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{64342821-097D-451D-8FE1-D36F92355ABC}" = protocol=6 | dir=out | app=system | "{66B62E80-4858-4429-9997-2BF7EF8C3943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{67DE7D5E-DECB-44E2-ADBB-A9778177DE53}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{689B3037-F52B-4753-8953-4DBA398773C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D05A97F-4587-48A2-8E33-2CAFE9CEF4D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6DDB2E27-94B9-46AC-9746-5ABF74698700}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6FD74FC8-F9CE-4E2D-8D76-04C00D43FBFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{724AE84B-6120-4F17-87D0-346620B7D3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{724B3A19-3FC8-4961-8DA5-EA578258A6F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{72B8BA8B-1B16-49C9-9589-FC49C45CB16C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{73E1AD91-065D-49D0-B93B-071B09CACF60}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{74A43D91-388E-4C04-8110-7FC568BF6F86}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7701D70D-6110-4988-80B3-DEF57F4DF188}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{79BA966B-EDD1-418C-BED2-B911404ED313}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7A8F9DC6-271A-40EB-B606-3A20E4C936C5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{7B333CE5-F9CD-4554-9068-E2618C44DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{816165EB-9D23-40BF-AEBF-6B5BE4ADA43F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{829C9A20-F460-41EA-8B76-874172D48B40}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{86C28F8A-B72E-4D0D-A9AD-02B5B9A2D4E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{89835FAB-93B7-4D16-B2A2-4C7C34BEF9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89CDAB74-35A9-40E1-9639-4D154CC3EF44}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8CE352CB-B0C3-4697-9CCA-1B2D2C506425}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{90DDB494-1316-47A4-B674-78E240A1A0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{91264671-1AA1-4397-9928-E2695C6EBC2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{912BDF7B-9B2D-4F5F-AADE-29DC3A8A43C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{919AD030-5D4D-47BA-B633-40D7CF7DC9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{959B0F02-6C0D-476E-B069-CF6553DAB5E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9619A50B-FBC3-4B86-A7E3-EAA486C1A49C}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{96EA8C50-965E-4F9E-811E-CCE93888BFE4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{977C2266-ECF4-41CE-88E7-CBF72399B3B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DA55D1A-D2CE-4923-9E9E-FEECF0BA5868}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9EA4DBBB-DCD6-4337-B395-4B5B9146181A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{9F02B04C-A374-4C59-AA2A-8C4DF403E051}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9F2181F6-D4DB-451C-8D30-33AE9A61B1FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9FAAF4C3-7D39-46F4-A7D1-74AC420E174B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A875CC5B-8776-4708-8FAC-68F170F7709B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A8DF47FD-846F-4A8F-AAA0-81CB672FE370}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{A9792BCA-17AE-4D8F-815E-665317468A60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AFBE62D2-C76D-4CF7-8C0C-02EE2D66E256}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B7D45E18-7C59-4178-9E01-727C1BFFD588}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B9AE10E7-0A0B-4C13-B316-93D381A66D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BB26BBF2-47BA-4576-93A4-54F8EB3DA3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BDB1CC27-0714-48DF-A6BB-175A95BD0E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BDEDCEC1-5DE5-4A1F-A8A4-8C0357C62B00}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BF23A919-743A-43A6-8642-A72AE73CFD67}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{C05B72CC-B3DD-4CF3-80A7-F2E4A8CBAE48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C296BA3C-1EE3-4D72-A210-E62D3952CD8C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{C997E58C-5FA3-41B6-AB7E-0F73335F2ACC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CA51F6EC-9575-484C-BD94-6C44CECE4E2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D05B0F58-9962-403F-9EDC-1A0BAE70E12E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D45D9309-BDFF-4FF7-96C7-58C32B76EE72}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D585D8E0-58C4-4BA5-84F4-4C6B8779EFC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D6C09D8E-4DA8-42D8-9221-542CD4249FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DE206CDD-C56C-4A3F-90D3-FFBF69968B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0F09885-846C-4E44-A823-9B4164D519EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E186E6A7-5033-49B3-A8DE-3E5F52726D27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E32F1C42-F82E-4C69-9ADE-149C019B8C2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E4B3668E-F36F-41E1-A269-E00ADBFCFE71}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E6084C69-1CB9-4DC4-A28A-559AEEF639D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E7FBBE6C-B169-44FA-B4F4-54A718EA3D59}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9BB054A-BAB3-4163-8352-57600A9C6094}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EC34750E-92B7-4DE0-AE4D-46C72D9732FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ECD7B9F7-4E23-464F-A0E0-EBA4AD58954B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EFBD7BF4-CA20-41CB-A775-D28A4AE47559}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F06C3B19-80C2-4C9B-8924-2C0AD0801BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F18D825F-B77F-4F31-8F19-DA9BBC07DC0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F1F8BA62-34C7-414E-A0E3-980DBFEA91D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F6DA034C-68B5-4DE0-8A4C-2B39CA060864}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F799F199-77E0-49CB-9852-34BCEC001E18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F79EA545-83E7-46C0-87B4-222A4C02C58D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F7EA93F2-35BB-4D50-8AC2-2E9989C138CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8D47FFE-6313-4D13-9431-3F681B9A3CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F9DDBC7D-D5B8-4D58-A32A-698DD5F793CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FBC823D7-FBE3-4B44-8E06-84652CBEBF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FC0B3799-7376-4710-A6F6-962BC9B2A260}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FF4D05AF-A441-412F-935F-2104EF42DD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{31355AF5-552F-451F-9CCF-2240EF6DD52C}D:\flashget universal\flashget.exe" = protocol=6 | dir=in | app=d:\flashget universal\flashget.exe | "TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{6B4AF642-7806-4DE8-96F1-A1C0C68D229D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe | "TCP Query User{95E06D6A-8AFB-4D16-9F63-3612DCEBB306}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{E9EAFED8-F8D1-4ADE-ACAA-42E83970FE00}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{F1E9E252-55BE-4CA5-B4A0-53F046966A74}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{F538F40B-DB74-431C-BCA7-20B09C37F5C9}C:\users\machete 81\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | "TCP Query User{F995EF0B-823D-4884-B55C-2D728FA2C354}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{1D2DAE66-2704-4EED-8E98-4691A7D0F6FC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{238501B8-F605-44F2-A2BD-B8C70325870E}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe | "UDP Query User{25FDB9A4-81A6-4F33-B348-87EFDC1E6EE3}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{53165DFE-4380-4B54-A753-E6186DB0849D}D:\flashget universal\flashget.exe" = protocol=17 | dir=in | app=d:\flashget universal\flashget.exe | "UDP Query User{5650E075-E8AB-46F1-B5D3-0B58559FCD60}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{D67B791C-459C-44D6-A69A-4BDEEF56FF3F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{E9048B17-641B-4DCA-B5F7-503864F0252F}C:\users\machete 81\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars "{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22 "{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5 "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ "{761B4ADA-254C-461F-A446-A167E41FA6DD}" = Foxit PDF IFilter "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7FA32C2E-E218-4A04-966D-DECCB0B9C81E}" = MAGIX Speed 2 (MSI) "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{815D1E58-17F7-4DF4-BF8E-59D2EE575FCA}" = MAGIX Video deluxe 16 Plus Sonderedition "{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F31C9A68-7F07-4B96-AC58-F71D5DF3DA89}" = MAGIX Screenshare "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.35 "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "ElsterFormular 13.0.0.8086p" = ElsterFormular "FlashGet 2.0" = FlashGet 2.0 "Foxit PDF Editor" = Foxit PDF Editor "Foxit Reader" = Foxit Reader "Free Audio Editor" = Free Audio Editor "Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "MAGIX_MSI_Videodeluxe16_plus" = MAGIX Video deluxe 16 Plus Sonderedition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Picasa 3" = Picasa 3 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Steam App 8930" = Sid Meier's Civilization V "SystemRequirementsLab" = System Requirements Lab "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "Vista Icon Pack ST_is1" = Vista Icon Pack ST "VLC media player" = VideoLAN VLC media player 0.8.6e "Voozie Maker" = Voozie Maker "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR "Xilisoft Video Converter" = Xilisoft Video Converter 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = EasyBits GO "Move Media Player" = Move Media Player "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.07.2010 18:44:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.07.2010 18:45:01 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.07.2010 17:11:06 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.07.2010 17:11:06 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.07.2010 03:38:53 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.07.2010 03:38:53 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Media Center Events ] Error - 21.03.2010 18:47:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 23.04.2010 20:33:37 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.06.2010 10:55:04 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 19.08.2010 17:05:19 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.10.2010 21:44:15 | Computer Name = Machete81-PC | Source = Recording | ID = 19 Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/14/2010 03:44:15 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen. Error - 22.10.2010 20:31:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 23.10.2010 19:56:49 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 05.11.2010 15:28:56 | Computer Name = Machete81-PC | Source = Recording | ID = 19 Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/05/2010 20:28:56 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen. Error - 28.11.2010 13:51:21 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 01.05.2011 15:09:17 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 08.03.2012 16:44:32 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005 Description = Error - 08.03.2012 16:54:06 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005 Description = Error - 09.03.2012 13:15:43 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005 Description = Error - 09.03.2012 13:15:52 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005 Description = Error - 09.03.2012 13:15:53 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005 Description = Error - 09.03.2012 13:15:57 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005 Description = Error - 09.03.2012 13:15:59 | Computer Name = Machete81-PC | Source = DCOM | ID = 10005 Description = Error - 09.03.2012 13:16:21 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001 Description = Error - 09.03.2012 13:16:21 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001 Description = Error - 09.03.2012 13:16:21 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > Mfg |
10.03.2012, 07:28 | #19 | ||
/// Helfer-Team | Und wieder der 50€ Virus.... kannst Du mir über diese Dateien Info geben? Hast Du Veränderungen an diesem Text vorgenommen bzw Dateiname durch "...." erstezt? Zitat:
→ Tipps für die Suche nach Dateien Code:
ATTFilter C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll → Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox) → "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist → das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1) ** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Code:
ATTFilter Datei File name: <hier kommt die Dateiname> Submission date: 2010-10-22 03:34:01 (UTC) Current status: queued queued analysing finished Result: .....% VT Community goodware/badware Safety score: 100.0% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.10.22.00 2010.10.21 - AntiVir 7.10.13.15 2010.10.21 - Antiy-AVL 2.0.3.7 2010.10.22 - Authentium 5.2.0.5 2010.10.22 - Avast 4.8.1351.0 2010.10.21 - Avast5 5.0.594.0 2010.10.21 - usw........ ...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!! Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
10.03.2012, 12:52 | #20 |
| Und wieder der 50€ Virus.... also die .lnk-Dateien sind ja Verknüpfungen und da habe ich die Namen auf dem Desktop geändert, ich hatte vorher ( bevor das Drama losging ) mir ein Vista-IconPack heruntergeladen.Hatte ein paar Icons und Namen verändert. |
10.03.2012, 13:08 | #21 |
| Und wieder der 50€ Virus.... Du hast geschrieben: "das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)" Dazu die Frage wo "da reinkopieren" gemeint ist?Bei VirusTotal reinkopieren? Über Virustotal öffne ich die Datei :" C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll " aus dem Ordner, aber wie kopiere ich Dateigröße und Name, MD5 und SHA1 ?? Und einen "Sende die Datei" finde ich bei Virustotal nicht? Ich habe auf "Scan it" gedrückt und keine Logfile erhalten oder wo finde ich die? Hab dann auf Reanalyse geklickt und jetzt irgendwie mal alles kopiert was der ausgespuckt hat. Code:
ATTFilter SHA256: aa0a8d34d3721d31429186e842099d378290f8c6bccb6a5ae1859c868cef0937 SHA1: acf4d9fbbd8c79b5da7d91ecdb49743693a1ddc9 MD5: 83cb5caac3c97efc702db47ccb82f31b File size: 5.4 KB ( 5528 bytes ) File name: BAcroIEHelpe080.dll File type: Win32 DLL Detection ratio: 4 / 43 Analysis date: 2012-03-10 12:03:42 UTC ( 3 Minuten ago ) 0 1 Antivirus Result Update AhnLab-V3 - 20120309 AntiVir - 20120309 Antiy-AVL - 20120310 Avast Win32:Agent-AOFF [Trj] 20120309 AVG - 20120310 BitDefender - 20120310 ByteHero - 20120309 CAT-QuickHeal - 20120310 ClamAV - 20120309 Commtouch - 20120310 Comodo - 20120310 DrWeb - 20120310 Emsisoft Trojan.Win32.Agent!IK 20120310 eSafe - 20120308 eTrust-Vet - 20120310 F-Prot - 20120310 F-Secure - 20120310 Fortinet - 20120310 GData Win32:Agent-AOFF 20120310 Ikarus Trojan.Win32.Agent 20120310 Jiangmin - 20120301 K7AntiVirus - 20120309 Kaspersky - 20120310 McAfee - 20120308 McAfee-GW-Edition - 20120310 Microsoft - 20120310 NOD32 - 20120310 Norman - 20120309 nProtect - 20120310 Panda - 20120310 PCTools - 20120310 Prevx - 20120310 Rising - 20120309 Sophos - 20120310 SUPERAntiSpyware - 20120308 Symantec - 20120310 TheHacker - 20120309 TrendMicro - 20120309 TrendMicro-HouseCall - 20120310 VBA32 - 20120307 VIPRE - 20120310 ViRobot - 20120310 VirusBuster - 20120309 Comments Additional information ssdeep 48:yaCoWHpadMvN+xYs9n0cKsBZqCyAXkTgNxHr2360MnanaWmwQOXjTYq:2+dMQxnbjqChUTyHr21MnanaW5jTY TrID Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:02:27 09:44:53+01:00 FileType.................: Win32 DLL PEType...................: PE32 CodeSize.................: 1024 LinkerVersion............: 5.12 EntryPoint...............: 0x1000 InitializedDataSize......: 3072 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 834 1024 5.24 4921302b047da473a10dbbfc5347da68 .rdata 8192 537 1024 2.58 d536aef567291ab00218c0e68677337e .data 12288 1185 512 2.01 097edba434214dc1467a46eaa7506b69 .reloc 16384 112 512 1.41 882028edddc0a9be61e4094328980ac8 PE Imports....................: advapi32.dll RegCloseKey kernel32.dll GetModuleFileNameA, GetModuleHandleA, VirtualProtect, lstrcmpiA, lstrlenA shlwapi.dll SHCopyKeyW user32.dll SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx PE Exports....................: C, l, o, s, e, G, u, a, r, d, ,, , S, e, t, G, u, a, r, d First seen by VirusTotal 2012-02-27 13:29:25 UTC ( 1 Woche, 4 Tage ago ) Last seen by VirusTotal 2012-03-10 12:03:42 UTC ( 3 Minuten ago ) File names (max. 25) BAcroIEHelpe080.dll BAcroIEHelpe080.dll C:\Users\sys_baltru\Desktop\Virusverdacht\BAcroIEHelpe.dll BAcroIEHelpe.dll BAcroIEHelpe.dll BAcroIEHelpe.dll file-3603090_dll BAcroIEHelpe079.dll 8903B96E987B8B1F15C4006A13EF050086200C46.dll Geändert von machete81 (10.03.2012 um 13:49 Uhr) Grund: sorry,Details |
10.03.2012, 13:54 | #22 |
/// Helfer-Team | Und wieder der 50€ Virus.... passt so, hast Du richtig gemacht 1. Datei-Kontrolle Mach bitte einen Rechtsklick auf die im folgenden genannten Dateien (mit der Maus), schau dir an, was unter Eigenschaften steht, kopiere diese Angaben (Datei Version, Beschreibung der Datei, Copyright bei wem? FirmenName) hier in deinen Thread von diesen Anwendungen: Code:
ATTFilter C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll die Schritte 7. und 8. fehlen noch:-> http://www.trojaner-board.de/110718-...tml#post786270
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
10.03.2012, 14:11 | #23 |
| Und wieder der 50€ Virus.... Hallo, danke. Alle Infos die ich unter Eigenschaften finden konnte ( Kontextmenü hakt noch immer... ) Code:
ATTFilter Dateityp: Programmbibliothek (.dll) Öffnen mit: Unbekannte Anwendung Ort : C:\Users\Machete 81\AppData\Roaming Größe :5,39 KB (5.528 Bytes) auf Daten- träger :8,00 KB (8.192 Bytes) Erstellt : Dienstag, 28. Februar 2012, 20:15:31 Geändert : Dienstag, 28. Februar 2012, 20:15:31 Letzt.zugriff : Dienstag, 28. Februar 2012, 20:15:31 Digitale Signaturen: Name: Acer Email: support@samsung.de Gruß... Andi |
10.03.2012, 15:58 | #24 |
| Und wieder der 50€ Virus.... GMER-Logfile hä...keine Datei in der Zwischablage....ich mach den Scan nochmal, menno!!! |
10.03.2012, 16:51 | #25 |
| Und wieder der 50€ Virus.... So, jetzt die GMER-Logfie.... [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-03-10 16:45:06 Windows 6.0.6002 Service Pack 2 Running: z22uc1oi.exe; Driver: C:\Users\MACHET~1\AppData\Local\Temp\kwddiuoc.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Spiele\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDA 0x07 0x92 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE1 0x25 0xD4 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA9 0xB7 0xA3 0x7F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0xD2 0x8F 0x66 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0xBD 0xEB 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x79 0xA1 0x52 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Spiele\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDA 0x07 0x92 0x42 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE1 0x25 0xD4 0x68 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA9 0xB7 0xA3 0x7F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0xD2 0x8F 0x66 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0xBD 0xEB 0xDC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x79 0xA1 0x52 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Spiele\SimCity\x2122 Societies\vcredist_x86.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Spiele\SimCity\x2122 Societies\dotnetfx.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Spiele\SimCity\x2122 Societies\PackageInstaller.exe 1 ---- EOF - GMER 1.0.15 ---- mbr-log Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.0.6002 Disk: WDC_WD5000AAKS-07YGA0 rev.12.01C02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85D011F8]<< 1 nt!IofCallDriver[0x82C7B11B] -> \Device\Harddisk0\DR0[0x85F658E0] 3 CLASSPNP[0x888AA8B3] -> nt!IofCallDriver[0x82C7B11B] -> [0x84841878] 5 acpi[0x887786BC] -> nt!IofCallDriver[0x82C7B11B] -> \Device\Ide\IdeDeviceP2T0L0-4[0x85D4A5A8] \Driver\atapi[0x85DEEEE8] -> IRP_MJ_CREATE -> 0x85D011F8 kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x85d011f8 user & kernel MBR OK Warning: possible MBR rootkit infection ! Geändert von machete81 (10.03.2012 um 17:11 Uhr) Grund: Nachtrag |
11.03.2012, 06:53 | #26 | |
/// Helfer-Team | Und wieder der 50€ Virus.... klingt nicht gut: Zitat:
1. CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade DeFogger herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten.
2. TDSSKiller von Kaspersky
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
13.03.2012, 22:03 | #27 |
| Und wieder der 50€ Virus.... Hallo, mal wieder!Hmm,schade das sich das nicht gut anhört... Jedenfalls heute den Rechner hochgefahren und er läuft momentan im normalen Modus. Ich werde die Emulatoren mit Defogger deinstallieren, weil anscheinend die Deinstallation über Windows Systemsteuerung nicht wirkt, die habe ich schon bestimmt vor 2 Jahren deinstalliert die Programme. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:04 on 13/03/2012 (Machete 81) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- TDSS-Log: Code:
ATTFilter 22:16:13.0689 4584 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 22:16:13.0811 4584 ============================================================ 22:16:13.0811 4584 Current date / time: 2012/03/13 22:16:13.0811 22:16:13.0811 4584 SystemInfo: 22:16:13.0812 4584 22:16:13.0812 4584 OS Version: 6.0.6002 ServicePack: 2.0 22:16:13.0812 4584 Product type: Workstation 22:16:13.0812 4584 ComputerName: MACHETE81-PC 22:16:13.0812 4584 UserName: Machete 81 22:16:13.0812 4584 Windows directory: C:\Windows 22:16:13.0812 4584 System windows directory: C:\Windows 22:16:13.0812 4584 Processor architecture: Intel x86 22:16:13.0812 4584 Number of processors: 4 22:16:13.0812 4584 Page size: 0x1000 22:16:13.0812 4584 Boot type: Normal boot 22:16:13.0812 4584 ============================================================ 22:16:16.0155 4584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:16:16.0157 4584 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:16:16.0173 4584 \Device\Harddisk0\DR0: 22:16:16.0173 4584 MBR used 22:16:16.0173 4584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x25EB1800 22:16:16.0173 4584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800 22:16:16.0173 4584 \Device\Harddisk1\DR1: 22:16:16.0173 4584 MBR used 22:16:16.0174 4584 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482 22:16:16.0502 4584 Initialize success 22:16:16.0502 4584 ============================================================ 22:16:18.0897 3852 ============================================================ 22:16:18.0897 3852 Scan started 22:16:18.0897 3852 Mode: Manual; 22:16:18.0897 3852 ============================================================ 22:16:21.0999 3852 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys 22:16:22.0001 3852 acedrv11 - ok 22:16:22.0231 3852 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 22:16:22.0234 3852 ACPI - ok 22:16:22.0321 3852 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 22:16:22.0324 3852 adp94xx - ok 22:16:22.0382 3852 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 22:16:22.0384 3852 adpahci - ok 22:16:22.0422 3852 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 22:16:22.0423 3852 adpu160m - ok 22:16:22.0468 3852 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 22:16:22.0470 3852 adpu320 - ok 22:16:22.0590 3852 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 22:16:22.0592 3852 AFD - ok 22:16:22.0663 3852 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 22:16:22.0664 3852 agp440 - ok 22:16:22.0826 3852 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 22:16:22.0827 3852 aic78xx - ok 22:16:23.0009 3852 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 22:16:23.0010 3852 aliide - ok 22:16:23.0030 3852 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 22:16:23.0030 3852 amdagp - ok 22:16:23.0046 3852 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 22:16:23.0047 3852 amdide - ok 22:16:23.0080 3852 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 22:16:23.0081 3852 AmdK7 - ok 22:16:23.0554 3852 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 22:16:23.0554 3852 AmdK8 - ok 22:16:23.0675 3852 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 22:16:23.0675 3852 arc - ok 22:16:23.0945 3852 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 22:16:23.0946 3852 arcsas - ok 22:16:24.0136 3852 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 22:16:24.0137 3852 AsyncMac - ok 22:16:24.0537 3852 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 22:16:24.0538 3852 atapi - ok 22:16:25.0110 3852 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 22:16:25.0112 3852 atksgt - ok 22:16:25.0193 3852 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 22:16:25.0193 3852 avgntflt - ok 22:16:25.0230 3852 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 22:16:25.0231 3852 avipbb - ok 22:16:25.0306 3852 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 22:16:25.0306 3852 Beep - ok 22:16:25.0347 3852 blbdrive - ok 22:16:25.0405 3852 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 22:16:25.0406 3852 bowser - ok 22:16:25.0459 3852 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 22:16:25.0459 3852 BrFiltLo - ok 22:16:25.0475 3852 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 22:16:25.0475 3852 BrFiltUp - ok 22:16:25.0525 3852 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 22:16:25.0526 3852 Brserid - ok 22:16:25.0544 3852 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 22:16:25.0545 3852 BrSerWdm - ok 22:16:25.0563 3852 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 22:16:25.0564 3852 BrUsbMdm - ok 22:16:25.0780 3852 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 22:16:25.0780 3852 BrUsbSer - ok 22:16:25.0796 3852 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 22:16:25.0797 3852 BTHMODEM - ok 22:16:26.0183 3852 catchme - ok 22:16:26.0221 3852 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 22:16:26.0222 3852 cdfs - ok 22:16:26.0268 3852 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 22:16:26.0269 3852 cdrom - ok 22:16:26.0534 3852 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 22:16:26.0535 3852 circlass - ok 22:16:26.0721 3852 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 22:16:26.0724 3852 CLFS - ok 22:16:27.0206 3852 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 22:16:27.0206 3852 cmdide - ok 22:16:27.0478 3852 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 22:16:27.0479 3852 Compbatt - ok 22:16:27.0628 3852 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 22:16:27.0628 3852 crcdisk - ok 22:16:27.0791 3852 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 22:16:27.0791 3852 Crusoe - ok 22:16:27.0874 3852 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 22:16:27.0875 3852 DfsC - ok 22:16:27.0952 3852 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 22:16:27.0953 3852 disk - ok 22:16:28.0028 3852 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 22:16:28.0028 3852 drmkaud - ok 22:16:29.0028 3852 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 22:16:29.0033 3852 DXGKrnl - ok 22:16:29.0628 3852 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 22:16:29.0629 3852 E1G60 - ok 22:16:29.0759 3852 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 22:16:29.0760 3852 Ecache - ok 22:16:29.0827 3852 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 22:16:29.0829 3852 elxstor - ok 22:16:29.0892 3852 EraserUtilRebootDrv - ok 22:16:30.0324 3852 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 22:16:30.0366 3852 exfat - ok 22:16:30.0593 3852 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 22:16:30.0595 3852 fastfat - ok 22:16:30.0625 3852 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 22:16:30.0625 3852 fdc - ok 22:16:30.0744 3852 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 22:16:30.0744 3852 FileInfo - ok 22:16:30.0762 3852 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 22:16:30.0762 3852 Filetrace - ok 22:16:30.0913 3852 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 22:16:30.0913 3852 flpydisk - ok 22:16:30.0945 3852 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 22:16:30.0947 3852 FltMgr - ok 22:16:30.0991 3852 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 22:16:30.0992 3852 Fs_Rec - ok 22:16:31.0082 3852 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 22:16:31.0083 3852 gagp30kx - ok 22:16:31.0636 3852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:16:31.0637 3852 GEARAspiWDM - ok 22:16:32.0093 3852 HCW88AUD (b40c06b5438716366f2ca6239a741f39) C:\Windows\system32\drivers\hcw88aud.sys 22:16:32.0094 3852 HCW88AUD - ok 22:16:32.0146 3852 HCW88BDA (6c85512c2b958b2d0e82814915390050) C:\Windows\system32\drivers\hcw88bda.sys 22:16:32.0148 3852 HCW88BDA - ok 22:16:32.0193 3852 HCW88TSE (d1b38599f3678f536eb61406f4f0da6d) C:\Windows\system32\drivers\hcw88tse.sys 22:16:32.0195 3852 HCW88TSE - ok 22:16:32.0242 3852 HCW88TUNE (36baa5ace16bb31e2b0bfaf551ac9786) C:\Windows\system32\drivers\hcw88tun.sys 22:16:32.0243 3852 HCW88TUNE - ok 22:16:32.0279 3852 hcw88vid (2688cd88b87e0f5996ed4330e42d344a) C:\Windows\system32\drivers\hcw88vid.sys 22:16:32.0283 3852 hcw88vid - ok 22:16:32.0301 3852 HCW88XBAR (462f10c8b88cddeb2fdaa47fa34793bb) C:\Windows\system32\drivers\HCW88BAR.sys 22:16:32.0302 3852 HCW88XBAR - ok 22:16:32.0665 3852 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 22:16:32.0667 3852 HdAudAddService - ok 22:16:32.0788 3852 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:16:32.0793 3852 HDAudBus - ok 22:16:32.0858 3852 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 22:16:32.0859 3852 HidBth - ok 22:16:32.0996 3852 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 22:16:32.0997 3852 HidIr - ok 22:16:33.0147 3852 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 22:16:33.0148 3852 HidUsb - ok 22:16:33.0307 3852 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 22:16:33.0308 3852 HpCISSs - ok 22:16:33.0843 3852 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 22:16:33.0846 3852 HTTP - ok 22:16:33.0928 3852 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 22:16:33.0928 3852 i2omp - ok 22:16:33.0989 3852 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 22:16:33.0990 3852 i8042prt - ok 22:16:34.0945 3852 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys 22:16:34.0947 3852 iaStor - ok 22:16:35.0299 3852 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 22:16:35.0301 3852 iaStorV - ok 22:16:35.0570 3852 IDSvix86 (78432a57d085328cf8baf125985425d2) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys 22:16:35.0572 3852 IDSvix86 - ok 22:16:35.0942 3852 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 22:16:35.0942 3852 iirsp - ok 22:16:36.0786 3852 IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys 22:16:36.0801 3852 IntcAzAudAddService - ok 22:16:36.0840 3852 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 22:16:36.0841 3852 intelide - ok 22:16:36.0878 3852 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 22:16:36.0878 3852 intelppm - ok 22:16:36.0929 3852 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:16:36.0929 3852 IpFilterDriver - ok 22:16:36.0952 3852 IpInIp - ok 22:16:36.0975 3852 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 22:16:36.0976 3852 IPMIDRV - ok 22:16:36.0994 3852 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 22:16:36.0995 3852 IPNAT - ok 22:16:37.0041 3852 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 22:16:37.0041 3852 IRENUM - ok 22:16:37.0264 3852 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 22:16:37.0265 3852 isapnp - ok 22:16:37.0313 3852 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 22:16:37.0315 3852 iScsiPrt - ok 22:16:37.0612 3852 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 22:16:37.0613 3852 iteatapi - ok 22:16:37.0784 3852 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 22:16:37.0785 3852 iteraid - ok 22:16:37.0836 3852 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys 22:16:37.0837 3852 JRAID - ok 22:16:38.0199 3852 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 22:16:38.0199 3852 kbdclass - ok 22:16:38.0336 3852 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 22:16:38.0337 3852 kbdhid - ok 22:16:38.0826 3852 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 22:16:38.0829 3852 KSecDD - ok 22:16:38.0918 3852 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys 22:16:38.0918 3852 LHidFilt - ok 22:16:38.0957 3852 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 22:16:38.0958 3852 lirsgt - ok 22:16:38.0985 3852 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 22:16:38.0985 3852 lltdio - ok 22:16:39.0265 3852 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys 22:16:39.0265 3852 LMouFilt - ok 22:16:39.0299 3852 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 22:16:39.0300 3852 LSI_FC - ok 22:16:39.0673 3852 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 22:16:39.0674 3852 LSI_SAS - ok 22:16:40.0515 3852 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 22:16:40.0516 3852 LSI_SCSI - ok 22:16:40.0769 3852 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 22:16:40.0770 3852 luafv - ok 22:16:40.0883 3852 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\Windows\system32\drivers\MTiCtwl.sys 22:16:40.0883 3852 MagicTune - ok 22:16:40.0912 3852 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 22:16:40.0913 3852 megasas - ok 22:16:41.0117 3852 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 22:16:41.0117 3852 Modem - ok 22:16:41.0176 3852 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 22:16:41.0177 3852 monitor - ok 22:16:41.0431 3852 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 22:16:41.0432 3852 mouclass - ok 22:16:41.0564 3852 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 22:16:41.0565 3852 mouhid - ok 22:16:41.0649 3852 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 22:16:41.0650 3852 MountMgr - ok 22:16:42.0264 3852 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 22:16:42.0265 3852 mpio - ok 22:16:42.0551 3852 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 22:16:42.0552 3852 mpsdrv - ok 22:16:42.0929 3852 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 22:16:42.0930 3852 Mraid35x - ok 22:16:43.0061 3852 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 22:16:43.0062 3852 MRxDAV - ok 22:16:43.0186 3852 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:16:43.0186 3852 mrxsmb - ok 22:16:43.0281 3852 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:16:43.0283 3852 mrxsmb10 - ok 22:16:43.0314 3852 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:16:43.0315 3852 mrxsmb20 - ok 22:16:43.0449 3852 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 22:16:43.0450 3852 msahci - ok 22:16:43.0474 3852 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 22:16:43.0475 3852 msdsm - ok 22:16:43.0550 3852 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 22:16:43.0551 3852 Msfs - ok 22:16:43.0582 3852 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 22:16:43.0582 3852 msisadrv - ok 22:16:43.0613 3852 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 22:16:43.0613 3852 MSKSSRV - ok 22:16:43.0977 3852 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 22:16:43.0978 3852 MSPCLOCK - ok 22:16:44.0215 3852 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 22:16:44.0216 3852 MSPQM - ok 22:16:44.0242 3852 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 22:16:44.0244 3852 MsRPC - ok 22:16:44.0270 3852 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 22:16:44.0270 3852 mssmbios - ok 22:16:45.0275 3852 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 22:16:45.0275 3852 MSTEE - ok 22:16:45.0394 3852 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 22:16:45.0395 3852 Mup - ok 22:16:45.0460 3852 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 22:16:45.0462 3852 NativeWifiP - ok 22:16:45.0579 3852 NCPro (7acae9601b3eb413f8bf5c90a77a6848) C:\Windows\system32\drivers\MTictwl.sys 22:16:45.0580 3852 NCPro - ok 22:16:45.0705 3852 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 22:16:45.0709 3852 NDIS - ok 22:16:45.0766 3852 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 22:16:45.0766 3852 NdisTapi - ok 22:16:46.0210 3852 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 22:16:46.0211 3852 Ndisuio - ok 22:16:46.0361 3852 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:16:46.0363 3852 NdisWan - ok 22:16:46.0537 3852 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 22:16:46.0538 3852 NDProxy - ok 22:16:46.0569 3852 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 22:16:46.0570 3852 NetBIOS - ok 22:16:46.0579 3852 netbt - ok 22:16:46.0627 3852 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 22:16:46.0628 3852 nfrd960 - ok 22:16:46.0653 3852 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 22:16:46.0653 3852 Npfs - ok 22:16:47.0206 3852 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 22:16:47.0206 3852 nsiproxy - ok 22:16:47.0401 3852 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 22:16:47.0410 3852 Ntfs - ok 22:16:47.0505 3852 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 22:16:47.0505 3852 ntrigdigi - ok 22:16:47.0667 3852 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 22:16:47.0667 3852 Null - ok 22:16:49.0810 3852 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:16:49.0872 3852 nvlddmkm - ok 22:16:50.0456 3852 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 22:16:50.0457 3852 nvraid - ok 22:16:50.0672 3852 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys 22:16:50.0673 3852 nvrd32 - ok 22:16:50.0727 3852 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 22:16:50.0728 3852 nvstor - ok 22:16:50.0761 3852 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys 22:16:50.0763 3852 nvstor32 - ok 22:16:52.0056 3852 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 22:16:52.0057 3852 nv_agp - ok 22:16:52.0281 3852 NwlnkFlt - ok 22:16:52.0357 3852 NwlnkFwd - ok 22:16:52.0451 3852 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 22:16:52.0452 3852 ohci1394 - ok 22:16:52.0758 3852 OlyCamComm (f4cb9c1991314b1352ddbd8a968e4471) C:\Windows\system32\DRIVERS\OlyCamComm.sys 22:16:52.0759 3852 OlyCamComm - ok 22:16:52.0853 3852 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 22:16:52.0854 3852 Parport - ok 22:16:52.0929 3852 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 22:16:52.0930 3852 partmgr - ok 22:16:53.0039 3852 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 22:16:53.0039 3852 Parvdm - ok 22:16:53.0239 3852 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 22:16:53.0241 3852 pci - ok 22:16:53.0279 3852 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 22:16:53.0280 3852 pciide - ok 22:16:53.0391 3852 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 22:16:53.0393 3852 pcmcia - ok 22:16:54.0007 3852 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 22:16:54.0014 3852 PEAUTH - ok 22:16:54.0140 3852 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 22:16:54.0141 3852 PptpMiniport - ok 22:16:54.0312 3852 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 22:16:54.0312 3852 Processor - ok 22:16:54.0365 3852 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 22:16:54.0366 3852 PSched - ok 22:16:54.0413 3852 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 22:16:54.0420 3852 ql2300 - ok 22:16:54.0552 3852 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 22:16:54.0554 3852 ql40xx - ok 22:16:54.0589 3852 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 22:16:54.0589 3852 QWAVEdrv - ok 22:16:54.0898 3852 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 22:16:54.0899 3852 RasAcd - ok 22:16:55.0126 3852 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:16:55.0127 3852 Rasl2tp - ok 22:16:55.0215 3852 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 22:16:55.0216 3852 RasPppoe - ok 22:16:55.0278 3852 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 22:16:55.0278 3852 RasSstp - ok 22:16:55.0425 3852 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 22:16:55.0427 3852 rdbss - ok 22:16:55.0585 3852 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:16:55.0585 3852 RDPCDD - ok 22:16:56.0083 3852 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 22:16:56.0085 3852 rdpdr - ok 22:16:56.0258 3852 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 22:16:56.0259 3852 RDPENCDD - ok 22:16:56.0307 3852 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 22:16:56.0308 3852 RDPWD - ok 22:16:56.0553 3852 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 22:16:56.0554 3852 rspndr - ok 22:16:56.0593 3852 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys 22:16:56.0594 3852 RTL8169 - ok 22:16:56.0663 3852 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 22:16:56.0663 3852 SASDIFSV - ok 22:16:56.0736 3852 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 22:16:56.0737 3852 SASKUTIL - ok 22:16:56.0831 3852 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 22:16:56.0832 3852 sbp2port - ok 22:16:57.0108 3852 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 22:16:57.0109 3852 secdrv - ok 22:16:57.0295 3852 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 22:16:57.0295 3852 Serenum - ok 22:16:57.0735 3852 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 22:16:57.0736 3852 Serial - ok 22:16:58.0124 3852 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 22:16:58.0124 3852 sermouse - ok 22:16:58.0288 3852 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 22:16:58.0289 3852 sffdisk - ok 22:16:58.0305 3852 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 22:16:58.0306 3852 sffp_mmc - ok 22:16:58.0352 3852 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 22:16:58.0353 3852 sffp_sd - ok 22:16:59.0031 3852 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 22:16:59.0032 3852 sfloppy - ok 22:16:59.0221 3852 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 22:16:59.0222 3852 sisagp - ok 22:16:59.0449 3852 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 22:16:59.0450 3852 SiSRaid2 - ok 22:16:59.0474 3852 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 22:16:59.0474 3852 SiSRaid4 - ok 22:17:00.0018 3852 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 22:17:00.0019 3852 Smb - ok 22:17:00.0138 3852 SPBBCDrv - ok 22:17:00.0470 3852 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 22:17:00.0470 3852 spldr - ok 22:17:00.0531 3852 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\Windows\System32\Drivers\sptd.sys 22:17:00.0537 3852 sptd - ok 22:17:00.0740 3852 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 22:17:00.0742 3852 srv - ok 22:17:00.0818 3852 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 22:17:00.0819 3852 srv2 - ok 22:17:01.0464 3852 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 22:17:01.0465 3852 srvnet - ok 22:17:01.0594 3852 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 22:17:01.0595 3852 ssmdrv - ok 22:17:01.0719 3852 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 22:17:01.0720 3852 swenum - ok 22:17:01.0820 3852 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 22:17:01.0820 3852 Symc8xx - ok 22:17:01.0919 3852 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS 22:17:01.0920 3852 SymEvent - ok 22:17:01.0955 3852 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS 22:17:01.0956 3852 SYMREDRV - ok 22:17:02.0032 3852 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS 22:17:02.0034 3852 SYMTDI - ok 22:17:02.0164 3852 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 22:17:02.0165 3852 Sym_hi - ok 22:17:02.0188 3852 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 22:17:02.0189 3852 Sym_u3 - ok 22:17:02.0615 3852 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 22:17:02.0622 3852 Tcpip - ok 22:17:02.0718 3852 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 22:17:02.0725 3852 Tcpip6 - ok 22:17:03.0018 3852 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 22:17:03.0019 3852 tcpipreg - ok 22:17:03.0394 3852 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 22:17:03.0394 3852 TDPIPE - ok 22:17:03.0643 3852 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 22:17:03.0643 3852 TDTCP - ok 22:17:03.0681 3852 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 22:17:03.0682 3852 tdx - ok 22:17:04.0405 3852 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 22:17:04.0405 3852 TermDD - ok 22:17:04.0766 3852 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:17:04.0766 3852 tssecsrv - ok 22:17:05.0300 3852 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys 22:17:05.0301 3852 TuneUpUtilitiesDrv - ok 22:17:05.0354 3852 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 22:17:05.0355 3852 tunmp - ok 22:17:05.0854 3852 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 22:17:05.0855 3852 tunnel - ok 22:17:05.0887 3852 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 22:17:05.0888 3852 uagp35 - ok 22:17:06.0477 3852 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 22:17:06.0480 3852 udfs - ok 22:17:06.0764 3852 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 22:17:06.0765 3852 uliagpkx - ok 22:17:07.0045 3852 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 22:17:07.0047 3852 uliahci - ok 22:17:07.0239 3852 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 22:17:07.0241 3852 UlSata - ok 22:17:07.0270 3852 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 22:17:07.0271 3852 ulsata2 - ok 22:17:07.0300 3852 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 22:17:07.0301 3852 umbus - ok 22:17:07.0370 3852 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys 22:17:07.0371 3852 USBAAPL - ok 22:17:07.0454 3852 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 22:17:07.0455 3852 usbaudio - ok 22:17:07.0916 3852 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 22:17:07.0917 3852 usbccgp - ok 22:17:08.0221 3852 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys 22:17:08.0222 3852 usbcir - ok 22:17:08.0316 3852 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 22:17:08.0317 3852 usbehci - ok 22:17:09.0073 3852 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 22:17:09.0075 3852 usbhub - ok 22:17:09.0307 3852 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 22:17:09.0308 3852 usbohci - ok 22:17:09.0709 3852 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 22:17:09.0710 3852 usbprint - ok 22:17:09.0797 3852 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 22:17:09.0798 3852 usbscan - ok 22:17:09.0920 3852 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:17:09.0921 3852 USBSTOR - ok 22:17:10.0265 3852 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 22:17:10.0266 3852 usbuhci - ok 22:17:10.0310 3852 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 22:17:10.0312 3852 usbvideo - ok 22:17:11.0105 3852 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 22:17:11.0106 3852 vga - ok 22:17:11.0169 3852 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 22:17:11.0170 3852 VgaSave - ok 22:17:11.0287 3852 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 22:17:11.0288 3852 viaagp - ok 22:17:11.0355 3852 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 22:17:11.0356 3852 ViaC7 - ok 22:17:11.0419 3852 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 22:17:11.0420 3852 viaide - ok 22:17:11.0743 3852 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys 22:17:11.0744 3852 viamraid - ok 22:17:11.0808 3852 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 22:17:11.0809 3852 volmgr - ok 22:17:12.0196 3852 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 22:17:12.0199 3852 volmgrx - ok 22:17:12.0418 3852 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 22:17:12.0420 3852 volsnap - ok 22:17:12.0484 3852 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 22:17:12.0486 3852 vsmraid - ok 22:17:13.0047 3852 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 22:17:13.0047 3852 WacomPen - ok 22:17:13.0364 3852 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:17:13.0365 3852 Wanarp - ok 22:17:13.0416 3852 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:17:13.0417 3852 Wanarpv6 - ok 22:17:13.0453 3852 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 22:17:13.0454 3852 Wd - ok 22:17:13.0893 3852 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 22:17:13.0896 3852 Wdf01000 - ok 22:17:14.0524 3852 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 22:17:14.0524 3852 WmiAcpi - ok 22:17:15.0106 3852 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 22:17:15.0107 3852 WpdUsb - ok 22:17:15.0148 3852 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 22:17:15.0149 3852 ws2ifsl - ok 22:17:15.0231 3852 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:17:15.0232 3852 WUDFRd - ok 22:17:15.0310 3852 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD\000.fcl 22:17:15.0311 3852 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok 22:17:15.0335 3852 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 22:17:15.0434 3852 \Device\Harddisk0\DR0 - ok 22:17:15.0438 3852 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 22:17:15.0442 3852 \Device\Harddisk1\DR1 - ok 22:17:15.0539 3852 Boot (0x1200) (5c588533e8bd3d0a441b9beddea6982d) \Device\Harddisk0\DR0\Partition0 22:17:15.0626 3852 \Device\Harddisk0\DR0\Partition0 - ok 22:17:15.0659 3852 Boot (0x1200) (ac86878c6da1866eed2b8cebbb3a20d6) \Device\Harddisk0\DR0\Partition1 22:17:15.0751 3852 \Device\Harddisk0\DR0\Partition1 - ok 22:17:15.0755 3852 Boot (0x1200) (5ae2f22fc5d7da33ac8fb8eb203b09d7) \Device\Harddisk1\DR1\Partition0 22:17:15.0757 3852 \Device\Harddisk1\DR1\Partition0 - ok 22:17:15.0757 3852 ============================================================ 22:17:15.0757 3852 Scan finished 22:17:15.0757 3852 ============================================================ 22:17:15.0766 3176 Detected object count: 0 22:17:15.0766 3176 Actual detected object count: 0 22:18:04.0597 4560 Deinitialize success Sooo, fahre den Rechner jetzt wieder runter und freue mich auf Antwort...bis jetzt verhält sich alles ruhig Geändert von machete81 (13.03.2012 um 22:31 Uhr) Grund: Defogger-Logfile, TDSS-Logfile |
14.03.2012, 08:46 | #28 | |
/// Helfer-Team | Und wieder der 50€ Virus.... 1. ob ich schon mal gefragt...?: Zitat:
-> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software ► AV Deinstallations Hinweise 2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
17.03.2012, 01:57 | #29 |
| Und wieder der 50€ Virus.... Hallo mal wieder. Erstmal guten Morgen oder so und ein schönes Wochenende. Kurz mal ne Statusmeldung: [code] Arbeite im normalen Modus AntiVir hat nach dem hochfahren diese Warnmeldung angezeigt, habe sie mit " x " geschlossen...(?!) Code:
ATTFilter In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern PS: Gerade kommt die Meldung im küzeren Abständen.... mache abschließend wieder den OTL-Scan und freue mich auf Antwort.Grüße in den sonnigen Süden. Geändert von machete81 (17.03.2012 um 01:58 Uhr) Grund: Nachtrag |
17.03.2012, 04:24 | #30 |
| Und wieder der 50€ Virus.... OTL-Log Code:
ATTFilter OTL logfile created on: 17.03.2012 04:05:28 - Run 8 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Machete 81\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,93% Memory free 4,24 Gb Paging File | 3,10 Gb Available in Paging File | 73,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 32,27 Gb Free Space | 10,64% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.17 02:34:57 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe PRC - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE PRC - [2011.07.04 18:50:31 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.25 08:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.05.25 08:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.05.01 00:37:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.05.02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.05.02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.01 10:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (No Company Name) ========== MOD - [2012.03.17 03:01:10 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.03.17 03:01:10 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2011.08.24 14:26:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2011.08.24 14:26:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.04.05 10:40:32 | 000,443,488 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.08.24 14:21:14 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.04 18:50:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.03 17:24:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.05.01 00:37:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Unknown | Running] -- -- (SYMTDI) DRV - File not found [Kernel | Unknown | Running] -- -- (SymEvent) DRV - [2012.02.09 11:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.08.24 14:21:07 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.08.24 14:21:06 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011.07.04 18:50:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.04 18:50:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.25 08:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 13:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.09.10 15:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlyCamComm.sys -- (OlyCamComm) DRV - [2009.09.04 13:16:14 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/29 19:27:57] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) DRV - [2009.06.28 15:35:04 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.06.28 15:35:03 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.04.01 18:38:54 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.09.17 22:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.01.23 13:36:46 | 000,299,776 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88tse.sys -- (HCW88TSE) DRV - [2007.01.23 13:25:30 | 000,207,872 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88bda.sys -- (HCW88BDA) DRV - [2007.01.23 13:25:14 | 000,011,904 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\hcw88aud.sys -- (HCW88AUD) DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro) DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15015&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http:google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6e: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Machete 81\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Machete 81\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 22:42:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 08:28:43 | 000,000,000 | ---D | M] [2009.01.25 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions [2011.11.05 17:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions [2011.03.31 23:01:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.17 02:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.11 17:44:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.17 02:23:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.02.20 22:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.17 02:23:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.04.10 18:28:26 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.02.17 21:16:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.17 21:16:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 21:16:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 21:16:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.03.27 19:49:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm () O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4EBF793-506B-451D-9089-69550F5DD742}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg O24 - Desktop BackupWallPaper: C:\Users\Machete 81\Pictures\Naturbilder\Natural Scenery\8.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.17 02:35:24 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\Desktop\TrojanerOdysee2012 [2012.03.17 02:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.17 02:23:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.17 02:23:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.17 02:23:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.03.17 02:22:14 | 017,205,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Machete 81\Desktop\jre-6u31-windows-i586-s.exe [2012.03.17 01:48:52 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.17 01:48:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.03.17 01:48:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.17 01:48:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.03.17 01:48:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.03.17 01:48:50 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.03.13 22:14:38 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Machete 81\Desktop\TDSSKiller.exe [2012.03.13 21:53:36 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.03.10 16:20:00 | 000,100,864 | ---- | C] (GMER) -- C:\kwddiuoc.sys [2012.03.05 19:44:44 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe [2012.03.02 21:59:56 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe [2012.03.02 00:34:50 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.01 18:51:21 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Apps [2012.03.01 18:07:12 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.03.01 17:55:05 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.03.01 17:55:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.03.01 17:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.03.01 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.03.01 17:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.03.01 17:51:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.03.01 17:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIP ST [2012.03.01 17:35:30 | 000,000,000 | ---D | C] -- C:\Vista Icon Pack ST [2012.03.01 17:21:26 | 000,000,000 | R--D | C] -- C:\Users\Machete 81\Desktop\Handykram [2012.03.01 17:18:24 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\Downloads\Documents\Steuererkl [2012.02.24 08:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2012.02.17 20:59:43 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.02.17 20:59:43 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.02.17 20:59:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.02.17 20:59:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.02.17 20:59:43 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.17 20:59:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.17 20:59:42 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.17 20:59:42 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.02.17 20:59:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.17 03:16:33 | 000,928,216 | ---- | M] () -- C:\Users\Machete 81\Desktop\Norton_Removal_Tool.exe [2012.03.17 02:56:37 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.17 02:56:37 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.17 02:56:29 | 000,395,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.17 02:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.17 02:54:37 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2012.03.17 02:23:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.17 02:23:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.17 02:23:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.03.17 02:23:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.03.17 02:22:16 | 017,205,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Machete 81\Desktop\jre-6u31-windows-i586-s.exe [2012.03.13 22:22:15 | 000,008,592 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat [2012.03.13 22:13:32 | 002,044,822 | ---- | M] () -- C:\Users\Machete 81\Desktop\tdsskiller.zip [2012.03.13 22:04:59 | 000,000,020 | ---- | M] () -- C:\Users\Machete 81\defogger_reenable [2012.03.13 22:03:26 | 000,050,477 | ---- | M] () -- C:\Users\Machete 81\Desktop\Defogger.exe [2012.03.10 16:55:05 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2012.03.10 16:20:00 | 000,100,864 | ---- | M] (GMER) -- C:\kwddiuoc.sys [2012.03.10 14:13:44 | 000,302,592 | ---- | M] () -- C:\Users\Machete 81\Desktop\z22uc1oi.exe [2012.03.09 21:07:56 | 000,211,456 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Machete 81\Desktop\TDSSKiller.exe [2012.03.08 21:19:25 | 000,747,252 | ---- | M] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg [2012.03.05 19:45:49 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.05 19:44:40 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Machete 81\Desktop\ccsetup316.exe [2012.03.02 21:59:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe [2012.03.02 16:02:24 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll [2012.03.02 16:02:22 | 000,000,080 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res [2012.03.02 00:35:33 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.02 00:34:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Machete 81\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.01 19:18:18 | 000,000,365 | ---- | M] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk [2012.03.01 19:11:31 | 000,001,755 | ---- | M] () -- C:\Users\Machete 81\Desktop\,,.lnk [2012.03.01 19:05:09 | 000,001,274 | ---- | M] () -- C:\Users\Machete 81\Desktop\DL.lnk [2012.03.01 18:58:10 | 000,001,251 | ---- | M] () -- C:\Users\Machete 81\Desktop\....lnk [2012.03.01 18:56:41 | 000,001,246 | ---- | M] () -- C:\Users\Machete 81\Desktop\..lnk [2012.03.01 17:43:35 | 000,001,243 | ---- | M] () -- C:\Users\Machete 81\Desktop\...lnk [2012.02.28 20:15:31 | 000,005,528 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll [2012.02.24 13:44:45 | 000,005,416 | ---- | M] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll [2012.02.21 12:47:34 | 009,759,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.21 12:47:34 | 003,409,688 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.21 12:47:34 | 003,064,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.21 12:47:34 | 002,787,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Users\Machete 81\AppData\Roaming\*.tmp files -> C:\Users\Machete 81\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.17 03:16:37 | 000,928,216 | ---- | C] () -- C:\Users\Machete 81\Desktop\Norton_Removal_Tool.exe [2012.03.13 22:13:22 | 002,044,822 | ---- | C] () -- C:\Users\Machete 81\Desktop\tdsskiller.zip [2012.03.13 22:04:30 | 000,000,020 | ---- | C] () -- C:\Users\Machete 81\defogger_reenable [2012.03.13 22:03:31 | 000,050,477 | ---- | C] () -- C:\Users\Machete 81\Desktop\Defogger.exe [2012.03.13 21:43:25 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys [2012.03.10 16:55:15 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2012.03.10 14:13:47 | 000,302,592 | ---- | C] () -- C:\Users\Machete 81\Desktop\z22uc1oi.exe [2012.03.08 21:19:11 | 000,747,252 | ---- | C] () -- C:\Users\Machete 81\Downloads\Documents\cc_20120308_211906.reg [2012.03.05 19:45:49 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.02 16:02:24 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll [2012.03.02 00:35:33 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.01 19:18:18 | 000,000,365 | ---- | C] () -- C:\Users\Machete 81\Desktop\Öffentlich - Verknüpfung.lnk [2012.03.01 19:11:31 | 000,001,755 | ---- | C] () -- C:\Users\Machete 81\Desktop\,,.lnk [2012.03.01 17:54:51 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.02.28 20:15:31 | 000,005,528 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll [2012.02.24 13:44:45 | 000,005,416 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll [2012.02.24 08:29:58 | 000,000,080 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\blckdom.res [2012.02.24 08:20:03 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.02.24 08:20:03 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.02.24 08:20:03 | 000,001,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.08.31 20:56:42 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini [2011.08.31 20:56:39 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe [2011.07.17 13:10:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5C9A236D9A.sys [2011.07.17 13:10:39 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.03.25 15:30:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.25 15:30:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.25 15:30:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.25 15:30:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.25 15:30:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.21 00:29:26 | 000,000,760 | ---- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss [2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2010.04.23 22:23:47 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI ========== LOP Check ========== [2008.10.19 00:51:33 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ankh - Heart of Osiris [2008.03.13 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Audacity [2011.04.10 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\BITS [2008.11.29 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DAEMON Tools Pro [2011.10.15 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoft [2011.03.31 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.19 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\elsterformular [2011.04.10 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Foxit [2010.03.20 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Free Audio Editor [2010.04.26 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\FreeFLVConverter [2011.05.28 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\go [2011.02.10 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\gtk-2.0 [2010.10.16 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Leadertech [2011.07.31 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\MAGIX [2010.03.20 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\NCH Swift Sound [2010.10.24 02:05:49 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\OpenOffice.org [2009.02.25 02:33:54 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\PeerNetworking [2011.01.23 01:59:00 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\ProtectDisc [2010.07.10 03:08:47 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\SparweltGutschein [2008.12.15 18:53:29 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Template [2012.03.01 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TuneUp Software [2010.03.22 16:38:34 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2009.06.28 15:37:56 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Ubisoft [2010.07.04 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\VoozieMaker [2010.09.12 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Machete 81\AppData\Roaming\Xilisoft [2010.12.11 20:29:03 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_202902_0886.job [2010.12.11 23:33:36 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\olycamdetect.exe_20101211_233336_0744.job [2010.10.27 01:38:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2008.03.22 22:46:17 | 000,307,910 | ---- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr [2008.03.18 21:10:04 | 000,307,910 | ---- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr < End of report > Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 17.03.2012 04:05:28 - Run 8 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Machete 81\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,93% Memory free 4,24 Gb Paging File | 3,10 Gb Available in Paging File | 73,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 32,27 Gb Free Space | 10,64% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 95,61 Gb Free Space | 63,45% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 999,63 Gb Free Space | 53,66% Space Free | Partition Type: NTFS Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "D:\FlashGet universal\FlashGet.exe" = D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET) "D:\FlashGet universal\LiveUpdate.exe" = D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate "D:\FlashGet universal\LiveUpdateEx.exe" = D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B97D4C3-D840-452A-8C63-47E2F8E6EDF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0F2FD710-DA98-4C93-BD76-804A97FE498C}" = lport=138 | protocol=17 | dir=in | app=system | "{102D1E55-E56E-43CE-B9AF-CB9771FA3B15}" = lport=137 | protocol=17 | dir=in | app=system | "{1BD9E6B7-5A2D-456D-9C04-3C4FB9E71BFB}" = rport=10243 | protocol=6 | dir=out | app=system | "{1C7829E9-1585-4B6F-9B52-4B76E50B375D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1DDCDABD-1B6B-42C2-8D00-8929C3749389}" = rport=139 | protocol=6 | dir=out | app=system | "{213CC10A-5CF9-4BD3-99DB-FDE5773EA072}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{22F2CDB8-24E6-4073-95FB-629CACB4537C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2CB57AED-0F96-47DE-8F80-10590A3BA0C5}" = lport=10243 | protocol=6 | dir=in | app=system | "{4546667E-1244-4C38-8FE3-DC67A589C99F}" = rport=445 | protocol=6 | dir=out | app=system | "{59ABE83B-24B7-4870-A703-BAAD94500984}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61D74005-F7E4-447F-872D-F051806DF0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{64567F94-2ADE-46ED-8712-7F4E822FA0A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{66CA1113-5FF9-4773-8C8B-03CD584ACB9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6940F09E-DEF1-4AF3-9B9C-1F65CEC785C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{752469A8-B52F-45BF-825A-25A3E91ECD5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{806CF8E1-45E2-419F-81DB-590A77431C7B}" = lport=139 | protocol=6 | dir=in | app=system | "{96ED15EE-4291-4895-B5A9-5E287BD44256}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{99DA131A-3CA5-4431-91DF-272FA55ECA26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9CFC36EA-B43B-461F-BB97-8B077AD0C21A}" = rport=137 | protocol=17 | dir=out | app=system | "{A592195F-3853-447D-97CC-04A56390286F}" = lport=3074 | protocol=6 | dir=in | name=xbox | "{B284701C-DA75-46EA-9F4D-89525C5BED8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B789B512-15D7-4935-89C4-203C1AB66F38}" = rport=138 | protocol=17 | dir=out | app=system | "{BECC43A2-56E1-434F-B815-3142EB394004}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3F12391-F406-4FC8-8EDA-8F658822B581}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D3F7E48D-01C6-4D2E-B9CF-DE67514692FF}" = lport=445 | protocol=6 | dir=in | app=system | "{E2A96DAB-A929-41D4-B053-78CAD86D5545}" = lport=2869 | protocol=6 | dir=in | app=system | "{F010680A-11D9-4480-82F0-B25ABC5A8CFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045D0F5B-F82F-4C2B-8EE5-D0FC4084D816}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{04758101-B3F9-4BDD-8D3D-841C2660EAC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0614E0E1-FEE1-47BC-A2AB-A414B31C8CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{08EBB26F-C52B-410E-A1C7-9448C23010C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0B0863C0-3E55-43AF-B9A9-EB08A7C24A95}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0B8E0619-FA84-43B0-91AA-2AE504CB7AA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1186921C-3036-41DF-80ED-965280E2C839}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12CC7ED6-2795-4C88-A8B8-156C4E37AE56}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{164E2CA5-7D20-48AD-B6F6-C6BDE354FEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{171BEE58-157F-4BE5-8394-64CEA8D020FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{1A6D6D10-0DC6-49D1-B078-E31D50F1D222}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{22390F94-5690-4028-B35D-2E5F94EC224A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{24494E33-0BD3-4640-8425-29458F42BF85}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{259AEB18-A001-4329-8DD8-143ECBB5F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{25EE09B7-B0BA-4875-92BE-B591083113C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2707859D-DD2D-40B1-A0BD-88AD1A9A867C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A57D064-CB30-4D98-8762-0A0162D2D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2AC80058-DFA8-4D35-85A3-64496D2883E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C18CB93-96A5-4031-ABCC-7933FFA8DBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C236274-B307-4EEA-8165-1431A5EECE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D18454C-00DA-4B46-BF34-7B8FAEAFD686}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{2E7F3BAF-EA97-4CEC-813C-50EB064BC40C}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | "{3348DDC0-154D-4CFC-B753-8DFD9420C5C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33FFBAFD-40C1-423D-9E36-8A80B4976493}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{34F7FEED-5A34-4169-B4A5-EB926551FAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3550F539-3454-4A03-80DF-91944DB8EA36}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{36D34AAB-8F69-4E07-B7C7-96AC28EEC003}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{37805A21-C448-4852-8E36-6A15283E00E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AFBFC11-A486-4E74-8EB6-1753624725F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3CD37345-D80C-4328-A79C-3ADE666A64E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{44340A1D-975C-4BCF-AFF7-61E7274051FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{49F50F32-4D7D-4EDB-991E-A1BEC19CA342}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A5A2922-F660-44CB-ACCC-39261DCAD9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{50802897-8042-4289-8690-6CF354C3F5C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{564709A0-BE91-4B7A-A0DC-497019E2FA10}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58D3916A-7CF0-4A95-A2C0-007D818F548A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{58E39A2D-8DE4-4377-A87B-5500DB7781B5}" = protocol=6 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zs3533.tmp\symnrt.exe | "{59EB79A6-2A57-4094-BD8F-5BB5606BA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B8CAEFF-B4CC-43E9-B771-6C2717A3A349}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C373DE3-A7AE-4A91-89CF-6A8A0D5E742C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E36D34D-A8D8-4186-ADA0-1E0E92C46921}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5E55062F-9EEA-4895-821E-5F3B1C85D409}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{622D0098-FAB5-4C89-8380-9886B0479135}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | "{64342821-097D-451D-8FE1-D36F92355ABC}" = protocol=6 | dir=out | app=system | "{66B62E80-4858-4429-9997-2BF7EF8C3943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{67DE7D5E-DECB-44E2-ADBB-A9778177DE53}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{689B3037-F52B-4753-8953-4DBA398773C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D05A97F-4587-48A2-8E33-2CAFE9CEF4D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6DDB2E27-94B9-46AC-9746-5ABF74698700}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6FD74FC8-F9CE-4E2D-8D76-04C00D43FBFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{715FB247-4C77-44C5-9213-C93113D479F4}" = protocol=17 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zs3533.tmp\symnrt.exe | "{724AE84B-6120-4F17-87D0-346620B7D3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{724B3A19-3FC8-4961-8DA5-EA578258A6F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{72B8BA8B-1B16-49C9-9589-FC49C45CB16C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{73E1AD91-065D-49D0-B93B-071B09CACF60}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{74A43D91-388E-4C04-8110-7FC568BF6F86}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7701D70D-6110-4988-80B3-DEF57F4DF188}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{79BA966B-EDD1-418C-BED2-B911404ED313}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7A8F9DC6-271A-40EB-B606-3A20E4C936C5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{7B333CE5-F9CD-4554-9068-E2618C44DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7C735A83-1C4B-48F5-8209-EB3B262784FF}" = protocol=17 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zse582.tmp\symnrt.exe | "{816165EB-9D23-40BF-AEBF-6B5BE4ADA43F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{829C9A20-F460-41EA-8B76-874172D48B40}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{86C28F8A-B72E-4D0D-A9AD-02B5B9A2D4E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{89835FAB-93B7-4D16-B2A2-4C7C34BEF9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89CDAB74-35A9-40E1-9639-4D154CC3EF44}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8CE352CB-B0C3-4697-9CCA-1B2D2C506425}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{90DDB494-1316-47A4-B674-78E240A1A0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{91264671-1AA1-4397-9928-E2695C6EBC2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{912BDF7B-9B2D-4F5F-AADE-29DC3A8A43C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{919AD030-5D4D-47BA-B633-40D7CF7DC9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{959B0F02-6C0D-476E-B069-CF6553DAB5E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9619A50B-FBC3-4B86-A7E3-EAA486C1A49C}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{96EA8C50-965E-4F9E-811E-CCE93888BFE4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{977C2266-ECF4-41CE-88E7-CBF72399B3B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DA55D1A-D2CE-4923-9E9E-FEECF0BA5868}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9EA4DBBB-DCD6-4337-B395-4B5B9146181A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{9F02B04C-A374-4C59-AA2A-8C4DF403E051}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9F2181F6-D4DB-451C-8D30-33AE9A61B1FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9FAAF4C3-7D39-46F4-A7D1-74AC420E174B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A875CC5B-8776-4708-8FAC-68F170F7709B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A8DF47FD-846F-4A8F-AAA0-81CB672FE370}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{A9792BCA-17AE-4D8F-815E-665317468A60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AFBE62D2-C76D-4CF7-8C0C-02EE2D66E256}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B7D45E18-7C59-4178-9E01-727C1BFFD588}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B9AE10E7-0A0B-4C13-B316-93D381A66D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BB26BBF2-47BA-4576-93A4-54F8EB3DA3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BDB1CC27-0714-48DF-A6BB-175A95BD0E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BDEDCEC1-5DE5-4A1F-A8A4-8C0357C62B00}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BF23A919-743A-43A6-8642-A72AE73CFD67}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{C05B72CC-B3DD-4CF3-80A7-F2E4A8CBAE48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C296BA3C-1EE3-4D72-A210-E62D3952CD8C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{C997E58C-5FA3-41B6-AB7E-0F73335F2ACC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CA51F6EC-9575-484C-BD94-6C44CECE4E2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D05B0F58-9962-403F-9EDC-1A0BAE70E12E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D45D9309-BDFF-4FF7-96C7-58C32B76EE72}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D585D8E0-58C4-4BA5-84F4-4C6B8779EFC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D6C09D8E-4DA8-42D8-9221-542CD4249FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DE206CDD-C56C-4A3F-90D3-FFBF69968B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0F09885-846C-4E44-A823-9B4164D519EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E186E6A7-5033-49B3-A8DE-3E5F52726D27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E32F1C42-F82E-4C69-9ADE-149C019B8C2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E4B3668E-F36F-41E1-A269-E00ADBFCFE71}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E6084C69-1CB9-4DC4-A28A-559AEEF639D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E7FBBE6C-B169-44FA-B4F4-54A718EA3D59}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9BB054A-BAB3-4163-8352-57600A9C6094}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EC34750E-92B7-4DE0-AE4D-46C72D9732FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ECD7B9F7-4E23-464F-A0E0-EBA4AD58954B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EFBD7BF4-CA20-41CB-A775-D28A4AE47559}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F06C3B19-80C2-4C9B-8924-2C0AD0801BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F18D825F-B77F-4F31-8F19-DA9BBC07DC0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F1F8BA62-34C7-414E-A0E3-980DBFEA91D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F6DA034C-68B5-4DE0-8A4C-2B39CA060864}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F799F199-77E0-49CB-9852-34BCEC001E18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F79EA545-83E7-46C0-87B4-222A4C02C58D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F7EA93F2-35BB-4D50-8AC2-2E9989C138CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8D47FFE-6313-4D13-9431-3F681B9A3CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F9DDBC7D-D5B8-4D58-A32A-698DD5F793CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FAEBE2A7-754E-4CDA-95C4-10DA38FB6175}" = protocol=6 | dir=in | app=c:\users\machete 81\appdata\local\temp\7zse582.tmp\symnrt.exe | "{FBC823D7-FBE3-4B44-8E06-84652CBEBF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FC0B3799-7376-4710-A6F6-962BC9B2A260}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FF4D05AF-A441-412F-935F-2104EF42DD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{31355AF5-552F-451F-9CCF-2240EF6DD52C}D:\flashget universal\flashget.exe" = protocol=6 | dir=in | app=d:\flashget universal\flashget.exe | "TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{6B4AF642-7806-4DE8-96F1-A1C0C68D229D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe | "TCP Query User{95E06D6A-8AFB-4D16-9F63-3612DCEBB306}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{E9EAFED8-F8D1-4ADE-ACAA-42E83970FE00}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{F1E9E252-55BE-4CA5-B4A0-53F046966A74}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{F538F40B-DB74-431C-BCA7-20B09C37F5C9}C:\users\machete 81\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | "TCP Query User{F995EF0B-823D-4884-B55C-2D728FA2C354}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{1D2DAE66-2704-4EED-8E98-4691A7D0F6FC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{238501B8-F605-44F2-A2BD-B8C70325870E}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe | "UDP Query User{25FDB9A4-81A6-4F33-B348-87EFDC1E6EE3}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{53165DFE-4380-4B54-A753-E6186DB0849D}D:\flashget universal\flashget.exe" = protocol=17 | dir=in | app=d:\flashget universal\flashget.exe | "UDP Query User{5650E075-E8AB-46F1-B5D3-0B58559FCD60}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{D67B791C-459C-44D6-A69A-4BDEEF56FF3F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{E9048B17-641B-4DCA-B5F7-503864F0252F}C:\users\machete 81\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars "{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5 "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0 "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ "{761B4ADA-254C-461F-A446-A167E41FA6DD}" = Foxit PDF IFilter "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7FA32C2E-E218-4A04-966D-DECCB0B9C81E}" = MAGIX Speed 2 (MSI) "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{815D1E58-17F7-4DF4-BF8E-59D2EE575FCA}" = MAGIX Video deluxe 16 Plus Sonderedition "{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F31C9A68-7F07-4B96-AC58-F71D5DF3DA89}" = MAGIX Screenshare "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro "{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.35 "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "ElsterFormular 13.0.0.8086p" = ElsterFormular "FlashGet 2.0" = FlashGet 2.0 "Foxit PDF Editor" = Foxit PDF Editor "Foxit Reader" = Foxit Reader "Free Audio Editor" = Free Audio Editor "Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@ "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "MAGIX_MSI_Videodeluxe16_plus" = MAGIX Video deluxe 16 Plus Sonderedition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Picasa 3" = Picasa 3 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Steam App 8930" = Sid Meier's Civilization V "SystemRequirementsLab" = System Requirements Lab "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "Vista Icon Pack ST_is1" = Vista Icon Pack ST "VLC media player" = VideoLAN VLC media player 0.8.6e "Voozie Maker" = Voozie Maker "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR "Xilisoft Video Converter" = Xilisoft Video Converter 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = EasyBits GO "Move Media Player" = Move Media Player "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.07.2010 17:40:28 | Computer Name = Machete81-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.1.3776 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 15c4 Anfangszeit: 01cb1d538342fc73 Zeitpunkt der Beendigung: 4 Error - 06.07.2010 17:40:43 | Computer Name = Machete81-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung brsvc01a.exe, Version 1.0.0.3, Zeitstempel 0x3cb65dc7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x5e4, Anwendungsstartzeit 01cb1d469961e6fc. Error - 06.07.2010 17:43:36 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.07.2010 17:43:36 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 06.07.2010 17:48:31 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.07.2010 18:44:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.07.2010 18:45:01 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.07.2010 14:48:59 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Media Center Events ] Error - 21.03.2010 18:47:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 23.04.2010 20:33:37 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.06.2010 10:55:04 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 19.08.2010 17:05:19 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 13.10.2010 21:44:15 | Computer Name = Machete81-PC | Source = Recording | ID = 19 Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/14/2010 03:44:15 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen. Error - 22.10.2010 20:31:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 23.10.2010 19:56:49 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 05.11.2010 15:28:56 | Computer Name = Machete81-PC | Source = Recording | ID = 19 Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/05/2010 20:28:56 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen. Error - 28.11.2010 13:51:21 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 01.05.2011 15:09:17 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 16.03.2012 21:03:55 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034 Description = Error - 16.03.2012 21:31:19 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 21:31:56 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022 Description = Error - 16.03.2012 21:31:58 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026 Description = Error - 16.03.2012 21:42:41 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034 Description = Error - 16.03.2012 21:57:10 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 21:58:41 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022 Description = Error - 16.03.2012 21:58:42 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026 Description = Error - 16.03.2012 22:23:22 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034 Description = Error - 16.03.2012 22:48:24 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7034 Description = < End of report > Code:
ATTFilter Exportierte Ereignisse: 17.03.2012 04:25 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 04:10 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 04:10 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 04:10 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 04:09 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe078.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 04:09 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 04:09 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe081.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 03:51 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 03:43 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 03:17 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 03:13 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 03:13 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 03:01 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 02:58 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 02:04 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 02:04 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 02:02 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 02:02 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 01:56 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 01:56 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 01:56 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 01:56 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 01:40 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.03.2012 01:40 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe080.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 13.03.2012 22:14 [Guard] AntiVir Guard deaktiviert AntiVir Guard wurde deaktiviert. 29.02.2012 12:49 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Local\temp\Photo.class' wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-0840' [exploit] gefunden. Ausgeführte Aktion: Zugriff verweigern 26.02.2012 15:09 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 26.02.2012 15:09 [Guard] Malware gefunden In der Datei 'C:\Users\Machete 81\AppData\Roaming\BAcroIEHelpe.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Geändert von machete81 (17.03.2012 um 04:34 Uhr) |
Themen zu Und wieder der 50€ Virus.... |
abgesicherte, abgesicherten, antiviren, bacroiehelpe.dll, besuch, erfahrungswerte, fenster, freue, infizierte, infizierten, modus, nachricht, nutzen, problem, probleme, problemen, rechner, seite, seiten, system, update, virus..., zusammen |