Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Recovery Maleware (https://www.trojaner-board.de/96785-windows-recovery-maleware.html)

machete81 24.03.2011 07:56
Windows Recovery Maleware
 
Hallo, ich habe ein ähnliches Problem wie Gruni der sich auch erst registriert hat.
Bedanke mich schon mal im Voraus für jegliche Antwort.

Und möchte mich auch für zugleich für eventuelle Posting-Fehler entschuldigen.

Ich kann nicht mehr auf meine Festplatten zugreifen und bekomme ständig Fehlermeldungen von "Windows Recovery".....

Hier meine Logfile

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6146

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.03.2011 07:27:30
mbam-log-2011-03-24 (07-26-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 359535
Laufzeit: 1 Stunde(n), 42 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\AVSuitE (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE (Rogue.AntivirusSuite) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dsPRWEQVDgXDN (Trojan.Downloader) -> Value: dsPRWEQVDgXDN -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\dsprweqvdgxdn.exe (Trojan.Downloader) -> No action taken.
c:\programdata\35708680.exe (Rogue.FakeHDD) -> No action taken.
c:\Users\machete 81\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\7Z1DYEWO\calc[1].exe (Trojan.Downloader) -> No action taken.

cosinus 24.03.2011 10:37
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

machete81 24.03.2011 19:28
Nein, ich habe einen Scan mit Malewarebytes gemacht, eine Logdatei wurde erstellt und die habe ich gepostet...., allerdings bleiben bei mir jetzt die Meldungen von "Windows Recovery" aus, ich erhalte ab und an eine Meldung von Avira über irgendwelche Trojaner..:( . Kann aber immer noch nicht auf meine beiden Festplatten zugreifen. Mache gerade noch, wie du in anderen schon empfohlen hast den, OTL-Scan. Werde da denn sonst auch noch hierrein posten.

Ansonsten erstmal danke für die AntwortOTL Logfile:
Code:
OTL logfile created on: 24.03.2011 19:22:40 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 0,83 Gb Free Space | 0,27% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 18,52 Gb Free Space | 12,29% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Machete 81\Desktop\HiJackThis204.exe (Trend Micro Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ISPwdSvc) --  File not found
SRV - (comHost) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (ccSetMgr) --  File not found
SRV - (ccEvtMgr) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (StarWindServiceAE) -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (OlyCamComm) -- C:\Windows\System32\drivers\OlyCamComm.sys (OLYMPUS IMAGING CORP.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (CyberLink Corp.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation)
DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15015&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http:google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.03 20:18:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.03 20:18:08 | 000,000,000 | ---D | M]
 
[2009.01.25 13:22:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions
[2011.01.23 21:31:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions
[2009.08.13 17:38:32 | 000,002,236 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\askcom.xml
[2009.05.07 16:07:36 | 000,000,894 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\conduit.xml
[2009.08.30 12:38:03 | 000,002,321 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\forestle-de.xml
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.10.24 17:27:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008.12.04 16:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.18 19:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.09.02 02:01:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 20:18:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 20:18:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 20:18:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 20:18:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 20:18:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [dsPRWEQVDgXDN] C:\ProgramData\dsPRWEQVDgXDN.exe ()
O4 - HKCU..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RGSC]  File not found
O4 - Startup: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 83.169.186.225
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{32d1c7be-600a-11dd-a0a2-0019214d0bcf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{6297e510-08cd-11df-bf0a-0019214d0bcf}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{b8207dd4-0012-11dd-bcd2-0019214d0bcf}\Shell - "" = AutoRun
O33 - MountPoints2\{b8207dd4-0012-11dd-bcd2-0019214d0bcf}\Shell\AutoRun\command - "" = K:\CDStart.exe
O33 - MountPoints2\{d59a522b-0546-11e0-8bda-0019214d0bcf}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e879e679-be16-11dd-a94a-0019214d0bcf}\Shell - "" = AutoRun
O33 - MountPoints2\{e879e679-be16-11dd-a94a-0019214d0bcf}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{fd7a3e26-6c91-11dd-b91a-0019214d0bcf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 19:21:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2011.03.24 00:02:51 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\AppData\Roaming\Malwarebytes
[2011.03.24 00:02:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.24 00:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.24 00:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.24 00:02:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.24 00:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.24 00:02:00 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe
[2011.03.22 02:44:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe
[2011.03.22 02:18:48 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.03.12 20:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\Neuer Ordner
[2011.03.12 20:03:26 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\SOFA
[2011.03.09 09:35:09 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 09:35:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 09:35:09 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 09:35:09 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.23 00:30:56 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\elsterformular
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.24 19:21:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2011.03.24 19:19:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe
[2011.03.24 18:49:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 18:49:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 18:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.24 18:49:04 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.24 00:02:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.24 00:02:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe
[2011.03.23 23:44:18 | 000,001,356 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2011.03.22 10:14:37 | 000,342,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.22 02:18:50 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35708680r
[2011.03.22 02:18:50 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~35708680
[2011.03.22 02:18:49 | 000,000,590 | -H-- | M] () -- C:\Users\Machete 81\Desktop\Windows Recovery.lnk
[2011.03.22 02:18:46 | 000,000,344 | -H-- | M] () -- C:\ProgramData\35708680
[2011.03.22 02:18:44 | 000,467,968 | -H-- | M] () -- C:\ProgramData\35708680.exe
[2011.03.22 02:08:49 | 000,547,328 | -H-- | M] () -- C:\ProgramData\dsPRWEQVDgXDN.exe
[2011.03.17 23:01:40 | 004,711,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.17 23:01:40 | 001,858,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.17 23:01:40 | 001,436,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.17 23:01:40 | 001,299,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.16 00:11:21 | 000,168,960 | -H-- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.28 20:47:35 | 000,052,157 | -H-- | M] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf
[2011.02.28 20:39:02 | 000,082,595 | -H-- | M] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.24 00:02:38 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 10:12:36 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.22 02:18:49 | 000,000,590 | -H-- | C] () -- C:\Users\Machete 81\Desktop\Windows Recovery.lnk
[2011.03.22 02:18:49 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35708680r
[2011.03.22 02:18:49 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~35708680
[2011.03.22 02:18:46 | 000,000,344 | -H-- | C] () -- C:\ProgramData\35708680
[2011.03.22 02:18:43 | 000,467,968 | -H-- | C] () -- C:\ProgramData\35708680.exe
[2011.03.22 02:08:49 | 000,547,328 | -H-- | C] () -- C:\ProgramData\dsPRWEQVDgXDN.exe
[2011.02.28 20:47:35 | 000,052,157 | -H-- | C] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf
[2011.02.27 18:45:06 | 000,082,595 | -H-- | C] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo
[2011.01.21 00:29:26 | 000,000,760 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss
[2010.08.28 23:12:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.08.28 23:12:56 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2010.04.23 22:23:47 | 000,000,468 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.09.24 17:39:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 17:39:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 17:39:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.15 00:23:30 | 000,107,572 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.02.25 02:33:54 | 000,024,227 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\UserTile.png
[2009.02.22 23:02:45 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.02.13 18:42:32 | 000,000,034 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2008.12.04 17:59:06 | 000,178,992 | ---- | C] () -- C:\Windows\hphins26.dat
[2008.11.15 20:11:59 | 000,000,339 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.15 16:36:59 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2008.11.05 19:25:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.01 23:20:10 | 000,001,356 | ---- | C] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2008.11.01 22:19:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.26 19:07:46 | 000,005,061 | -H-- | C] () -- C:\ProgramData\xqkcebzs.dik
[2008.10.22 16:01:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.10.04 16:22:35 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2008.09.28 00:10:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008.09.24 19:52:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.09.24 19:52:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.07.04 19:41:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.04.01 20:47:15 | 000,000,098 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\fusioncache.dat
[2008.03.17 22:21:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.03.17 22:20:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.03.17 22:19:46 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.03.11 01:32:25 | 000,000,074 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\wklnhst.dat
[2008.03.06 23:06:44 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.03.06 23:06:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.03.05 18:49:51 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.03.04 23:59:23 | 000,022,328 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\PnkBstrK.sys
[2008.03.04 23:59:23 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.03.04 23:59:06 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.03.04 23:59:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.03.04 23:58:54 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.03.04 13:21:30 | 000,168,960 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 17:49:21 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2007.11.08 04:24:10 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.11.08 04:19:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.09.20 11:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007.09.20 11:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007.09.20 11:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.09.20 11:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007.09.20 11:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007.09.20 11:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007.09.20 11:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007.09.20 11:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007.09.20 11:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007.09.20 11:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007.09.20 11:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007.09.20 11:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007.09.20 11:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007.09.20 11:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007.09.20 11:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007.09.20 11:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007.09.20 11:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007.09.20 11:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007.09.20 11:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.03.20 15:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2006.11.02 16:33:31 | 004,711,396 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 001,436,582 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,342,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 001,858,312 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,299,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.07 22:29:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\ASPRTMM0.DLL
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.02.26 10:08:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.05.24 19:33:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\LEXPING.EXE
[2002.11.13 08:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2001.01.19 08:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
 
========== Files - Unicode (All) ==========
[2008.03.22 22:46:17 | 000,307,910 | -H-- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr
[2008.03.18 21:10:04 | 000,307,910 | -H-- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr

< End of report >
--- --- ---

cosinus 24.03.2011 19:31
Hast du die Funde mit Malwarebytes denn entfernt? Da steht überall -> No action taken.

machete81 24.03.2011 19:31
Und hier die zweite Datei.OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.03.2011 19:22:40 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 0,83 Gb Free Space | 0,27% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 18,52 Gb Free Space | 12,29% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"D:\FlashGet universal\FlashGet.exe" = D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"D:\FlashGet universal\LiveUpdate.exe" = D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"D:\FlashGet universal\LiveUpdateEx.exe" = D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A592195F-3853-447D-97CC-04A56390286F}" = lport=3074 | protocol=6 | dir=in | name=xbox |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045D0F5B-F82F-4C2B-8EE5-D0FC4084D816}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0614E0E1-FEE1-47BC-A2AB-A414B31C8CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08EBB26F-C52B-410E-A1C7-9448C23010C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B0863C0-3E55-43AF-B9A9-EB08A7C24A95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E4DF7E7-7F40-4D29-9A85-47F2982DCC4B}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords.exe |
"{1186921C-3036-41DF-80ED-965280E2C839}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12809EA2-4377-405A-9165-7F4E55108277}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{12CC7ED6-2795-4C88-A8B8-156C4E37AE56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14478ECB-C683-4196-888D-7588B07BE9EF}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords.exe |
"{14E78BD5-0BBF-47B7-92B1-39BC8A8BFB0C}" = protocol=17 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{164E2CA5-7D20-48AD-B6F6-C6BDE354FEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{171BEE58-157F-4BE5-8394-64CEA8D020FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{17BCBF6F-14B9-4E7D-BB84-7C3A7243A18F}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{1B41E50D-7E42-4721-A8F5-F275C5A8D904}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{23325B47-3AA4-45FB-8C3E-D6C40822B9EF}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{24494E33-0BD3-4640-8425-29458F42BF85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{259AEB18-A001-4329-8DD8-143ECBB5F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25EE09B7-B0BA-4875-92BE-B591083113C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2707859D-DD2D-40B1-A0BD-88AD1A9A867C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28BCF680-1225-46E1-AC02-E02E34E78B9C}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\civilization4.exe |
"{299ADD0A-78B0-465B-AC23-99C972AB2534}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2A57D064-CB30-4D98-8762-0A0162D2D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AC80058-DFA8-4D35-85A3-64496D2883E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C18CB93-96A5-4031-ABCC-7933FFA8DBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C236274-B307-4EEA-8165-1431A5EECE49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D17D5A9-891F-4C36-BB91-4DD0E6640B02}" = protocol=6 | dir=in | app=c:\spiele\nwn2server.exe |
"{2D18454C-00DA-4B46-BF34-7B8FAEAFD686}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2E7F3BAF-EA97-4CEC-813C-50EB064BC40C}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{2ED08F11-4B2C-4420-BB7F-7019457D0698}" = protocol=6 | dir=in | app=c:\spiele\nwn2main.exe |
"{327D1DB4-4BDF-41DD-9383-C54B8E59BAC4}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{3348DDC0-154D-4CFC-B753-8DFD9420C5C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33FFBAFD-40C1-423D-9E36-8A80B4976493}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34F7FEED-5A34-4169-B4A5-EB926551FAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3550F539-3454-4A03-80DF-91944DB8EA36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{365E3FD2-77BE-42D2-91EC-7130FEB01376}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{36D34AAB-8F69-4E07-B7C7-96AC28EEC003}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37805A21-C448-4852-8E36-6A15283E00E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AFBFC11-A486-4E74-8EB6-1753624725F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CD37345-D80C-4328-A79C-3ADE666A64E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E74B161-3361-43E0-A650-FED97A8A0C95}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{3EF48B45-1881-4C03-81D6-D8BB950F2FB5}" = protocol=17 | dir=in | app=c:\spiele\nwn2server.exe |
"{44340A1D-975C-4BCF-AFF7-61E7274051FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49F50F32-4D7D-4EDB-991E-A1BEC19CA342}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A5A2922-F660-44CB-ACCC-39261DCAD9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A68FB0D-A4BB-4B27-88FA-EC9DF5B46142}" = protocol=6 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{4F0790F9-368C-4CDE-9218-7477FA79D089}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{51AAB595-1396-414A-B084-67929E0BBFDE}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{564709A0-BE91-4B7A-A0DC-497019E2FA10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59EB79A6-2A57-4094-BD8F-5BB5606BA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B8CAEFF-B4CC-43E9-B771-6C2717A3A349}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C373DE3-A7AE-4A91-89CF-6A8A0D5E742C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E36D34D-A8D8-4186-ADA0-1E0E92C46921}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E55062F-9EEA-4895-821E-5F3B1C85D409}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{61A244BB-ED04-482E-A25A-3A6CDEF7D70E}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{622D0098-FAB5-4C89-8380-9886B0479135}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{67DE7D5E-DECB-44E2-ADBB-A9778177DE53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{689B3037-F52B-4753-8953-4DBA398773C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D05A97F-4587-48A2-8E33-2CAFE9CEF4D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DDB2E27-94B9-46AC-9746-5ABF74698700}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FD74FC8-F9CE-4E2D-8D76-04C00D43FBFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{724AE84B-6120-4F17-87D0-346620B7D3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{724B3A19-3FC8-4961-8DA5-EA578258A6F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72B8BA8B-1B16-49C9-9589-FC49C45CB16C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73E1AD91-065D-49D0-B93B-071B09CACF60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74A43D91-388E-4C04-8110-7FC568BF6F86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76A360B9-7922-43F1-9417-3C04D14AD0B3}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{7701D70D-6110-4988-80B3-DEF57F4DF188}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79BA966B-EDD1-418C-BED2-B911404ED313}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A8F9DC6-271A-40EB-B606-3A20E4C936C5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7B333CE5-F9CD-4554-9068-E2618C44DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{816165EB-9D23-40BF-AEBF-6B5BE4ADA43F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{829C9A20-F460-41EA-8B76-874172D48B40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89835FAB-93B7-4D16-B2A2-4C7C34BEF9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89CDAB74-35A9-40E1-9639-4D154CC3EF44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CE352CB-B0C3-4697-9CCA-1B2D2C506425}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{901A6F21-AD02-4D4E-859A-F58EA49FC566}" = protocol=17 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{90DDB494-1316-47A4-B674-78E240A1A0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91264671-1AA1-4397-9928-E2695C6EBC2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{912BDF7B-9B2D-4F5F-AADE-29DC3A8A43C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{919AD030-5D4D-47BA-B633-40D7CF7DC9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93448291-9851-4132-A1AA-B0FA0BA6CA68}" = protocol=17 | dir=in | app=c:\spiele\nwn2main_amdxp.exe |
"{935AD72A-DBD7-4CEF-95A2-39FCD65590FC}" = protocol=6 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{941B80C3-BAC5-44F6-BEE2-E83B97C09E9B}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{9619A50B-FBC3-4B86-A7E3-EAA486C1A49C}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{96EA8C50-965E-4F9E-811E-CCE93888BFE4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9820B525-9E5D-4EDE-8D6E-76404977BDA5}" = protocol=6 | dir=in | app=c:\spiele\nwn2main_amdxp.exe |
"{9DA55D1A-D2CE-4923-9E9E-FEECF0BA5868}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9EA4DBBB-DCD6-4337-B395-4B5B9146181A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9F02B04C-A374-4C59-AA2A-8C4DF403E051}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F2181F6-D4DB-451C-8D30-33AE9A61B1FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FAAF4C3-7D39-46F4-A7D1-74AC420E174B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2B0CD8E-41A1-4CF0-88F7-C21038553C1B}" = protocol=17 | dir=in | app=c:\spiele\nwupdate.exe |
"{A875CC5B-8776-4708-8FAC-68F170F7709B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8DF47FD-846F-4A8F-AAA0-81CB672FE370}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A9792BCA-17AE-4D8F-815E-665317468A60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFBE62D2-C76D-4CF7-8C0C-02EE2D66E256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4330B65-B71B-42A7-91B3-0076D3283368}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{B6E67F99-8B79-44B5-AF4C-8AA4B9FEC66E}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{B7D45E18-7C59-4178-9E01-727C1BFFD588}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9AE10E7-0A0B-4C13-B316-93D381A66D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB26BBF2-47BA-4576-93A4-54F8EB3DA3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB3B26EB-7EF8-4792-B11A-7368767B184F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BDEDCEC1-5DE5-4A1F-A8A4-8C0357C62B00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDFF4C76-5CD7-45F5-8F38-F669118F683A}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{BF23A919-743A-43A6-8642-A72AE73CFD67}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{C05B72CC-B3DD-4CF3-80A7-F2E4A8CBAE48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C296BA3C-1EE3-4D72-A210-E62D3952CD8C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C7F68983-FD6C-4811-B768-5ACC09A233AA}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C997E58C-5FA3-41B6-AB7E-0F73335F2ACC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA51F6EC-9575-484C-BD94-6C44CECE4E2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D05B0F58-9962-403F-9EDC-1A0BAE70E12E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2B28F81-BA5B-41AA-A9D9-680A856BF95A}" = protocol=6 | dir=in | app=c:\spiele\nwupdate.exe |
"{D45D9309-BDFF-4FF7-96C7-58C32B76EE72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D51BF14E-B21A-492C-A1D7-1EA17F3B6147}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D6C09D8E-4DA8-42D8-9221-542CD4249FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE206CDD-C56C-4A3F-90D3-FFBF69968B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0F09885-846C-4E44-A823-9B4164D519EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4B3668E-F36F-41E1-A269-E00ADBFCFE71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6084C69-1CB9-4DC4-A28A-559AEEF639D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7FBBE6C-B169-44FA-B4F4-54A718EA3D59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9BB054A-BAB3-4163-8352-57600A9C6094}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA8D9E48-3223-461A-BD4D-DB014A82D185}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{EBF55C22-A5DA-4B1F-A676-96CBEEDD7F96}" = protocol=17 | dir=in | app=c:\spiele\nwn2main.exe |
"{EC34750E-92B7-4DE0-AE4D-46C72D9732FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECD7B9F7-4E23-464F-A0E0-EBA4AD58954B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED869367-8C8D-4D24-A4FB-1E4ECE69EB96}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EFBD7BF4-CA20-41CB-A775-D28A4AE47559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F06C3B19-80C2-4C9B-8924-2C0AD0801BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F18D825F-B77F-4F31-8F19-DA9BBC07DC0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1F8BA62-34C7-414E-A0E3-980DBFEA91D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3AF1DE9-ABF0-4DEB-BA42-811D4A9FA851}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\civilization4.exe |
"{F6DA034C-68B5-4DE0-8A4C-2B39CA060864}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F799F199-77E0-49CB-9852-34BCEC001E18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F79EA545-83E7-46C0-87B4-222A4C02C58D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7CA699C-99FC-47D2-B747-9F6BF33091C8}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{F7E281C1-8AD5-4233-87C3-B27308569725}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{F7EA93F2-35BB-4D50-8AC2-2E9989C138CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8D47FFE-6313-4D13-9431-3F681B9A3CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBC823D7-FBE3-4B44-8E06-84652CBEBF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD51BB9E-1A89-4281-B590-C5A8F59D504C}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{FF4D05AF-A441-412F-935F-2104EF42DD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1EF81E8B-E125-4809-88F6-4FAF83B55004}C:\spiele\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\spiele\bin32\farcry.exe |
"TCP Query User{31355AF5-552F-451F-9CCF-2240EF6DD52C}D:\flashget universal\flashget.exe" = protocol=6 | dir=in | app=d:\flashget universal\flashget.exe |
"TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{38534942-078C-4F37-A89E-446C720A8600}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{3EADBA74-EFDB-42D5-912F-510FED104C7A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{4AF95445-0792-4B33-8DC6-140D44EB81BF}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{60E1F0E4-BC19-42CD-ABE0-46C9A337BD99}C:\spiele\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\spiele\far cry\bin32\farcry.exe |
"TCP Query User{621238A9-D48B-4DEC-B743-831F060D15DF}C:\users\machete 81\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\machete 81\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{6B4AF642-7806-4DE8-96F1-A1C0C68D229D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{98617C64-04A3-46BA-BB49-9E03520176D0}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{F538F40B-DB74-431C-BCA7-20B09C37F5C9}C:\users\machete 81\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe |
"TCP Query User{F995EF0B-823D-4884-B55C-2D728FA2C354}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{FD44873F-3CD6-4E75-82EF-7FC1ABDA4AAA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1DC48A1E-0479-457A-87BA-BF31C0D89FD0}C:\users\machete 81\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\machete 81\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{1FD311DE-4AC4-45CE-AD2C-9D2ADB4D2B05}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{238501B8-F605-44F2-A2BD-B8C70325870E}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{31A85139-3202-498E-918F-6D8D6A5DAEA3}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{3D7E44EB-3DA4-47F2-9529-0101F8EA21C2}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{53165DFE-4380-4B54-A753-E6186DB0849D}D:\flashget universal\flashget.exe" = protocol=17 | dir=in | app=d:\flashget universal\flashget.exe |
"UDP Query User{7E05D34C-3F3E-4379-B7C7-0A0E2C8C5569}C:\spiele\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\spiele\bin32\farcry.exe |
"UDP Query User{9C8561FE-B791-4CE4-9D6C-E91E1A3623E6}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{A09F04D7-BE9B-472D-B41F-4150872E3ECA}C:\spiele\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\spiele\far cry\bin32\farcry.exe |
"UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{D67B791C-459C-44D6-A69A-4BDEEF56FF3F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{E9048B17-641B-4DCA-B5F7-503864F0252F}C:\users\machete 81\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe |
"UDP Query User{FF90E459-DAD2-4323-9CC8-679CB325B4B8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anno 1701 Launch Tool_is1" = das Anno 1701 Launch Tool 1.0
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.35
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"DivX Setup.divx.com" = DivX-Setup
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"FlashGet 2.0" = FlashGet 2.0
"Free Audio Editor" = Free Audio Editor
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gehirnjogging - Der Trainer fürs Gedächtnis..." = Gehirnjogging - Der Trainer fürs Gedächtnis...
"HD-FotoShow_is1" = DATA BECKER HD-FotoShow
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"Totally Free Tag Editor_is1" = Totally Free Tag Editor
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Voozie Maker" = Voozie Maker
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Xilisoft Video Converter" = Xilisoft Video Converter 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.06.2010 16:54:19 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.06.2010 16:54:19 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 17.06.2010 06:24:43 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 17.06.2010 06:24:43 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.06.2010 05:02:38 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.06.2010 05:02:38 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.06.2010 04:23:29 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.06.2010 04:23:29 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.06.2010 16:15:04 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.06.2010 16:15:04 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 11.02.2010 15:43:52 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.02.2010 19:13:39 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 21.03.2010 18:47:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.04.2010 20:33:37 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.06.2010 10:55:04 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 19.08.2010 17:05:19 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.10.2010 21:44:15 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/14/2010 03:44:15
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 22.10.2010 20:31:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.10.2010 19:56:49 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 05.11.2010 15:28:56 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/05/2010 20:28:56
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ System Events ]
Error - 23.03.2011 17:24:37 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.03.2011 17:24:49 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 23.03.2011 17:24:51 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.03.2011 17:29:58 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 23.03.2011 18:45:10 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.03.2011 18:45:16 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 23.03.2011 18:45:16 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 24.03.2011 13:50:49 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 24.03.2011 13:51:12 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 24.03.2011 13:51:12 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

machete81 24.03.2011 19:34
Ich hatte nichts gemacht...nicht getraut...;), dachte du müsstest die Logfile erst analysieren...

Jedenfalls sind nach nem Neustart ja auch die Logfiles nur noch auf dem Desktop....sollte ich nen neuen Scan mit Malewarebytes machen und die Aktion ausführen...??

Aber echt vielen Dank für die Hilfe...bin das erste Mal in einem Forum aktiv...

cosinus 24.03.2011 19:43
Ja, Malwarebytes starten, Update machen, neuen Vollscan und dann alle Funde entfernen.

machete81 24.03.2011 19:49
wie gesagt bin grad erstmal begeistert von dieser unabhängigen Hilfe hier, das ist echt ne edle Sache...jedenfalls wird der Scan wohl wie gestern abend ca 2h dauern....naja, ich werde mal die Ergebnisse posten....kann man die alten Beiträge (Logfiles) sonst schon mal löschen zwecks besserer Übersicht im Forum??

Bis denn

Andi

cosinus 24.03.2011 20:41
Die alten Logs bleiben hier drin! :D

machete81 24.03.2011 22:43
hallo, ich habe die Funde mit malewarebytes entfernen lassen und danach den OTL-Scanner laufen lassen....die Dateien folgen. Nachdem von Malewarebytes angefragten Neustart hat sich allerdings ncihts verändert, die Windows Recovery Fenster tauchen zwar nicht mehr auf, aber auf die Festplatten kann ich noch nciht zugreifen, zudem kommt eine neue Meldung über blockierte Autostartprogramme ??Naja, hier sonst nochmal die neue MalewareByte-Logfile und die OTL-Logs


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6158

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.03.2011 22:04:21
mbam-log-2011-03-24 (22-04-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 359549
Laufzeit: 1 Stunde(n), 35 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\AVSuitE (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dsPRWEQVDgXDN (Trojan.Downloader) -> Value: dsPRWEQVDgXDN -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\dsprweqvdgxdn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\programdata\35708680.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\machete 81\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\7Z1DYEWO\calc[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

machete81 24.03.2011 22:44
OTL-Log
 
OTL Logfile:
Code:
OTL logfile created on: 24.03.2011 22:28:43 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 0,74 Gb Free Space | 0,24% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 18,52 Gb Free Space | 12,29% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ISPwdSvc) --  File not found
SRV - (comHost) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (ccSetMgr) --  File not found
SRV - (ccEvtMgr) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (StarWindServiceAE) -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (OlyCamComm) -- C:\Windows\System32\drivers\OlyCamComm.sys (OLYMPUS IMAGING CORP.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (CyberLink Corp.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation)
DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15015&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http:google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.03 20:18:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.03 20:18:08 | 000,000,000 | ---D | M]
 
[2009.01.25 13:22:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions
[2011.01.23 21:31:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions
[2009.08.13 17:38:32 | 000,002,236 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\askcom.xml
[2009.05.07 16:07:36 | 000,000,894 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\conduit.xml
[2009.08.30 12:38:03 | 000,002,321 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\forestle-de.xml
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.10.24 17:27:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008.12.04 16:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.18 19:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.09.02 02:01:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 20:18:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 20:18:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 20:18:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 20:18:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 20:18:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RGSC]  File not found
O4 - Startup: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 83.169.186.225
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{32d1c7be-600a-11dd-a0a2-0019214d0bcf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{6297e510-08cd-11df-bf0a-0019214d0bcf}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{b8207dd4-0012-11dd-bcd2-0019214d0bcf}\Shell - "" = AutoRun
O33 - MountPoints2\{b8207dd4-0012-11dd-bcd2-0019214d0bcf}\Shell\AutoRun\command - "" = K:\CDStart.exe
O33 - MountPoints2\{d59a522b-0546-11e0-8bda-0019214d0bcf}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e879e679-be16-11dd-a94a-0019214d0bcf}\Shell - "" = AutoRun
O33 - MountPoints2\{e879e679-be16-11dd-a94a-0019214d0bcf}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{fd7a3e26-6c91-11dd-b91a-0019214d0bcf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 19:21:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2011.03.24 00:02:51 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\AppData\Roaming\Malwarebytes
[2011.03.24 00:02:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.24 00:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.24 00:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.24 00:02:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.24 00:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.24 00:02:00 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe
[2011.03.22 02:44:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe
[2011.03.22 02:18:48 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.03.12 20:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\Neuer Ordner
[2011.03.12 20:03:26 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\SOFA
[2011.03.09 09:35:09 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 09:35:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 09:35:09 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 09:35:09 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.23 00:30:56 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\elsterformular
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.24 22:22:20 | 000,001,356 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2011.03.24 22:21:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 22:21:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 22:21:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.24 22:21:48 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.24 19:21:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2011.03.24 19:19:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe
[2011.03.24 00:02:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.24 00:02:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe
[2011.03.22 10:14:37 | 000,342,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.22 02:18:50 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35708680r
[2011.03.22 02:18:50 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~35708680
[2011.03.22 02:18:49 | 000,000,590 | -H-- | M] () -- C:\Users\Machete 81\Desktop\Windows Recovery.lnk
[2011.03.22 02:18:46 | 000,000,344 | -H-- | M] () -- C:\ProgramData\35708680
[2011.03.17 23:01:40 | 004,711,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.17 23:01:40 | 001,858,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.17 23:01:40 | 001,436,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.17 23:01:40 | 001,299,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.16 00:11:21 | 000,168,960 | -H-- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.28 20:47:35 | 000,052,157 | -H-- | M] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf
[2011.02.28 20:39:02 | 000,082,595 | -H-- | M] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.24 00:02:38 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 10:12:36 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.22 02:18:49 | 000,000,590 | -H-- | C] () -- C:\Users\Machete 81\Desktop\Windows Recovery.lnk
[2011.03.22 02:18:49 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35708680r
[2011.03.22 02:18:49 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~35708680
[2011.03.22 02:18:46 | 000,000,344 | -H-- | C] () -- C:\ProgramData\35708680
[2011.02.28 20:47:35 | 000,052,157 | -H-- | C] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf
[2011.02.27 18:45:06 | 000,082,595 | -H-- | C] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo
[2011.01.21 00:29:26 | 000,000,760 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss
[2010.08.28 23:12:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.08.28 23:12:56 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2010.04.23 22:23:47 | 000,000,468 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.09.24 17:39:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 17:39:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 17:39:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.15 00:23:30 | 000,107,572 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.02.25 02:33:54 | 000,024,227 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\UserTile.png
[2009.02.22 23:02:45 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.02.13 18:42:32 | 000,000,034 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2008.12.04 17:59:06 | 000,178,992 | ---- | C] () -- C:\Windows\hphins26.dat
[2008.11.15 20:11:59 | 000,000,339 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.15 16:36:59 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2008.11.05 19:25:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.01 23:20:10 | 000,001,356 | ---- | C] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2008.11.01 22:19:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.26 19:07:46 | 000,005,061 | -H-- | C] () -- C:\ProgramData\xqkcebzs.dik
[2008.10.22 16:01:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.10.04 16:22:35 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2008.09.28 00:10:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008.09.24 19:52:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.09.24 19:52:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.07.04 19:41:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.04.01 20:47:15 | 000,000,098 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\fusioncache.dat
[2008.03.17 22:21:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.03.17 22:20:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.03.17 22:19:46 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.03.11 01:32:25 | 000,000,074 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\wklnhst.dat
[2008.03.06 23:06:44 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.03.06 23:06:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.03.05 18:49:51 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.03.04 23:59:23 | 000,022,328 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\PnkBstrK.sys
[2008.03.04 23:59:23 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.03.04 23:59:06 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.03.04 23:59:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.03.04 23:58:54 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.03.04 13:21:30 | 000,168,960 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 17:49:21 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2007.11.08 04:24:10 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.11.08 04:19:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.09.20 11:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007.09.20 11:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007.09.20 11:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.09.20 11:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007.09.20 11:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007.09.20 11:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007.09.20 11:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007.09.20 11:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007.09.20 11:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007.09.20 11:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007.09.20 11:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007.09.20 11:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007.09.20 11:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007.09.20 11:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007.09.20 11:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007.09.20 11:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007.09.20 11:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007.09.20 11:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007.09.20 11:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.03.20 15:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2006.11.02 16:33:31 | 004,711,396 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 001,436,582 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,342,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 001,858,312 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,299,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.07 22:29:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\ASPRTMM0.DLL
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.02.26 10:08:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.05.24 19:33:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\LEXPING.EXE
[2002.11.13 08:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2001.01.19 08:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
 
========== Files - Unicode (All) ==========
[2008.03.22 22:46:17 | 000,307,910 | -H-- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr
[2008.03.18 21:10:04 | 000,307,910 | -H-- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr

< End of report >
--- --- ---

machete81 24.03.2011 22:45
OTL-Log Extras
 
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.03.2011 22:28:43 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 0,74 Gb Free Space | 0,24% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 18,52 Gb Free Space | 12,29% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"D:\FlashGet universal\FlashGet.exe" = D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"D:\FlashGet universal\LiveUpdate.exe" = D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"D:\FlashGet universal\LiveUpdateEx.exe" = D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A592195F-3853-447D-97CC-04A56390286F}" = lport=3074 | protocol=6 | dir=in | name=xbox |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045D0F5B-F82F-4C2B-8EE5-D0FC4084D816}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0614E0E1-FEE1-47BC-A2AB-A414B31C8CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08EBB26F-C52B-410E-A1C7-9448C23010C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B0863C0-3E55-43AF-B9A9-EB08A7C24A95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E4DF7E7-7F40-4D29-9A85-47F2982DCC4B}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords.exe |
"{1186921C-3036-41DF-80ED-965280E2C839}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12809EA2-4377-405A-9165-7F4E55108277}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{12CC7ED6-2795-4C88-A8B8-156C4E37AE56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14478ECB-C683-4196-888D-7588B07BE9EF}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords.exe |
"{14E78BD5-0BBF-47B7-92B1-39BC8A8BFB0C}" = protocol=17 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{164E2CA5-7D20-48AD-B6F6-C6BDE354FEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{171BEE58-157F-4BE5-8394-64CEA8D020FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{17BCBF6F-14B9-4E7D-BB84-7C3A7243A18F}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{1B41E50D-7E42-4721-A8F5-F275C5A8D904}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{23325B47-3AA4-45FB-8C3E-D6C40822B9EF}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{24494E33-0BD3-4640-8425-29458F42BF85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{259AEB18-A001-4329-8DD8-143ECBB5F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25EE09B7-B0BA-4875-92BE-B591083113C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2707859D-DD2D-40B1-A0BD-88AD1A9A867C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28BCF680-1225-46E1-AC02-E02E34E78B9C}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\civilization4.exe |
"{299ADD0A-78B0-465B-AC23-99C972AB2534}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2A57D064-CB30-4D98-8762-0A0162D2D36C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AC80058-DFA8-4D35-85A3-64496D2883E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C18CB93-96A5-4031-ABCC-7933FFA8DBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C236274-B307-4EEA-8165-1431A5EECE49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D17D5A9-891F-4C36-BB91-4DD0E6640B02}" = protocol=6 | dir=in | app=c:\spiele\nwn2server.exe |
"{2D18454C-00DA-4B46-BF34-7B8FAEAFD686}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2E7F3BAF-EA97-4CEC-813C-50EB064BC40C}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{2ED08F11-4B2C-4420-BB7F-7019457D0698}" = protocol=6 | dir=in | app=c:\spiele\nwn2main.exe |
"{327D1DB4-4BDF-41DD-9383-C54B8E59BAC4}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{3348DDC0-154D-4CFC-B753-8DFD9420C5C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33FFBAFD-40C1-423D-9E36-8A80B4976493}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34F7FEED-5A34-4169-B4A5-EB926551FAAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3550F539-3454-4A03-80DF-91944DB8EA36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{365E3FD2-77BE-42D2-91EC-7130FEB01376}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{36D34AAB-8F69-4E07-B7C7-96AC28EEC003}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37805A21-C448-4852-8E36-6A15283E00E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AFBFC11-A486-4E74-8EB6-1753624725F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CD37345-D80C-4328-A79C-3ADE666A64E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E74B161-3361-43E0-A650-FED97A8A0C95}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{3EF48B45-1881-4C03-81D6-D8BB950F2FB5}" = protocol=17 | dir=in | app=c:\spiele\nwn2server.exe |
"{44340A1D-975C-4BCF-AFF7-61E7274051FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49F50F32-4D7D-4EDB-991E-A1BEC19CA342}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A5A2922-F660-44CB-ACCC-39261DCAD9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A68FB0D-A4BB-4B27-88FA-EC9DF5B46142}" = protocol=6 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{4F0790F9-368C-4CDE-9218-7477FA79D089}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{51AAB595-1396-414A-B084-67929E0BBFDE}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{564709A0-BE91-4B7A-A0DC-497019E2FA10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59EB79A6-2A57-4094-BD8F-5BB5606BA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B8CAEFF-B4CC-43E9-B771-6C2717A3A349}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C373DE3-A7AE-4A91-89CF-6A8A0D5E742C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E36D34D-A8D8-4186-ADA0-1E0E92C46921}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E55062F-9EEA-4895-821E-5F3B1C85D409}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{61A244BB-ED04-482E-A25A-3A6CDEF7D70E}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{622D0098-FAB5-4C89-8380-9886B0479135}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{67DE7D5E-DECB-44E2-ADBB-A9778177DE53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{689B3037-F52B-4753-8953-4DBA398773C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D05A97F-4587-48A2-8E33-2CAFE9CEF4D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DDB2E27-94B9-46AC-9746-5ABF74698700}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FD74FC8-F9CE-4E2D-8D76-04C00D43FBFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{724AE84B-6120-4F17-87D0-346620B7D3CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{724B3A19-3FC8-4961-8DA5-EA578258A6F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72B8BA8B-1B16-49C9-9589-FC49C45CB16C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73E1AD91-065D-49D0-B93B-071B09CACF60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74A43D91-388E-4C04-8110-7FC568BF6F86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76A360B9-7922-43F1-9417-3C04D14AD0B3}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{7701D70D-6110-4988-80B3-DEF57F4DF188}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79BA966B-EDD1-418C-BED2-B911404ED313}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A8F9DC6-271A-40EB-B606-3A20E4C936C5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7B333CE5-F9CD-4554-9068-E2618C44DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{816165EB-9D23-40BF-AEBF-6B5BE4ADA43F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{829C9A20-F460-41EA-8B76-874172D48B40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89835FAB-93B7-4D16-B2A2-4C7C34BEF9FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89CDAB74-35A9-40E1-9639-4D154CC3EF44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CE352CB-B0C3-4697-9CCA-1B2D2C506425}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{901A6F21-AD02-4D4E-859A-F58EA49FC566}" = protocol=17 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{90DDB494-1316-47A4-B674-78E240A1A0FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91264671-1AA1-4397-9928-E2695C6EBC2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{912BDF7B-9B2D-4F5F-AADE-29DC3A8A43C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{919AD030-5D4D-47BA-B633-40D7CF7DC9CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93448291-9851-4132-A1AA-B0FA0BA6CA68}" = protocol=17 | dir=in | app=c:\spiele\nwn2main_amdxp.exe |
"{935AD72A-DBD7-4CEF-95A2-39FCD65590FC}" = protocol=6 | dir=in | app=c:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{941B80C3-BAC5-44F6-BEE2-E83B97C09E9B}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{9619A50B-FBC3-4B86-A7E3-EAA486C1A49C}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{96EA8C50-965E-4F9E-811E-CCE93888BFE4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9820B525-9E5D-4EDE-8D6E-76404977BDA5}" = protocol=6 | dir=in | app=c:\spiele\nwn2main_amdxp.exe |
"{9DA55D1A-D2CE-4923-9E9E-FEECF0BA5868}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9EA4DBBB-DCD6-4337-B395-4B5B9146181A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9F02B04C-A374-4C59-AA2A-8C4DF403E051}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F2181F6-D4DB-451C-8D30-33AE9A61B1FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FAAF4C3-7D39-46F4-A7D1-74AC420E174B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2B0CD8E-41A1-4CF0-88F7-C21038553C1B}" = protocol=17 | dir=in | app=c:\spiele\nwupdate.exe |
"{A875CC5B-8776-4708-8FAC-68F170F7709B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8DF47FD-846F-4A8F-AAA0-81CB672FE370}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A9792BCA-17AE-4D8F-815E-665317468A60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFBE62D2-C76D-4CF7-8C0C-02EE2D66E256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4330B65-B71B-42A7-91B3-0076D3283368}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{B6E67F99-8B79-44B5-AF4C-8AA4B9FEC66E}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{B7D45E18-7C59-4178-9E01-727C1BFFD588}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9AE10E7-0A0B-4C13-B316-93D381A66D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB26BBF2-47BA-4576-93A4-54F8EB3DA3CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB3B26EB-7EF8-4792-B11A-7368767B184F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BDEDCEC1-5DE5-4A1F-A8A4-8C0357C62B00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDFF4C76-5CD7-45F5-8F38-F669118F683A}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{BF23A919-743A-43A6-8642-A72AE73CFD67}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{C05B72CC-B3DD-4CF3-80A7-F2E4A8CBAE48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C296BA3C-1EE3-4D72-A210-E62D3952CD8C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C7F68983-FD6C-4811-B768-5ACC09A233AA}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C997E58C-5FA3-41B6-AB7E-0F73335F2ACC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA51F6EC-9575-484C-BD94-6C44CECE4E2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D05B0F58-9962-403F-9EDC-1A0BAE70E12E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2B28F81-BA5B-41AA-A9D9-680A856BF95A}" = protocol=6 | dir=in | app=c:\spiele\nwupdate.exe |
"{D45D9309-BDFF-4FF7-96C7-58C32B76EE72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D51BF14E-B21A-492C-A1D7-1EA17F3B6147}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D6C09D8E-4DA8-42D8-9221-542CD4249FC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE206CDD-C56C-4A3F-90D3-FFBF69968B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0F09885-846C-4E44-A823-9B4164D519EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4B3668E-F36F-41E1-A269-E00ADBFCFE71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6084C69-1CB9-4DC4-A28A-559AEEF639D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7FBBE6C-B169-44FA-B4F4-54A718EA3D59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9BB054A-BAB3-4163-8352-57600A9C6094}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA8D9E48-3223-461A-BD4D-DB014A82D185}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{EBF55C22-A5DA-4B1F-A676-96CBEEDD7F96}" = protocol=17 | dir=in | app=c:\spiele\nwn2main.exe |
"{EC34750E-92B7-4DE0-AE4D-46C72D9732FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECD7B9F7-4E23-464F-A0E0-EBA4AD58954B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED869367-8C8D-4D24-A4FB-1E4ECE69EB96}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EFBD7BF4-CA20-41CB-A775-D28A4AE47559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F06C3B19-80C2-4C9B-8924-2C0AD0801BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F18D825F-B77F-4F31-8F19-DA9BBC07DC0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1F8BA62-34C7-414E-A0E3-980DBFEA91D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3AF1DE9-ABF0-4DEB-BA42-811D4A9FA851}" = protocol=17 | dir=in | app=c:\spiele\sid meier's civilization 4\civilization4.exe |
"{F6DA034C-68B5-4DE0-8A4C-2B39CA060864}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F799F199-77E0-49CB-9852-34BCEC001E18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F79EA545-83E7-46C0-87B4-222A4C02C58D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7CA699C-99FC-47D2-B747-9F6BF33091C8}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{F7E281C1-8AD5-4233-87C3-B27308569725}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{F7EA93F2-35BB-4D50-8AC2-2E9989C138CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8D47FFE-6313-4D13-9431-3F681B9A3CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBC823D7-FBE3-4B44-8E06-84652CBEBF4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD51BB9E-1A89-4281-B590-C5A8F59D504C}" = protocol=6 | dir=in | app=c:\spiele\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{FF4D05AF-A441-412F-935F-2104EF42DD5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1EF81E8B-E125-4809-88F6-4FAF83B55004}C:\spiele\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\spiele\bin32\farcry.exe |
"TCP Query User{31355AF5-552F-451F-9CCF-2240EF6DD52C}D:\flashget universal\flashget.exe" = protocol=6 | dir=in | app=d:\flashget universal\flashget.exe |
"TCP Query User{34FDE753-7AFD-4B7B-9FE4-114170AA47DC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{38534942-078C-4F37-A89E-446C720A8600}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{3EADBA74-EFDB-42D5-912F-510FED104C7A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{499B4820-D8F7-491F-AC35-4E9F7CE72B2E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{4AF95445-0792-4B33-8DC6-140D44EB81BF}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{60E1F0E4-BC19-42CD-ABE0-46C9A337BD99}C:\spiele\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\spiele\far cry\bin32\farcry.exe |
"TCP Query User{621238A9-D48B-4DEC-B743-831F060D15DF}C:\users\machete 81\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\machete 81\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{6B4AF642-7806-4DE8-96F1-A1C0C68D229D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{98617C64-04A3-46BA-BB49-9E03520176D0}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{F538F40B-DB74-431C-BCA7-20B09C37F5C9}C:\users\machete 81\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe |
"TCP Query User{F995EF0B-823D-4884-B55C-2D728FA2C354}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{FD44873F-3CD6-4E75-82EF-7FC1ABDA4AAA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1DC48A1E-0479-457A-87BA-BF31C0D89FD0}C:\users\machete 81\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\machete 81\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{1DE2F066-389E-4AF4-BF02-8CFBCFE2C0E2}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{1FD311DE-4AC4-45CE-AD2C-9D2ADB4D2B05}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{238501B8-F605-44F2-A2BD-B8C70325870E}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{31A85139-3202-498E-918F-6D8D6A5DAEA3}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{3D7E44EB-3DA4-47F2-9529-0101F8EA21C2}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{53165DFE-4380-4B54-A753-E6186DB0849D}D:\flashget universal\flashget.exe" = protocol=17 | dir=in | app=d:\flashget universal\flashget.exe |
"UDP Query User{7E05D34C-3F3E-4379-B7C7-0A0E2C8C5569}C:\spiele\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\spiele\bin32\farcry.exe |
"UDP Query User{9C8561FE-B791-4CE4-9D6C-E91E1A3623E6}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{A09F04D7-BE9B-472D-B41F-4150872E3ECA}C:\spiele\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\spiele\far cry\bin32\farcry.exe |
"UDP Query User{AD2374D6-5737-4AEF-AD35-1A5C69557977}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{D67B791C-459C-44D6-A69A-4BDEEF56FF3F}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{E9048B17-641B-4DCA-B5F7-503864F0252F}C:\users\machete 81\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\machete 81\program files\dna\btdna.exe |
"UDP Query User{FF90E459-DAD2-4323-9CC8-679CB325B4B8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anno 1701 Launch Tool_is1" = das Anno 1701 Launch Tool 1.0
"Ashampoo WinOptimizer 4_is1" = Ashampoo WinOptimizer 4.35
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"DivX Setup.divx.com" = DivX-Setup
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"FlashGet 2.0" = FlashGet 2.0
"Free Audio Editor" = Free Audio Editor
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gehirnjogging - Der Trainer fürs Gedächtnis..." = Gehirnjogging - Der Trainer fürs Gedächtnis...
"HD-FotoShow_is1" = DATA BECKER HD-FotoShow
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{7595EEB5-6637-49B6-B191-DB5108F7ECB4}" = PC Camer@
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"Totally Free Tag Editor_is1" = Totally Free Tag Editor
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Voozie Maker" = Voozie Maker
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Xilisoft Video Converter" = Xilisoft Video Converter 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2010 17:10:29 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 15.06.2010 17:10:29 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.06.2010 02:35:30 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.06.2010 02:35:30 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.06.2010 16:54:19 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 16.06.2010 16:54:19 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 17.06.2010 06:24:43 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 17.06.2010 06:24:43 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.06.2010 05:02:38 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.06.2010 05:02:38 | Computer Name = Machete81-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 11.02.2010 15:43:52 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.02.2010 19:13:39 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 21.03.2010 18:47:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.04.2010 20:33:37 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.06.2010 10:55:04 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 19.08.2010 17:05:19 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 13.10.2010 21:44:15 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/14/2010 03:44:15
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 22.10.2010 20:31:07 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.10.2010 19:56:49 | Computer Name = Machete81-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 05.11.2010 15:28:56 | Computer Name = Machete81-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/05/2010 20:28:56
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ System Events ]
Error - 23.03.2011 18:45:16 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 24.03.2011 13:50:49 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 24.03.2011 13:51:12 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 24.03.2011 13:51:12 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 24.03.2011 17:12:56 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 24.03.2011 17:12:56 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 24.03.2011 17:12:56 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 24.03.2011 17:23:31 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 24.03.2011 17:23:31 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 24.03.2011 17:23:31 | Computer Name = Machete81-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

cosinus 24.03.2011 22:54
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.22 02:18:49 | 000,000,590 | -H-- | C] () -- C:\Users\Machete 81\Desktop\Windows Recovery.lnk
[2011.03.22 02:18:49 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35708680r
[2011.03.22 02:18:49 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~35708680
[2011.03.22 02:18:46 | 000,000,344 | -H-- | C] () -- C:\ProgramData\35708680
[2011.03.22 02:18:50 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35708680r
[2011.03.22 02:18:50 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~35708680
[2011.03.22 02:18:49 | 000,000,590 | -H-- | M] () -- C:\Users\Machete 81\Desktop\Windows Recovery.lnk
[2011.03.22 02:18:46 | 000,000,344 | -H-- | M] () -- C:\ProgramData\35708680
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{32d1c7be-600a-11dd-a0a2-0019214d0bcf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{6297e510-08cd-11df-bf0a-0019214d0bcf}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{b8207dd4-0012-11dd-bcd2-0019214d0bcf}\Shell - "" = AutoRun
O33 - MountPoints2\{b8207dd4-0012-11dd-bcd2-0019214d0bcf}\Shell\AutoRun\command - "" = K:\CDStart.exe
O33 - MountPoints2\{d59a522b-0546-11e0-8bda-0019214d0bcf}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e879e679-be16-11dd-a94a-0019214d0bcf}\Shell - "" = AutoRun
O33 - MountPoints2\{e879e679-be16-11dd-a94a-0019214d0bcf}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{fd7a3e26-6c91-11dd-b91a-0019214d0bcf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O4 - HKCU..\Run: [RGSC]  File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

machete81 24.03.2011 23:26
Hallo, also habe das so ausgeführt wie beschrieben, aber die Frage nach dem Neustart, habe ich dann mit OK beantwortet und der Rechner ist dann auch sofort runtergefahren und kein Logfile "erhalten" ?
Der erste Start war auch nur mit schwarzem Bildschirm, hab dann per Knopfdruck "manuell" runtergefahren und jetzt ists beim Alten...d.h. kein Festplattenzugriff!

Soll ich erneut den OTL anschmeissen?
Hab langsam echt Schiss um meine Daten.

cosinus 24.03.2011 23:27
Ja mach den OTL-Fix bitte nochmal.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:04 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19