Seite 2 von 3 ErsteErste 123 LetzteLetzte
Ergebnis 11 bis 20 von 29

Thema: Trojan.Win32.Generic!BT

  1. #11
    schrauber
    Gast

    AW: Trojan.Win32.Generic!BT

    Ok ich bleibe in Bereitschaft

  2. #12
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Ich hatte zwei Einträge von Ad-Aware:
    „Ad-Aware Antivirus“ und „Ad-Aware Browsing Protection“.

    „Ad-Aware Antivirus“ habe ich nunmehr über die Windows-Routine deinstalliert. Daraufhin erschien ein Logfile namens „MSIe4a29“.

    „Ad-Aware Browsing Protection“ ist noch installiert. Soll das auch deinstalliert warden?

    Reicht eigentlich die Deinstallation über die Windows-Routine?

    Bis denn…

  3. #13
    schrauber
    Gast

    AW: Trojan.Win32.Generic!BT

    Klar das reicht. Nee das kannste lassen.

  4. #14
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Habe OTL durchgeführt:

    Code:
     All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
    Prefs.js: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" removed from keyword.URL
    C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\yasni.xml moved successfully.
    C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
    C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
    C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
    C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
    C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
    C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\.# folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows-IP-Konfiguration
    Der DNS-Aufl”sungscache wurde geleert.
    C:\Users\PTOLEMAIOS SOTER\Desktop\cmd.bat deleted successfully.
    C:\Users\PTOLEMAIOS SOTER\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: NOUS CINQ
    ->Temp folder emptied: 11436345 bytes
    ->Temporary Internet Files folder emptied: 6377050 bytes
    ->Java cache emptied: 1 bytes
    ->FireFox cache emptied: 65438212 bytes
    ->Flash cache emptied: 506 bytes
     
    User: PTOLEMAIOS SOTER
    ->Temp folder emptied: 47065265 bytes
    ->Temporary Internet Files folder emptied: 51027542 bytes
    ->Java cache emptied: 479439 bytes
    ->FireFox cache emptied: 61212632 bytes
    ->Flash cache emptied: 523 bytes
     
    User: Public
     
    User: SOPHIE
    ->Temp folder emptied: 9762031 bytes
    ->Temporary Internet Files folder emptied: 4671708 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 115187024 bytes
    ->Flash cache emptied: 1176 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4409769711 bytes
    RecycleBin emptied: 5810452 bytes
     
    Total Files Cleaned = 4.566,00 mb
     
     
    OTL by OldTimer - Version 3.2.61.5 log created on 09172012_220948
    
    Files\Folders moved on Reboot...
    
    PendingFileRenameOperations files...
    
    Registry entries deleted on Reboot...
    Für was war das gut?

  5. #15
    schrauber
    Gast

    AW: Trojan.Win32.Generic!BT

    Grundreinigung sowie einige "unerwünschte" Einträge gefixt. Noch Probleme? Wenn nicht räumen wir unsere Arbeit auf .

  6. #16
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    So, ich habe die Liste weiter abgearbeitet wie folgt:

    - Java-Cache geleert.

    - CCleaner eingesetzt wie im Forum beschrieben. Durch Reinigung von Windows + Anwendungen wurden 183,4 MB gelöscht. In der Registry wurden 157 Werte gelöscht.

    - Hier die „install“-Liste. Die Einträge müssten alle passen:

    Code:
     1-abc.net File Renamer (Remove only)		09.03.2012		
    ABBYY FineReader 5.0 Sprint	ABBYY Software House	31.12.2011	101MB	5.0.0.3411
    Abenteuer auf dem Reiterhof 3 - Das Erbe der Gräfin	Ubisoft	24.08.2012		1.00.0000
    Ad-Aware Browsing Protection	Lavasoft	20.08.2012		0.9.0.2
    Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	06.05.2012	6,00MB	11.2.202.235
    Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	24.08.2012	6,00MB	11.4.402.265
    Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	16.08.2012	154MB	10.1.4
    Adobe Shockwave Player 11.6	Adobe Systems, Inc.	17.08.2012		11.6.6.636
    AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	04.09.2012	20,2MB	3.0.859.0
    Avira Free Antivirus	Avira	12.09.2012	124MB	12.0.0.1199
    CCleaner	Piriform	22.08.2012		3.22
    DesignPro 5	Avery Dennison	15.01.2012	18,1MB	5.5.708
    Die Sims 2		03.01.2012		
    Die Sims™ 2 Apartment-Leben	Electronic Arts	10.04.2012		
    Die Sims™ 2 Freizeit-Spaß	Electronic Arts	03.01.2012		
    Die Sims™ 2 H&M®-Fashion-Accessoires		03.01.2012		
    Die Sims™ 2 Haustiere		03.01.2012		
    Die Sims™ 2 Party-Accessoires		03.01.2012		
    Die Sims™ 2 Vier Jahreszeiten		03.01.2012		
    Duden Korrektor Standard	Bibliographisches Institut GmbH	16.04.2012	621MB	7.00.0000
    EPSON BX525WD Series Handbuch		31.12.2011		
    EPSON BX525WD Series Netzwerk-Handbuch		31.12.2011		
    EPSON BX525WD Series Printer Uninstall	SEIKO EPSON Corporation	31.12.2011		
    Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	31.12.2011		2.2.0.0
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)	SEIKO EPSON CORPORATION	31.12.2011		1.00.0000
    Epson Event Manager	SEIKO EPSON CORPORATION	31.12.2011	38,7MB	2.40.0001
    EPSON Scan	Seiko Epson Corporation	31.12.2011		
    EpsonNet Print	SEIKO EPSON CORPORATION	31.12.2011		2.4i
    EpsonNet Setup 3.3	SEIKO EPSON CORPORATION	31.12.2011		3.3a
    Fraps		07.04.2012		
    Free 3GP Video Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	69,4MB	5.0.7.403
    Free AVI Video Converter version 5.0.16.821	DVDVideoSoft Ltd.	21.08.2012	78,2MB	5.0.16.821
    Free DVD Video Converter version 2.0.11.903	DVDVideoSoft Ltd.	09.09.2012	100MB	2.0.11.903
    Free MP4 Video Converter version 5.0.17.903	DVDVideoSoft Ltd.	09.09.2012	74,1MB	5.0.17.903
    Free Video Dub version 2.0.14.825	DVDVideoSoft Ltd.	02.09.2012	80,2MB	2.0.14.825
    Free Video Flip and Rotate version 2.1.3.903	DVDVideoSoft Ltd.	15.09.2012	79,8MB	2.1.3.903
    Free Video to Flash Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	72,0MB	5.0.7.403
    Free Video to JPG Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	62,5MB	5.0.7.403
    Free YouTube Download version 3.1.34.824	DVDVideoSoft Ltd.	25.08.2012	84,7MB	3.1.34.824
    Harry Potter TM		25.08.2012		
    IconEdit Pro V7.04	Hagen Wieshofer	03.06.2012	3,90MB	7.0.4.0
    Java 7 Update 7	Oracle	02.09.2012	130MB	7.0.70
    K-Lite Codec Pack 9.0.2 (Standard)		17.08.2012	61,5MB	9.0.2
    Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	14.09.2012	19,2MB	1.65.0.1400
    Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.12.2011	38,8MB	4.0.30319
    Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	30.12.2011	2,93MB	4.0.30319
    Microsoft Office File Validation Add-In	Microsoft Corporation	01.01.2012	7,95MB	14.0.5130.5003
    Microsoft Office Home and Student 2007	Microsoft Corporation	31.12.2011		12.0.6612.1000
    Microsoft Office Live Add-in 1.5	Microsoft Corporation	18.04.2012	508KB	2.0.4024.1
    Microsoft Silverlight	Microsoft Corporation	17.05.2012	64,7MB	5.1.10411.0
    Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	07.04.2012	1,69MB	3.1.0000
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	252KB	8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	31.12.2011	300KB	8.0.61001
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	31.12.2011	240KB	9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.12.2011	596KB	9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	31.12.2011	600KB	9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	31.12.2011	16,5MB	10.0.40219
    Microsoft-Maus- und Tastatur-Center	Microsoft Corporation	02.08.2012		1.1.500.0
    MozBackup 1.5.1	Pavel Cvrcek	30.12.2011		
    Mozilla Firefox 15.0 (x86 de)	Mozilla	02.09.2012	38,8MB	15.0
    Mozilla Maintenance Service	Mozilla	08.09.2012	327KB	15.0.1
    Mozilla Thunderbird 15.0.1 (x86 de)	Mozilla	11.09.2012	39,5MB	15.0.1
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	31.12.2011	35,0KB	4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	31.12.2011	1,33MB	4.20.9876.0
    Nero 10 ClipartPack	Nero AG	13.01.2012	26,5MB	10.6.10000.11.0
    Nero 10 Kwik Themes 1	Nero AG	13.01.2012	51,2MB	10.6.10000.1.0
    Nero 10 Kwik Themes 2	Nero AG	13.01.2012	313MB	10.6.10000.2.0
    Nero 10 Menu TemplatePack 1	Nero AG	13.01.2012	59,7MB	10.6.10000.0.0
    Nero 10 Menu TemplatePack 2	Nero AG	13.01.2012	182MB	10.6.10000.0.0
    Nero 10 Menu TemplatePack 3	Nero AG	13.01.2012	241MB	10.6.10000.1.0
    Nero 10 Sample ImagePack	Nero AG	13.01.2012	5,85MB	10.6.10000.11.0
    Nero 10 Sample Videos	Nero AG	13.01.2012	42,0MB	10.6.10000.11.0
    Nero BackItUp 10	Nero AG	13.01.2012	118MB	5.8.10600.6.100
    Nero Burning ROM 10	Nero AG	13.01.2012	169MB	10.6.10700.5.100
    Nero BurnRights 10	Nero AG	13.01.2012	6,15MB	4.4.10400.2.100
    Nero CoverDesigner 10	Nero AG	13.01.2012	91,3MB	5.6.10600.4.100
    Nero DiscCopy Gadget 10	Nero AG	13.01.2012	34,6MB	3.6.10200.1.100
    Nero DiscSpeed 10	Nero AG	13.01.2012	7,21MB	6.4.10500.1.100
    Nero Express 10	Nero AG	18.03.2012	166MB	10.6.10800.6.100
    Nero InfoTool 10	Nero AG	13.01.2012	7,79MB	7.4.10300.1.100
    Nero Multimedia Suite 10	Nero AG	31.12.2011	2,49GB	10.5.10500
    Nero Prerequisite Installer 1.0	Nero AG	18.03.2012	1,00MB	11.0.11500
    Nero Recode 10	Nero AG	13.01.2012	92,2MB	4.10.10700.5.100
    Nero RescueAgent 10	Nero AG	13.01.2012	6,53MB	3.6.10500.3.100
    Nero SoundTrax 10	Nero AG	18.03.2012	98,1MB	4.10.10500.4.100
    Nero StartSmart 10	Nero AG	13.01.2012	143MB	10.6.10500.3.100
    Nero Vision 10	Nero AG	13.01.2012	223MB	7.4.11000.9.100
    Nero WaveEditor 10	Nero AG	18.03.2012	79,1MB	5.10.10700.6.100
    PC Inspector smart recovery		08.03.2012		4.50
    PhotoFiltre		07.01.2012		
    Realtek Ethernet Controller Driver For Windows 7	Realtek	30.12.2011		7.21.531.2010
    Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	30.12.2011		6.0.1.6136
    Recover Keys	Recover Keys	20.02.2012		
    Skype™ 5.10	Skype Technologies S.A.	27.08.2012	19,4MB	5.10.116
    TeamViewer 7	TeamViewer	05.08.2012		7.0.13989
    tulox		07.01.2012		
    Windows Live Essentials	Microsoft Corporation	07.04.2012		15.4.3555.0308
    Windows Media Player Firefox Plugin	Microsoft Corp	18.03.2012	296KB	1.0.0.8
    WinEject	Ingo Heeskens	15.01.2012		2.00
    - Ich werde (hoffentlich) morgen den Online-Scan laufen lassen und melde mich entsprechend.

    Danke.

  7. #17
    schrauber
    Gast

    AW: Trojan.Win32.Generic!BT

    Ok

  8. #18
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Nach über 13 h Scan hat das Eset-Programm folgenden Trojaner auf meiner externen Sicherungsfestplatte gefunden. Ich wählte „Delete quarantäne files“.
    Code:
    J:\Sonstige Sicherungen\Programme\2. Wahl - Meine Programme\VLC Player\vlc-1.1.11-win32.exe	Win32/StartPage.OIE trojan	cleaned by deleting - quarantined

  9. #19
    schrauber
    Gast

    AW: Trojan.Win32.Generic!BT

    Supi, noch Probleme?

  10. #20
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Der Trojaner „Trojan.Win32.Generic!BT“ war dann ja wohl kein Trojaner, oder? Zur Erinnerung: Dieser sollte sich ja offensichtlich in dem doch harmlosen älteren PC-Spiel „Harry Potter und der Stein der Weisen ™ Version 1.0“ befunden haben.

    Wie könnte der Eset-Trojanerfund in die VLC-Player-Datei gelangt sein? Die .exe-Datei lagerte ich als Kopie (ohne sie installiert zu haben) auf meiner externen Festplatte, um auf evtl. wichtige Programme zugreifen zu können.
    Vmtl. beim Download oder Update?

    Hier die OTL-Logfiles, wie erbeten:
    Code:
    OTL logfile created on: 21.09.2012 21:02:13 - Run 2
    OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\PTOLEMAIOS SOTER\Desktop
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 61,99% Memory free
    6,50 Gb Paging File | 4,94 Gb Available in Paging File | 76,09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397,17 Gb Total Space | 1094,77 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
     
    Computer Name: SONNENSTURM | User Name: PTOLEMAIOS SOTER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Programme\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    PRC - C:\Programme\Microsoft Device Center\itype.exe (Microsoft Corporation)
    PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Windows\System32\atieclxx.exe (AMD)
    PRC - C:\Windows\System32\atiesrxx.exe (AMD)
    PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
    PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
    PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Windows\vsnpstd3.exe ()
    PRC - C:\Programme\WinEject\WinEject.exe (Ingo Heeskens)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
    MOD - C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll ()
    MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll ()
    MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
    MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\MBControls.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\adxloader.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\Interop.Excel.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\Interop.Access.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\Interop.Word.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\Interop.Outlook.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\Interop.PowerPoint.dll ()
    MOD - C:\Programme\Duden\Duden Korrektor\Interop.FrontPage.dll ()
    MOD - C:\Windows\vsnpstd3.exe ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
    SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
    SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
    SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
    SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
    DRV - (lmimirr) -- system32\DRIVERS\lmimirr.sys File not found
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
    DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
    DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
    DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = 
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:InPrivate
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 B7 15 08 EE E3 CC 01  [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.param.yahoo-fr: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://eu.ixquick.com/?r=6131"
    FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
    FF - prefs.js..extensions.enabledAddons: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:3.3
    FF - prefs.js..extensions.enabledAddons: guiconfig@slosd.net:1.2.2
    FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2
    FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
    FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.5
    FF - prefs.js..extensions.enabledItems: macfox_nostalgia@smartbright:1.04.03
     
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 20:27:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 20:27:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.02 19:07:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 20:27:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 20:27:48 | 000,000,000 | ---D | M]
     
    [2011.12.30 23:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Extensions
    [2012.09.14 17:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Firefox\Profiles\cc2xipvt.default\extensions
    [2012.03.12 22:45:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Firefox\Profiles\cc2xipvt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012.07.29 10:28:21 | 000,282,478 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\azhang@cloudacl.com.xpi
    [2012.02.04 22:21:57 | 000,092,840 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\foxfilter@inspiredeffect.net.xpi
    [2012.04.10 19:00:36 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\guiconfig@slosd.net.xpi
    [2012.04.10 19:07:44 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\trackerblock@privacychoice.org.xpi
    [2011.07.17 09:06:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
    [2012.09.14 17:52:24 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2011.09.09 20:14:48 | 000,052,184 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
    [2012.07.25 22:40:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012.09.14 17:52:24 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2011.12.19 20:11:10 | 000,002,419 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\englische-ergebnisse.xml
    [2012.09.18 16:10:27 | 000,001,610 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\ixquick---deutsch.xml
    [2012.09.08 20:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
    [2012.09.08 20:27:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
     
    O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [EPSON BX525WD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [WinEjectAutoStart1] C:\Program Files\WinEject\WinEject.exe (Ingo Heeskens)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O8 - Extra context menu item: Free YouTube Download - C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O13 - gopher Prefix: missing
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6164295E-F4E6-4243-AC60-6957840C6CA8}: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4FAE49C-49C4-4F20-963A-3AF5324A1405}: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.09.21 21:00:56 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    [2012.09.21 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\Temp
    [2012.09.17 22:09:48 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012.09.17 21:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
    [2012.09.16 17:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012.09.16 17:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012.09.13 00:10:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
    [2012.09.13 00:10:20 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012.09.13 00:10:20 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012.09.13 00:10:19 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2012.09.11 18:27:44 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\Documents\Nero Recode
    [2012.09.09 12:31:53 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Malwarebytes
    [2012.09.09 12:31:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012.09.08 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012.09.04 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012.09.04 22:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
    [2012.09.04 22:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012.09.04 22:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012.09.02 18:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012.09.02 18:58:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012.09.02 18:58:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012.09.02 18:58:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012.09.02 18:58:11 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012.08.27 19:44:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012.08.27 19:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012.08.27 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012.08.26 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\{4AB60B3A-94FD-4B6E-B92D-421889E12527}
    [2012.08.23 13:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
    [2012.08.23 13:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [2012.04.07 17:10:03 | 000,036,069 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files\uninstall.exe
    [2011.10.22 13:23:12 | 000,068,272 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat
    [2011.10.22 13:23:10 | 002,366,128 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps.exe
    [2011.10.22 13:21:00 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll
    [2011.10.22 13:06:32 | 000,231,600 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps32.dll
    [2011.10.22 13:06:32 | 000,185,520 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.09.21 20:26:37 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.09.21 20:26:37 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.09.21 20:19:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.09.21 20:19:11 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
    [2012.09.20 17:57:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2012.09.20 17:57:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012.09.20 17:57:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2012.09.20 17:57:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012.09.16 17:39:25 | 000,004,618 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\Desktop\HiJack This - Verknüpfung.lnk
    [2012.09.16 13:48:06 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012.09.04 17:39:10 | 000,325,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012.09.02 18:58:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012.09.02 18:57:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012.09.02 18:57:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012.09.02 18:57:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012.09.02 18:57:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012.09.02 18:57:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012.08.25 15:26:25 | 000,000,526 | ---- | M] () -- C:\Windows\eReg.dat
    [2012.08.24 19:59:45 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012.08.24 19:59:45 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012.08.24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
     
    ========== Files Created - No Company Name ==========
     
    [2012.09.16 17:39:25 | 000,004,618 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\Desktop\HiJack This - Verknüpfung.lnk
    [2012.08.25 15:26:25 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat
    [2012.08.17 12:27:12 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012.07.27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
    [2012.03.08 22:44:42 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
    [2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
    [2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
    [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2012.01.07 23:48:02 | 000,003,584 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.01.02 22:34:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2012.01.02 22:34:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011.12.30 22:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011.10.22 12:48:54 | 000,001,905 | ---- | C] () -- C:\Program Files\README.HTM
    [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
     
    ========== LOP Check ==========
     
    [2012.01.15 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Avery
    [2012.04.16 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Duden
    [2012.09.09 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoft
    [2012.04.07 23:11:22 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012.01.02 16:18:28 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Epson
    [2012.04.08 14:47:03 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\HandBrake
    [2012.09.02 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\PhotoFiltre
    [2012.06.03 21:14:15 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\TeamViewer
    [2012.02.20 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Thunderbird
    [2012.09.05 07:35:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    Code:
    OTL Extras logfile created on: 21.09.2012 21:02:13 - Run 2
    OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\PTOLEMAIOS SOTER\Desktop
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 61,99% Memory free
    6,50 Gb Paging File | 4,94 Gb Available in Paging File | 76,09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397,17 Gb Total Space | 1094,77 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
     
    Computer Name: SONNENSTURM | User Name: PTOLEMAIOS SOTER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03A1C8FA-E8B1-4293-8B9E-227F2B582B11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{03DA5DEC-0C0B-46A4-99A7-23ED85ED688C}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{0F2D71CE-0C10-495F-990D-CC00D995A953}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{16D517D5-B1DE-47A0-A3E2-AD2B8AF04A30}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{3664D89D-6024-4F4F-8CBE-05DDFE68186F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{3857D9C7-EA90-462E-A76D-7D28764AA113}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{3B38F3E8-E9F8-4625-81A4-47A64003855B}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{41754953-7731-42B3-A67F-66A1999AC09A}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{43B4A249-3014-450E-8F17-1652B15E785B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{73EA8445-87FA-4D0E-B601-961669A8779E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{802ACF5C-2659-4EF9-B3C0-33CDD2971E64}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{9A407CDB-A07A-4DCF-B3BF-FB8EB530C02D}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{A22F976C-0AD6-4D81-8E85-0AE07E2A8DB7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{AEB702E5-BF4E-4814-ADAC-8B96F1FC5B05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B2488CEF-AD4C-4AAD-82CC-F70F2E91D824}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{B3737B98-990D-4329-9E0E-C6CD1ED58C72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BDC54C42-D723-4731-A2F8-32C89C5B6186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{C67798CA-3347-4A51-9FC7-4032F1962B97}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{D35A19BF-51A1-4C22-8CCB-46712F7BE526}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{D3D31ECF-BA1A-4AE0-89E0-BD72D15A98BC}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{DD540B0B-0C40-4BB1-9507-2E56A116D6D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{E7AD1285-0968-485C-B7FD-F374DE32BB0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{F03FFB35-8BFD-4642-A155-2763676B1FE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{FB116734-2A98-446A-95F1-6D4C1B330E66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{FE52C8B0-41DF-46BD-B976-BACB9DA361CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04E64D72-0EB3-4CF6-8B5B-D679DC80306C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{0EF778AD-242A-4EE5-83B9-68829807CB98}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{2397F665-D1E9-4034-B13D-46BE535DAB20}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{240A3510-E6A3-4625-A367-DC8AE6597BCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{31D4BC54-F6A6-4D31-8886-FC8CA68AC151}" = protocol=58 | dir=in | app=system | 
    "{33C194E0-5AA3-4D76-9111-ED5F68650C3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{434CC72A-4F93-4E74-979B-029842F93EE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{5E65A22C-7D97-43DE-B92E-6E8749B1395E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{669889AC-381C-4804-B4FA-11BEC2AEFBBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{6754213B-B655-4F12-9106-A5876AD31287}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{6C87E89D-1CF2-47DD-A238-A249A71A3041}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{74412B39-991F-45E6-AAC0-8C0BBDD5DAE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{74F4AE41-0BB8-4613-8FE8-5349F1EA4323}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{790E15F8-7389-4951-BF33-5D1CD3C7C261}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{7CCF0B1B-6813-49C4-ADF0-95894BDAAF9E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{7D8876E2-9AA1-49F5-9790-B8B1E1920B31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{912CDFF3-8F5C-4CE6-8B32-93EEEA53D1CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{91580999-1F07-4C0A-B1C6-33035DAC8041}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{A4E5E2CA-F120-49E4-A5A6-9D0D82E53F72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{A5F4309E-5B07-4269-B257-369AB2CB0C76}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
    "{AE062A5C-91C1-42F0-B0DF-C0EE9CF81129}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{BC03F7CD-AFC2-4F1D-89A9-19C8E8C3E087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C10C5BF6-7158-480D-A559-D586F5CEE109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C5AA12DA-C7B6-4438-AFB6-B8BE5DD73DA6}" = protocol=6 | dir=out | app=system | 
    "{FBC8B5A9-FB59-4B78-8465-C3CEDBA93CD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{FD1EA356-5C37-4498-A33E-44EEC9A698C6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
    "TCP Query User{BE52797E-C4F1-474F-8616-6EC9E77D0F96}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "TCP Query User{D1DE4206-7E6B-4BEB-8335-8A7823C1248D}C:\program files\tulox\wbuch.exe" = protocol=6 | dir=in | app=c:\program files\tulox\wbuch.exe | 
    "TCP Query User{DE221177-58B3-4575-8ACC-3C5529E4A008}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "TCP Query User{EE776334-CF83-43C0-8D2E-E1BF6B0103A8}C:\program files\tulox\tulox.exe" = protocol=6 | dir=in | app=c:\program files\tulox\tulox.exe | 
    "UDP Query User{02FBFBD8-BB68-4A63-BA51-2DC494A7A1FD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "UDP Query User{08420B90-C4E0-446D-B96C-850F27D31F9D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "UDP Query User{D4BD53E3-BE89-4078-8236-8F02D87F46DA}C:\program files\tulox\wbuch.exe" = protocol=17 | dir=in | app=c:\program files\tulox\wbuch.exe | 
    "UDP Query User{E693B747-2A86-4C23-A3D4-9F2B6A3B373D}C:\program files\tulox\tulox.exe" = protocol=17 | dir=in | app=c:\program files\tulox\tulox.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{06F64222-5A0C-4184-B2F1-2097763DCCAD}" = IconEdit Pro V7.04
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
    "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
    "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F198874-3C7D-5983-02EB-9E234C43F174}" = AMD Steady Video Plug-In 
    "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
    "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65D251BB-7B37-40A3-AEAE-75D7AEC35B03}" = Abenteuer auf dem Reiterhof 3 - Das Erbe der Gräfin
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7C723C94-CB1B-E2BD-0E90-BC64DA26074C}" = AMD Fuel
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
    "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
    "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
    "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}" = Duden Korrektor Standard
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{9DB7A055-0C66-C319-9613-CACDC50DDB38}" = ccc-utility
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
    "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
    "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}" = AMD Catalyst Install Manager
    "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
    "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
    "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
    "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
    "{CBAE26C1-B3B1-66FC-81A0-FA1774CF2B20}" = AMD Fuel
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
    "{DB3D1784-421D-9942-3AC4-D90B18615BBC}" = ccc-utility
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
    "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
    "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
    "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
    "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "1-abc.net File Renamer" = 1-abc.net File Renamer (Remove only)
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "CCleaner" = CCleaner
    "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall
    "EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch
    "EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch
    "EPSON Scanner" = EPSON Scan
    "Fraps" = Fraps
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.7.403
    "Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.16.821
    "Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.11.903
    "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.17.903
    "Free Video Dub_is1" = Free Video Dub version 2.0.14.825
    "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.3.903
    "Free Video to Flash Converter_is1" = Free Video to Flash Converter version 5.0.7.403
    "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.7.403
    "Free YouTube Download_is1" = Free YouTube Download version 3.1.34.824
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.0.2 (Standard)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
    "MozBackup" = MozBackup 1.5.1
    "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
    "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Recover Keys_is1" = Recover Keys
    "TeamViewer 7" = TeamViewer 7
    "tulox" = tulox
    "WinEject" = WinEject
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "PhotoFiltre" = PhotoFiltre
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 08.09.2012 16:20:23 | Computer Name = SONNENSTURM | Source = Windows Search Service | ID = 3058
    Description = 
     
    Error - 08.09.2012 16:20:23 | Computer Name = SONNENSTURM | Source = Windows Search Service | ID = 7010
    Description = 
     
    Error - 09.09.2012 03:23:33 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 06:21:15 | Computer Name = SONNENSTURM | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 15.0.1.4631,
     Zeitstempel: 0x5047f9c5  Name des fehlerhaften Moduls: xul.dll, Version: 15.0.1.4631,
     Zeitstempel: 0x5047f93b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0010e567  ID des fehlerhaften
     Prozesses: 0x1668  Startzeit der fehlerhaften Anwendung: 0x01cd8e6d96f32def  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
     Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 15e8e7c7-fa68-11e1-a542-406186967e35
     
    Error - 09.09.2012 08:28:38 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:03:01 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:05:05 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:09:53 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:11:16 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:12:55 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:15:40 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    [ OSession Events ]
    Error - 22.04.2012 07:22:34 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1018
     seconds with 180 seconds of active time.  This session ended with a crash.
     
    Error - 08.07.2012 16:34:52 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 823
     seconds with 780 seconds of active time.  This session ended with a crash.
     
    Error - 26.07.2012 16:39:48 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1608
     seconds with 600 seconds of active time.  This session ended with a crash.
     
    [ System Events ]
    Error - 19.09.2012 17:44:12 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262151
    Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
     
    Error - 19.09.2012 17:44:22 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262151
    Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
     
    Error - 19.09.2012 17:44:31 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262151
    Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
     
    Error - 19.09.2012 17:44:40 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262151
    Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
     
    Error - 19.09.2012 17:44:49 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262151
    Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
     
    Error - 19.09.2012 17:44:58 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262151
    Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
     
    Error - 20.09.2012 11:34:19 | Computer Name = SONNENSTURM | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       SBRE
     
    Error - 21.09.2012 01:33:11 | Computer Name = SONNENSTURM | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       SBRE
     
    Error - 21.09.2012 09:30:23 | Computer Name = SONNENSTURM | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       SBRE
     
    Error - 21.09.2012 14:19:32 | Computer Name = SONNENSTURM | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
       SBRE
     
     
    < End of report >
    Nach dem OTL-Scan (Minimal-Ausgabe) fiel mir erst auf, dass ich noch ergänzend ein Häkchen bei „Scanne alle Benutzer“ hätte machen können (sollen), oder?

    Mein PC lief aber immer problemlos und tut dies auch jetzt noch.
    Dürfte dann wohl alles klar sein?
    Ich sage auf jeden Fall danke!!!!!

Seite 2 von 3 ErsteErste 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 14
    Letzter Beitrag: 27.09.2011, 14:46
  2. Trojan.win32.Generic!BT
    Von gmgrafik im Forum Allgemeines
    Antworten: 1
    Letzter Beitrag: 10.11.2010, 22:52
  3. trojan.win32.Generic!BT
    Von glückskäfer im Forum Archiv
    Antworten: 10
    Letzter Beitrag: 13.08.2010, 08:08
  4. Virus (Trojan.Win32.Generic) entfernen!
    Von fotofranz im Forum Archiv
    Antworten: 21
    Letzter Beitrag: 29.09.2009, 18:23
  5. Virus HEUR: Trojan.Win32.Generic
    Von Lauren im Forum Archiv
    Antworten: 25
    Letzter Beitrag: 30.08.2009, 16:31

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •