Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 29

Thema: Trojan.Win32.Generic!BT

  1. #1
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    Trojan.Win32.Generic!BT

    Hallo Leute!

    Nach einem Komplettscan meldete mir „Ad-Aware Free Antivirus +“ den Fund eines Trojaners namens „Trojan.Win32.Generic!BT“, welchen ich in die Quarantäne verschob. Dieser soll sich offensichtlich in dem doch harmlosen älteren PC-Spiel „Harry Potter und der Stein der Weisen ™ Version 1.0“ befinden. Das Spiel wurde erst kürzlich mal wieder neu installiert.


    Siehe hier:
    Code:
    -<threat cleanerResult="3" actionRequested="3" optionalScan="0" author="" canQuarantine="true" adviseType="3" quarantineId="{2EFF2D6B-ECD3-4983-8632-23E7011E84B6}" type="Malware" CategoryID="25" category="Trojan" level="2" name="Trojan.Win32.Generic!BT" id="4150696"><authorURL/><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData/>-<traces>-<trace type="4" dispValue="C:\Program Files\EA GAMES\Harry Potter TM\Support\Harry Potter TM_Code.exe"><attr v="true" n="hidden"/><attr v="C:\Program Files\EA GAMES\Harry Potter TM\Support\Harry Potter TM_Code.exe" n="path"/><attr v="217088" n="fileSize"/><attr v="089607E353C70000" n="crc8"/><attr v="CB63E6CEF75AA36B7D185840EB343092" n="md5"/><attr v="1" n="detectionType"/><attr v="D649E202DCCB6E13" n="cobraPackHash"/>
    Code:
     
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows [Version 6.1.7601]
     
     
    C:
    
           C:\pagefile.sys ---------    
           C:\hiberfil.sys ---------    
      08.09.2012 22:27     C:\Program Files --------- 24576   
      07.09.2012 19:39     C:\System Volume Information --------- 20480   
      04.09.2012 22:20     C:\Windows --------- 24576   
      04.09.2012 22:08     C:\ProgramData --------- 8192   
      04.09.2012 22:08     C:\Config.Msi --------- 0   
      02.09.2012 18:26     C:\MSOCache --------- 0   
      20.08.2012 18:37     C:\aaw7boot.log --------- 153377   
      10.05.2012 18:52     C:\.rnd --------- 1024   
      28.01.2012 21:31     C:\AMD --------- 0   
      01.01.2012 14:29     C:\$Recycle.Bin --------- 4096   
      01.01.2012 09:43     C:\Medion --------- 0   
      31.12.2011 17:43     C:\Users --------- 4096   
      31.12.2011 00:06     C:\ATI --------- 0   
      30.12.2011 20:32     C:\Recovery --------- 0   
      30.12.2011 20:32     C:\Programme --------- 0   
      30.12.2011 20:32     C:\Dokumente und Einstellungen --------- 0   
      14.07.2009 06:53     C:\Documents and Settings --------- 0   
      14.07.2009 04:37     C:\PerfLogs --------- 0   
      10.06.2009 23:42     C:\config.sys --------- 10   
      10.06.2009 23:42     C:\autoexec.bat --------- 24   
    ----------------------------------------
    
     
    C:\Windows
    
      09.09.2012 08:18     C:\Windows\setupact.log --------- 4058   
      09.09.2012 08:18     C:\Windows\bootstat.dat --------- 67584   
      09.09.2012 08:22     C:\Windows\WindowsUpdate.log --------- 1172976   
      27.08.2012 19:31     C:\Windows\PFRO.log --------- 177226   
      26.08.2012 01:00     C:\Windows\setuperr.log --------- 0   
      25.08.2012 15:26     C:\Windows\eReg.dat --------- 526   
      24.08.2012 19:25     C:\Windows\DirectX.log --------- 1744   
      08.03.2012 18:37     C:\Windows\WLXPGSS.SCR --------- 302448   
      06.03.2012 00:15     C:\Windows\atiogl.xml --------- 38159   
      31.12.2011 18:21     C:\Windows\msxml4-KB954430-enu.LOG --------- 286130   
      31.12.2011 18:20     C:\Windows\msxml4-KB973688-enu.LOG --------- 292106   
      31.12.2011 17:08     C:\Windows\setup.iss --------- 306   
      31.12.2011 00:13     C:\Windows\DPINST.LOG --------- 10506   
      30.12.2011 22:58     C:\Windows\IE9_main.log --------- 4799   
      30.12.2011 22:06     C:\Windows\ativpsrm.bin --------- 0   
      30.12.2011 20:20     C:\Windows\TSSysprep.log --------- 1313   
      30.12.2011 20:17     C:\Windows\DtcInstall.log --------- 1774   
      25.02.2011 07:30     C:\Windows\explorer.exe --------- 2616320   
      20.11.2010 14:21     C:\Windows\twain_32.dll --------- 51200   
      20.11.2010 14:16     C:\Windows\bfsvc.exe --------- 65024   
      07.06.2010 16:27     C:\Windows\RtlExUpd.dll --------- 1251944   
      14.07.2009 06:54     C:\Windows\win.ini --------- 403   
      14.07.2009 06:41     C:\Windows\WindowsShell.Manifest --------- 749   
      14.07.2009 03:14     C:\Windows\write.exe --------- 9216   
      14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
      14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
      14.07.2009 03:14     C:\Windows\regedit.exe --------- 398336   
      14.07.2009 03:14     C:\Windows\notepad.exe --------- 179712   
      14.07.2009 03:14     C:\Windows\hh.exe --------- 15360   
      14.07.2009 03:14     C:\Windows\HelpPane.exe --------- 497152   
      14.07.2009 03:14     C:\Windows\fveupdate.exe --------- 13824   
      14.07.2009 00:58     C:\Windows\mib.bin --------- 43131   
      10.06.2009 23:46     C:\Windows\system.ini --------- 219   
      10.06.2009 23:42     C:\Windows\_default.pif --------- 707   
      10.06.2009 23:42     C:\Windows\winhelp.exe --------- 256192   
      10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
      10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
      10.06.2009 23:34     C:\Windows\WMSysPr9.prx --------- 316640   
      10.06.2009 23:19     C:\Windows\msdfmap.ini --------- 1405   
      10.06.2009 23:14     C:\Windows\Starter.xml --------- 48201   
      10.06.2009 23:14     C:\Windows\HomePremium.xml --------- 48265   
      19.09.2006 10:07     C:\Windows\vsnpstd3.exe --------- 827392   
      27.02.2004 17:36     C:\Windows\snpstd3.src --------- 13023   
      27.02.2004 17:36     C:\Windows\snpstd3.ini --------- 15498   
    ----------------------------------------
    
     
    C:\Windows\System
    
     13.07.2009 23:41      C:\Windows\System\OLESVR.DLL --------- 24064 
     13.07.2009 23:41      C:\Windows\System\WFWNET.DRV --------- 12704 
     13.07.2009 23:41      C:\Windows\System\COMMDLG.DLL --------- 32816 
     13.07.2009 23:41      C:\Windows\System\TIMER.DRV --------- 4048 
     13.07.2009 23:41      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
     13.07.2009 23:41      C:\Windows\System\mmtask.tsk --------- 1152 
     13.07.2009 23:41      C:\Windows\System\mouse.drv --------- 2032 
     13.07.2009 23:41      C:\Windows\System\vga.drv --------- 2176 
     13.07.2009 23:41      C:\Windows\System\sound.drv --------- 1744 
     13.07.2009 23:41      C:\Windows\System\keyboard.drv --------- 2000 
     13.07.2009 23:41      C:\Windows\System\SHELL.DLL --------- 5120 
     13.07.2009 23:41      C:\Windows\System\system.drv --------- 3360 
     10.06.2009 23:42      C:\Windows\System\ver.dll --------- 9008 
     10.06.2009 23:42      C:\Windows\System\olecli.dll --------- 82944 
     10.06.2009 23:42      C:\Windows\System\lzexpand.dll --------- 9936 
     10.06.2009 23:25      C:\Windows\System\stdole.tlb --------- 5532 
     10.06.2009 23:21      C:\Windows\System\msvideo.dll --------- 126912 
     10.06.2009 23:21      C:\Windows\System\mciwave.drv --------- 28160 
     10.06.2009 23:21      C:\Windows\System\mciseq.drv --------- 25264 
     10.06.2009 23:21      C:\Windows\System\mciavi.drv --------- 73376 
     10.06.2009 23:21      C:\Windows\System\avifile.dll --------- 109456 
     10.06.2009 23:21      C:\Windows\System\avicap.dll --------- 69584 
    ----------------------------------------
    
     
    C:\Windows\System32
    
     09.09.2012 08:32     C:\Windows\system32\config --------- 65536  
     09.09.2012 08:26     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 9888  
     09.09.2012 08:26     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 9888  
     08.09.2012 23:03     C:\Windows\system32\perfh009.dat --------- 615810  
     08.09.2012 23:03     C:\Windows\system32\perfc009.dat --------- 106190  
     08.09.2012 23:03     C:\Windows\system32\perfh007.dat --------- 653928  
     08.09.2012 23:03     C:\Windows\system32\perfc007.dat --------- 129800  
     08.09.2012 23:03     C:\Windows\system32\PerfStringBackup.INI --------- 1498506  
     04.09.2012 22:20     C:\Windows\system32\drivers --------- 65536  
     04.09.2012 22:13     C:\Windows\system32\catroot2 --------- 20480  
     04.09.2012 22:02     C:\Windows\system32\catroot --------- 0  
     04.09.2012 22:02     C:\Windows\system32\DriverStore --------- 4096  
     04.09.2012 17:39     C:\Windows\system32\FNTCACHE.DAT --------- 325432  
     02.09.2012 18:58     C:\Windows\system32\WindowsAccessBridge.dll --------- 93672  
     02.09.2012 18:57     C:\Windows\system32\javaws.exe --------- 246760  
     02.09.2012 18:57     C:\Windows\system32\javaw.exe --------- 174056  
     02.09.2012 18:57     C:\Windows\system32\java.exe --------- 174056  
     02.09.2012 18:57     C:\Windows\system32\npdeployJava1.dll --------- 821736  
     02.09.2012 18:57     C:\Windows\system32\deployJava1.dll --------- 746984  
     02.09.2012 18:41     C:\Windows\system32\wfp --------- 0  
     02.09.2012 18:41     C:\Windows\system32\wbem --------- 65536  
     27.08.2012 23:05     C:\Windows\system32\Tasks --------- 16384  
     24.08.2012 19:59     C:\Windows\system32\FlashPlayerApp.exe --------- 696520  
     24.08.2012 19:59     C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 73416  
     24.08.2012 15:58     C:\Windows\system32\Newtonsoft.Json.Net20.dll --------- 405152  
     20.08.2012 18:56     C:\Windows\system32\DRVSTORE --------- 0  
     20.08.2012 18:49     C:\Windows\system32\rp_stats.dat --------- 64  
     20.08.2012 18:49     C:\Windows\system32\rp_rules.dat --------- 44  
     17.08.2012 08:49     C:\Windows\system32\migration --------- 0  
     17.08.2012 08:47     C:\Windows\system32\MRT.exe --------- 59884088  
     02.08.2012 09:43     C:\Windows\system32\NDF --------- 0  
     27.07.2012 22:47     C:\Windows\system32\clinfo.exe --------- 159232  
     27.07.2012 22:47     C:\Windows\system32\OpenVideo.dll --------- 65024  
     27.07.2012 22:47     C:\Windows\system32\OVDecode.dll --------- 56320  
     27.07.2012 22:46     C:\Windows\system32\amdocl.dll --------- 13013504  
     18.07.2012 19:47     C:\Windows\system32\win32k.sys --------- 2345984  
     04.07.2012 23:16     C:\Windows\system32\netapi32.dll --------- 57344  
     04.07.2012 23:14     C:\Windows\system32\browser.dll --------- 102912  
     04.07.2012 23:14     C:\Windows\system32\browcli.dll --------- 41984  
     29.06.2012 02:52     C:\Windows\system32\mshtml.dll --------- 12317184  
     29.06.2012 02:27     C:\Windows\system32\ieframe.dll --------- 9737728  
     29.06.2012 02:16     C:\Windows\system32\jscript9.dll --------- 1800704  
     29.06.2012 02:09     C:\Windows\system32\urlmon.dll --------- 1103872  
     29.06.2012 02:09     C:\Windows\system32\wininet.dll --------- 1129472  
     29.06.2012 02:08     C:\Windows\system32\inetcpl.cpl --------- 1427968  
     29.06.2012 02:07     C:\Windows\system32\url.dll --------- 231936  
     29.06.2012 02:06     C:\Windows\system32\jsproxy.dll --------- 65024  
     29.06.2012 02:04     C:\Windows\system32\ieUnatt.exe --------- 142848  
     29.06.2012 02:04     C:\Windows\system32\jscript.dll --------- 717824  
     29.06.2012 02:01     C:\Windows\system32\iertutil.dll --------- 1793024  
     29.06.2012 02:01     C:\Windows\system32\mshtmled.dll --------- 73216  
     29.06.2012 02:00     C:\Windows\system32\mshtml.tlb --------- 2382848  
     29.06.2012 01:57     C:\Windows\system32\ieui.dll --------- 176640  
     23.06.2012 11:22     C:\Windows\system32\de-DE --------- 327680  
     11.06.2012 20:35     C:\Windows\system32\coinst_8.98.dll --------- 58880  
     09.06.2012 19:21     C:\Windows\system32\unrar.dll --------- 178688  
     09.06.2012 06:41     C:\Windows\system32\shell32.dll --------- 12873728  
     06.06.2012 20:59     C:\Windows\system32\MSCOMCTL.OCX --------- 1070152  
     06.06.2012 07:05     C:\Windows\system32\msxml6.dll --------- 1390080  
     06.06.2012 07:05     C:\Windows\system32\msxml3.dll --------- 1236992  
     06.06.2012 07:03     C:\Windows\system32\cdosys.dll --------- 805376  
     03.06.2012 00:19     C:\Windows\system32\wuauclt.exe --------- 53784  
     03.06.2012 00:19     C:\Windows\system32\wups2.dll --------- 45080  
     03.06.2012 00:19     C:\Windows\system32\wups.dll --------- 35864  
     03.06.2012 00:19     C:\Windows\system32\wuapi.dll --------- 577048  
     03.06.2012 00:19     C:\Windows\system32\wuaueng.dll --------- 1933848  
     03.06.2012 00:12     C:\Windows\system32\wucltux.dll --------- 2422272  
     03.06.2012 00:12     C:\Windows\system32\wudriver.dll --------- 88576  
     02.06.2012 15:19     C:\Windows\system32\wuwebv.dll --------- 171904  
     02.06.2012 15:12     C:\Windows\system32\wuapp.exe --------- 33792  
     02.06.2012 06:40     C:\Windows\system32\schannel.dll --------- 225280  
     02.06.2012 06:39     C:\Windows\system32\ncrypt.dll --------- 219136  
     31.05.2012 12:25     C:\Windows\system32\MpSigStub.exe --------- 237072  
     28.05.2012 07:09     C:\Windows\system32\coin91.dll --------- 2104416  
     17.05.2012 23:22     C:\Windows\system32\Adobe --------- 0  
     14.05.2012 06:33     C:\Windows\system32\localspl.dll --------- 769024  
     10.05.2012 18:44     C:\Windows\system32\CodeIntegrity --------- 0  
     05.05.2012 09:46     C:\Windows\system32\srcore.dll --------- 400896  
     04.05.2012 11:59     C:\Windows\system32\qdvd.dll --------- 514560  
     01.05.2012 06:44     C:\Windows\system32\profsvc.dll --------- 164352  
     26.04.2012 06:45     C:\Windows\system32\rdpwsx.dll --------- 58880  
     26.04.2012 06:45     C:\Windows\system32\rdpcorekmts.dll --------- 129536  
     26.04.2012 06:41     C:\Windows\system32\rdrmemptylst.exe --------- 8192  
     24.04.2012 06:36     C:\Windows\system32\cryptsvc.dll --------- 140288  
     24.04.2012 06:36     C:\Windows\system32\cryptnet.dll --------- 103936  
     24.04.2012 06:36     C:\Windows\system32\crypt32.dll --------- 1158656  
     20.04.2012 12:30     C:\Windows\system32\CmdLineExt.dll --------- 107888  
     11.04.2012 14:08     C:\Windows\system32\wdi --------- 4096  
     07.04.2012 13:26     C:\Windows\system32\msi.dll --------- 2342400  
     06.04.2012 04:23     C:\Windows\system32\atiapfxx.blb --------- 245896  
     06.04.2012 04:22     C:\Windows\system32\atiapfxx.exe --------- 159744  
     06.04.2012 04:21     C:\Windows\system32\aticfx32.dll --------- 909312  
     06.04.2012 04:16     C:\Windows\system32\ATIDEMGX.dll --------- 442368  
     06.04.2012 04:16     C:\Windows\system32\atieclxx.exe --------- 451072  
     06.04.2012 04:15     C:\Windows\system32\atiesrxx.exe --------- 217600  
     06.04.2012 04:14     C:\Windows\system32\atitmmxx.dll --------- 159744  
     06.04.2012 04:14     C:\Windows\system32\atimuixx.dll --------- 20992  
     06.04.2012 04:14     C:\Windows\system32\ati2edxx.dll --------- 43520  
     06.04.2012 04:13     C:\Windows\system32\atidxx32.dll --------- 6800896  
     06.04.2012 04:00     C:\Windows\system32\coinst.dll --------- 52736  
    ----------------------------------------
    
     
    C:\Windows\Prefetch
    
    ----------------------------------------
    
     
    C:\Windows\Tasks
    
     09.09.2012 08:18     C:\Windows\Tasks\SA.DAT --------- 6  
     05.09.2012 07:35     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32640  
    ----------------------------------------
    
     
    C:\Windows\Temp
    
    ----------------------------------------
    
     
    C:\Users\PTOLEM~1\AppData\Local\Temp
    
     09.09.2012 09:29     C:\Users\PTOLEM~1\AppData\Local\Temp\Adobe --------- 0  
     09.09.2012 09:27     C:\Users\PTOLEM~1\AppData\Local\Temp\hb.5436 --------- 0  
     09.09.2012 09:27     C:\Users\PTOLEM~1\AppData\Local\Temp\hb_queue_recovery.xml --------- 136  
     09.09.2012 09:27     C:\Users\PTOLEM~1\AppData\Local\Temp\hb_encode_log.dat --------- 0  
     09.09.2012 09:27     C:\Users\PTOLEM~1\AppData\Local\Temp\Setup Log 2012-09-09 #002.txt --------- 103731  
     09.09.2012 09:27     C:\Users\PTOLEM~1\AppData\Local\Temp\is-5PVUH.tmp --------- 4096  
     09.09.2012 09:27     C:\Users\PTOLEM~1\AppData\Local\Temp\DVDVideoSoft --------- 0  
     09.09.2012 09:20     C:\Users\PTOLEM~1\AppData\Local\Temp\3747534.od --------- 134  
     09.09.2012 09:20     C:\Users\PTOLEM~1\AppData\Local\Temp\CVR2ECE.tmp.cvr --------- 0  
     09.09.2012 09:18     C:\Users\PTOLEM~1\AppData\Local\Temp\Setup Log 2012-09-09 #001.txt --------- 140055  
     09.09.2012 09:18     C:\Users\PTOLEM~1\AppData\Local\Temp\is-R6KQ7.tmp --------- 4096  
     09.09.2012 09:04     C:\Users\PTOLEM~1\AppData\Local\Temp\acro_rd_dir --------- 4096  
     09.09.2012 08:59     C:\Users\PTOLEM~1\AppData\Local\Temp\hsperfdata_PTOLEMAIOS SOTER --------- 0  
     09.09.2012 08:58     C:\Users\PTOLEM~1\AppData\Local\Temp\jusched.log --------- 13940  
     09.09.2012 08:58     C:\Users\PTOLEM~1\AppData\Local\Temp\2428982.od --------- 134  
     09.09.2012 08:58     C:\Users\PTOLEM~1\AppData\Local\Temp\CVR1026.tmp.cvr --------- 0  
     09.09.2012 08:56     C:\Users\PTOLEM~1\AppData\Local\Temp\~DF8B7AB63812C8CE8A.TMP --------- 512  
     09.09.2012 08:50     C:\Users\PTOLEM~1\AppData\Local\Temp\OIS --------- 0  
     09.09.2012 08:49     C:\Users\PTOLEM~1\AppData\Local\Temp\msohtmlclip1 --------- 0  
     09.09.2012 08:49     C:\Users\PTOLEM~1\AppData\Local\Temp\msohtmlclip --------- 0  
     09.09.2012 08:43     C:\Users\PTOLEM~1\AppData\Local\Temp\1483553.od --------- 134  
     09.09.2012 08:43     C:\Users\PTOLEM~1\AppData\Local\Temp\CVRA321.tmp.cvr --------- 0  
     09.09.2012 08:37     C:\Users\PTOLEM~1\AppData\Local\Temp\VBE --------- 0  
     09.09.2012 08:24     C:\Users\PTOLEM~1\AppData\Local\Temp\nero.connectortmp --------- 0  
     09.09.2012 08:19     C:\Users\PTOLEM~1\AppData\Local\Temp\WPDNSE --------- 0  
     09.09.2012 08:19     C:\Users\PTOLEM~1\AppData\Local\Temp\TWAIN.LOG --------- 1686  
     09.09.2012 08:19     C:\Users\PTOLEM~1\AppData\Local\Temp\Twain001.Mtx --------- 4  
     09.09.2012 08:19     C:\Users\PTOLEM~1\AppData\Local\Temp\Twunk001.MTX --------- 156  
     09.09.2012 08:19     C:\Users\PTOLEM~1\AppData\Local\Temp\AdobeARM.log --------- 14704  
     09.09.2012 08:19     C:\Users\PTOLEM~1\AppData\Local\Temp\TeamViewer --------- 0  
     08.09.2012 23:12     C:\Users\PTOLEM~1\AppData\Local\Temp\C47C1D82-47A6-4AD3-A576-4497824697CF --------- 0  
     08.09.2012 22:31     C:\Users\PTOLEM~1\AppData\Local\Temp\764AD94C-EBE4-4145-9889-960E4EFAF690 --------- 0  
     08.09.2012 09:44     C:\Users\PTOLEM~1\AppData\Local\Temp\9153FC1C-C466-468B-BD65-FDDE150F1BFA --------- 0  
     05.09.2012 21:08     C:\Users\PTOLEM~1\AppData\Local\Temp\ACC7E9B4-5419-448D-8CA5-BA6E9FF498F4 --------- 0  
     03.09.2012 07:47     C:\Users\PTOLEM~1\AppData\Local\Temp\58D07D0A-BBF7-4F1D-9AC9-9A48D401562A --------- 0  
     03.09.2012 07:30     C:\Users\PTOLEM~1\AppData\Local\Temp\Twunk002.MTX --------- 0  
     02.09.2012 19:09     C:\Users\PTOLEM~1\AppData\Local\Temp\Setup Log 2012-09-02 #001.txt --------- 92696  
     02.09.2012 18:59     C:\Users\PTOLEM~1\AppData\Local\Temp\nshD071.tmp --------- 0  
     02.09.2012 18:58     C:\Users\PTOLEM~1\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 732  
     02.09.2012 18:58     C:\Users\PTOLEM~1\AppData\Local\Temp\JAUReg.log --------- 914  
     02.09.2012 18:58     C:\Users\PTOLEM~1\AppData\Local\Temp\JavaDeployReg.log --------- 11536  
     02.09.2012 18:58     C:\Users\PTOLEM~1\AppData\Local\Temp\RDB77C.tmp --------- 0  
     02.09.2012 18:58     C:\Users\PTOLEM~1\AppData\Local\Temp\java_install_reg.log --------- 6276  
     02.09.2012 18:58     C:\Users\PTOLEM~1\AppData\Local\Temp\java_install.log --------- 58789  
     02.09.2012 18:52     C:\Users\PTOLEM~1\AppData\Local\Temp\FXU9230.tmp --------- 137  
     02.09.2012 18:52     C:\Users\PTOLEM~1\AppData\Local\Temp\REG9231.tmp --------- 3805  
     02.09.2012 18:52     C:\Users\PTOLEM~1\AppData\Local\Temp\RDF47B.tmp --------- 24  
     02.09.2012 18:52     C:\Users\PTOLEM~1\AppData\Local\Temp\REGF48C.tmp --------- 3290  
     02.09.2012 18:47     C:\Users\PTOLEM~1\AppData\Local\Temp\jinstall.cfg --------- 1156  
     02.09.2012 18:26     C:\Users\PTOLEM~1\AppData\Local\Temp\D1891A91-75E5-4E27-91B2-D62026DB15C4 --------- 0  
     02.09.2012 18:26     C:\Users\PTOLEM~1\AppData\Local\Temp\AAWInstallerTemp --------- 0  
     02.09.2012 18:26     C:\Users\PTOLEM~1\AppData\Local\Temp\406C59E8-E1A6-455C-A037-FA63F5EDA8EF --------- 0  
     01.09.2012 17:54     C:\Users\PTOLEM~1\AppData\Local\Temp\Setup Log 2012-09-01 #002.txt --------- 1364  
     01.09.2012 17:24     C:\Users\PTOLEM~1\AppData\Local\Temp\Setup Log 2012-09-01 #001.txt --------- 93805  
     01.09.2012 17:16     C:\Users\PTOLEM~1\AppData\Local\Temp\wrd-1228-13f4-493a8.~lk --------- 0  
     30.08.2012 21:41     C:\Users\PTOLEM~1\AppData\Local\Temp\RDCE58.tmp --------- 24  
     30.08.2012 21:41     C:\Users\PTOLEM~1\AppData\Local\Temp\REGCE59.tmp --------- 3290  
     30.08.2012 21:40     C:\Users\PTOLEM~1\AppData\Local\Temp\java_install_sp.log --------- 3595  
     29.08.2012 13:38     C:\Users\PTOLEM~1\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe --------- 894952  
     27.08.2012 21:57     C:\Users\PTOLEM~1\AppData\Local\Temp\wrd-14a0-14a4-3db04.~lk --------- 0  
     19.08.2012 12:48     C:\Users\PTOLEM~1\AppData\Local\Temp\moz_mapi --------- 0  
     29.05.2012 21:10     C:\Users\PTOLEM~1\AppData\Local\Temp\Cookies --------- 0  
     01.05.2012 13:37     C:\Users\PTOLEM~1\AppData\Local\Temp\pdk-SYSTEM --------- 0  
     10.02.2012 19:16     C:\Users\PTOLEM~1\AppData\Local\Temp\NERO20110822170319298 --------- 0  
     10.02.2012 19:16     C:\Users\PTOLEM~1\AppData\Local\Temp\NERO20110822170207253 --------- 0  
     01.01.2012 08:56     C:\Users\PTOLEM~1\AppData\Local\Temp\Temporary Internet Files --------- 0  
     01.01.2012 08:56     C:\Users\PTOLEM~1\AppData\Local\Temp\History --------- 0  
     31.12.2011 17:10     C:\Users\PTOLEM~1\AppData\Local\Temp\{AD3FFC47-A7E8-4FD4-8D50-53D0D16EA328} --------- 0  
     30.12.2011 20:33     C:\Users\PTOLEM~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
     04.11.2010 22:00     C:\Users\PTOLEM~1\AppData\Local\Temp\AMDCatalyst_EXE_Package_Banner_415x82_Oct_2010.bmp --------- 102390  
     21.12.2009 17:56     C:\Users\PTOLEM~1\AppData\Local\Temp\Duden.Gadget.~0000 --------- 181327  
     31.08.2007 13:12     C:\Users\PTOLEM~1\AppData\Local\Temp\_is11FA.exe --------- 460248  
     28.10.2006 14:17     C:\Users\PTOLEM~1\AppData\Local\Temp\ose00000.exe --------- 145184  
    ----------------------------------------
    
     
    C:\Program Files
    
     09.09.2012 08:18     C:\Program Files\Mozilla Maintenance Service --------- 0  
     08.09.2012 20:27     C:\Program Files\Mozilla Firefox --------- 28672  
     04.09.2012 22:08     C:\Program Files\AMD APP --------- 0  
     04.09.2012 22:06     C:\Program Files\ATI --------- 0  
     04.09.2012 19:55     C:\Program Files\Common Files --------- 4096  
     02.09.2012 19:08     C:\Program Files\DVDVideoSoft --------- 4096  
     02.09.2012 19:07     C:\Program Files\Mozilla Thunderbird --------- 49152  
     02.09.2012 18:51     C:\Program Files\Duden --------- 0  
     02.09.2012 18:27     C:\Program Files\Ad-Aware Antivirus --------- 12288  
     02.09.2012 18:26     C:\Program Files\Java --------- 0  
     27.08.2012 19:44     C:\Program Files\Skype --------- 0  
     25.08.2012 15:22     C:\Program Files\InstallShield Installation Information --------- 4096  
     25.08.2012 15:22     C:\Program Files\EA GAMES --------- 4096  
     24.08.2012 19:29     C:\Program Files\Ubisoft --------- 0  
     17.08.2012 12:27     C:\Program Files\K-Lite Codec Pack --------- 4096  
     17.08.2012 08:49     C:\Program Files\Internet Explorer --------- 4096  
     02.08.2012 11:40     C:\Program Files\Microsoft Device Center --------- 12288  
     03.06.2012 21:06     C:\Program Files\TeamViewer --------- 0  
     03.06.2012 11:24     C:\Program Files\IconEdit Pro V7.04 --------- 4096  
     17.05.2012 23:46     C:\Program Files\Lavasoft --------- 0  
     17.05.2012 23:40     C:\Program Files\Microsoft Silverlight --------- 4096  
     16.05.2012 22:41     C:\Program Files\Google --------- 0  
     10.05.2012 19:15     C:\Program Files\Windows Journal --------- 0  
     18.04.2012 19:41     C:\Program Files\Microsoft --------- 0  
     07.04.2012 23:09     C:\Program Files\Screenshots --------- 0  
     07.04.2012 21:28     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
     07.04.2012 21:28     C:\Program Files\Windows Live --------- 4096  
     07.04.2012 17:10     C:\Program Files\uninstall.exe --------- 36069  
     07.04.2012 17:10     C:\Program Files\HELP --------- 0  
     23.03.2012 23:48     C:\Program Files\AMD --------- 0  
     23.03.2012 23:48     C:\Program Files\ATI Technologies --------- 0  
     09.03.2012 20:14     C:\Program Files\1-abc --------- 0  
     08.03.2012 22:47     C:\Program Files\Convar --------- 0  
     20.02.2012 18:54     C:\Program Files\Recover Keys --------- 0  
     02.02.2012 23:18     C:\Program Files\Nero --------- 0  
     15.01.2012 12:40     C:\Program Files\WinEject --------- 4096  
     15.01.2012 12:09     C:\Program Files\Avery Dennison --------- 0  
     07.01.2012 13:47     C:\Program Files\tulox --------- 4096  
     07.01.2012 00:53     C:\Program Files\PhotoFiltre --------- 4096  
     31.12.2011 21:04     C:\Program Files\Microsoft Office --------- 4096  
     31.12.2011 18:20     C:\Program Files\MSXML 4.0 --------- 0  
     31.12.2011 17:26     C:\Program Files\ABBYY FineReader 5.0 Sprint --------- 0  
     31.12.2011 17:08     C:\Program Files\Epson Software --------- 0  
     31.12.2011 17:07     C:\Program Files\epson --------- 0  
     31.12.2011 17:05     C:\Program Files\EpsonNet --------- 0  
     31.12.2011 16:53     C:\Program Files\Adobe --------- 0  
     31.12.2011 15:57     C:\Program Files\Windows Mail --------- 0  
     31.12.2011 15:57     C:\Program Files\Windows Sidebar --------- 0  
     31.12.2011 15:57     C:\Program Files\DVD Maker --------- 0  
     31.12.2011 15:57     C:\Program Files\Windows Portable Devices --------- 0  
     31.12.2011 15:57     C:\Program Files\Windows Media Player --------- 4096  
     31.12.2011 15:57     C:\Program Files\Windows Photo Viewer --------- 4096  
     31.12.2011 15:57     C:\Program Files\Windows Defender --------- 0  
     31.12.2011 14:49     C:\Program Files\Microsoft Works --------- 0  
     31.12.2011 14:06     C:\Program Files\Microsoft.NET --------- 0  
     30.12.2011 23:29     C:\Program Files\MozBackup --------- 0  
     30.12.2011 22:23     C:\Program Files\Avira --------- 0  
     30.12.2011 22:10     C:\Program Files\Temp --------- 0  
     30.12.2011 22:10     C:\Program Files\Realtek --------- 0  
     30.12.2011 22:04     C:\Program Files\DIFX --------- 0  
     30.12.2011 20:32     C:\Program Files\Windows NT --------- 4096  
     30.12.2011 20:32     C:\Program Files\Gemeinsame Dateien --------- 0  
     22.10.2011 13:23     C:\Program Files\fraps64.dat --------- 68272  
     22.10.2011 13:23     C:\Program Files\fraps.exe --------- 2366128  
     22.10.2011 13:21     C:\Program Files\frapslcd.dll --------- 139776  
     22.10.2011 13:06     C:\Program Files\fraps64.dll --------- 185520  
     22.10.2011 13:06     C:\Program Files\fraps32.dll --------- 231600  
     22.10.2011 12:56     C:\Program Files\changes.txt --------- 24948  
     22.10.2011 12:48     C:\Program Files\README.HTM --------- 1905  
     14.07.2009 10:56     C:\Program Files\Microsoft Games --------- 0  
     14.07.2009 06:53     C:\Program Files\Uninstall Information --------- 0  
     14.07.2009 06:52     C:\Program Files\MSBuild --------- 0  
     14.07.2009 06:52     C:\Program Files\Reference Assemblies --------- 0  
     14.07.2009 06:41     C:\Program Files\desktop.ini --------- 174  
    ----------------------------------------
    
     
    C:\ProgramData\.. 
    
    PTOLEMAIOS SOTER    
    NOUS CINQ    
    SOPHIE    
    Public    
    Default    
    All Users    
    Default User    
    desktop.ini    
    ----------------------------------------
    
     
    C:\Windows\system32\drivers\etc\hosts
    
    
    ----------------------------------------
    
     
    
    Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
    ========================= ======== ================ =========== ===============
    System Idle Process              0 Services                   0            24 K
    System                           4 Services                   0           920 K
    smss.exe                       280 Services                   0           804 K
    csrss.exe                      416 Services                   0         3.916 K
    wininit.exe                    488 Services                   0         3.052 K
    csrss.exe                      496 Console                    1        15.804 K
    services.exe                   536 Services                   0         6.000 K
    lsass.exe                      552 Services                   0         9.212 K
    lsm.exe                        560 Services                   0         2.984 K
    winlogon.exe                   684 Console                    1         4.076 K
    svchost.exe                    716 Services                   0         6.264 K
    svchost.exe                    832 Services                   0         6.248 K
    atiesrxx.exe                   896 Services                   0         2.904 K
    svchost.exe                    960 Services                   0        15.800 K
    svchost.exe                   1004 Services                   0        96.416 K
    svchost.exe                   1044 Services                   0        28.408 K
    svchost.exe                   1200 Services                   0        12.544 K
    svchost.exe                   1332 Services                   0        12.096 K
    atieclxx.exe                  1460 Console                    1         4.664 K
    spoolsv.exe                   1588 Services                   0         8.028 K
    sched.exe                     1616 Services                   0         1.404 K
    svchost.exe                   1640 Services                   0        10.908 K
    AdAwareService.exe            1756 Services                   0         6.036 K
    armsvc.exe                    1780 Services                   0         2.820 K
    Fuel.Service.exe              1812 Services                   0         4.064 K
    avguard.exe                   1836 Services                   0        12.940 K
    E_S50ST7.EXE                  1876 Services                   0         2.632 K
    E_S50RP7.EXE                  1908 Services                   0         2.220 K
    svchost.exe                   2008 Services                   0         4.340 K
    TeamViewer_Service.exe         308 Services                   0        10.056 K
    WLIDSVC.EXE                    356 Services                   0         9.116 K
    WLIDSVCM.EXE                  1548 Services                   0         2.220 K
    avshadow.exe                  2444 Services                   0         3.068 K
    conhost.exe                   2452 Services                   0         1.892 K
    svchost.exe                   2704 Services                   0         3.908 K
    WUDFHost.exe                  2724 Services                   0         4.936 K
    taskhost.exe                  2956 Console                    1         5.984 K
    dwm.exe                       3060 Console                    1        34.752 K
    TeamViewer.exe                3068 Console                    1        15.852 K
    explorer.exe                  3120 Console                    1        90.708 K
    tv_w32.exe                    3212 Console                    1         3.112 K
    RtHDVCpl.exe                  3360 Console                    1         6.576 K
    avgnt.exe                     3368 Console                    1         2.960 K
    EEventManager.exe             3396 Console                    1         6.788 K
    vsnpstd3.exe                  3408 Console                    1         4.536 K
    itype.exe                     3428 Console                    1         9.048 K
    MOM.exe                       3440 Console                    1         5.348 K
    ipoint.exe                    3456 Console                    1         8.628 K
    adawarebp.exe                 3520 Console                    1         9.784 K
    jusched.exe                   3536 Console                    1         3.380 K
    WinEject.exe                  3544 Console                    1         3.872 K
    AdAware.exe                   3740 Console                    1        31.220 K
    SBAMSvc.exe                   3908 Services                   0        15.412 K
    CCC.exe                       3924 Console                    1        14.252 K
    SearchIndexer.exe             2676 Services                   0        67.996 K
    wmpnetwk.exe                  3048 Services                   0        12.512 K
    SearchProtocolHost.exe        2900 Services                   0         6.376 K
    svchost.exe                   1312 Services                   0        44.952 K
    svchost.exe                   4156 Services                   0        12.264 K
    dllhost.exe                   4608 Services                   0         4.760 K
    PresentationFontCache.exe     4892 Services                   0        13.756 K
    NASvc.exe                     2928 Services                   0         6.972 K
    WINWORD.EXE                   4708 Console                    1       154.640 K
    FreeDVDVideoConverter.exe     5204 Console                    1        52.688 K
    cmd.exe                       3532 Console                    1         2.280 K
    conhost.exe                   6088 Console                    1         2.776 K
    HandBrakeCLI.exe              5436 Console                    1       201.340 K
    firefox.exe                   5292 Console                    1       230.856 K
    SearchFilterHost.exe          3660 Services                   0         5.512 K
    cmd.exe                       2324 Console                    1         3.328 K
    conhost.exe                   5560 Console                    1         5.000 K
    tasklist.exe                  2080 Console                    1         4.412 K
    WmiPrvSE.exe                  5732 Services                   0         4.980 K
    
     
    ***** Ende des Scans 09.09.2012 um  9:38:54,70 ***
    Habe zusätzlich von CD mit „Antibot“ und auch mit „bitdefender“ gebootet und gescannt, welche nichts dergleichen fanden.
    Probleme sind mir auch keine aufgefallen. Muss ich mich dennoch ernsthaft sorgen/kümmern?

    Vorab meinen Dank.

  2. #2
    Senior Team-Mitglied
    Registriert seit
    12.08.2012
    Beiträge
    48

    AW: Trojan.Win32.Generic!BT

    Hallo,

    Ad-Aware neigt gerne zu Fehlalarmen (False Positiv). Wenn Du deinen Rechner auf Malware überprüfen willst, würde ich dir zu Malwarebytes raten.
    Üerprüfen bitte deinen Rechner mit Malwarebytes.

    Downloade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel:

    • Anwendbar auf Windows 2000, XP und Vista.
    • Installiere das Programm in den vorgegebenen Pfad.
    • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
    • Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
    • Aktiviere "Komplett Scan durchführen" => Scan.
    • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
    • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
    • Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
    • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
    • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
    • Berichte, wie der Rechner nun läuft.

    Hier findest Du eine ausführliche und bebilderte Anleitung.

  3. #3
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Danke für das Feedback.

    Habe gehandelt wie vorgeschlagen. Hierbei „Avira Free Antivirus“ und „Ad-Aware Free Antivirus +“ deaktiviert. Der Fund „Trojan.Win32.Generic!BT“ verblieb in Quarantäne.
    Nach dem Komplettscan von „Malwarebytes Anti-Malware“ erhielt ich folgendes Log-File:

    Code:
     Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    
    Datenbank Version: v2012.09.09.01
    
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    PTOLEMAIOS SOTER :: SONNENSTURM [Administrator]
    
    09.09.2012 12:36:12
    mbam-log-2012-09-09 (12-36-12).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 443525
    Laufzeit: 1 Stunde(n), 1 Minute(n), 21 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien: 0
    (Keine bösartigen Objekte gefunden)
    
    (Ende)
    .

    Es scheint also alles zu passen, oder? Mein PC läuft sowieso wie immer.
    Kann das Programm dann wieder aus der Quarantäne?

  4. #4
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Ich bin es noch einmal!
    Was soll ich jetzt mit der Datei in Quarantäne tun, welche ja offensichtlich originär aus dem Harry-Potter-Spiel stammt?
    Oder hätte ich vor dem zusätzlichen Scan mit „Malwarebytes Anti-Malware“ die betreffende Datei aus der „Ad-Aware Free Antivirus +“-Quarantäne ‚entlassen‘ sollen, damit sie besser untersucht werden kann?
    Vielleicht kann mir ja noch einmal jemand einen Tipp geben?
    Danke vorab.

  5. #5
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.509

    AW: Trojan.Win32.Generic!BT

    Hallo wirsinddieborg!

    Was soll ich jetzt mit der Datei in Quarantäne tun, welche ja offensichtlich originär aus dem Harry-Potter-Spiel stammt?
    Oder hätte ich vor dem zusätzlichen Scan mit „Malwarebytes Anti-Malware“ die betreffende Datei aus der „Ad-Aware Free Antivirus +“-Quarantäne ‚entlassen‘ sollen, damit sie besser untersucht werden kann?
    ja, auf jeden Fall wiederherstellen, wenn Ad-Aware meckert, ignorieren

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** , und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    ► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten, anderenfalls können unerwünschte Effekte auftreten.
    Kein PN, alle Mitteilungen in deinem Thread!

    1.
    Systemscan mit OTL

    Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
    • Doppelklick auf die OTL.exe
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Oben findest Du ein Kästchen mit Ausgabe.
      Wähle bitte Standard-Ausgabe
    • Unter Extra-Registrierung wähle bitte Benutze SafeList.
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Scan links oben.


    • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
      Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    2.
    Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]

    Wie es geht:-> Logfiles in Code-Tags setzen

    gruß
    kira
    Geändert von kira (15.09.2012 um 04:06 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  6. #6
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Danke für die Rückmeldung!

    Habe die Einleitung gelesen und akzeptiere die Foren-Regeln etc.

    Habe den Fund „Trojan.Win32.Generic!BT“ aus der Quarantäne verschoben!

    Habe „OTL“ wie gewünscht durchgeführt. IN meinem OTL-Menü war ein Häkchen bei „Use No-Company-Name WhiteList“. Dieser Menüpunkt war in dem Screenshot deiner Antwort nicht abgebildet.
    Siehe Ergebnisse:

    Code:
     OTL logfile created on: 16.09.2012 17:38:30 - Run 1
    OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\PTOLEMAIOS SOTER\Desktop
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,37% Memory free
    6,50 Gb Paging File | 5,06 Gb Available in Paging File | 77,85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397,17 Gb Total Space | 1101,78 Gb Free Space | 78,86% Space Free | Partition Type: NTFS
     
    Computer Name: SONNENSTURM | User Name: PTOLEMAIOS SOTER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.09.16 13:48:06 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    PRC - [2012.09.08 20:27:51 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
    PRC - [2012.08.01 09:35:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012.07.12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe
    PRC - [2012.06.26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe
    PRC - [2012.06.26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe
    PRC - [2012.05.08 19:22:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012.05.08 19:22:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
    PRC - [2012.05.08 19:22:09 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012.04.06 04:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2012.04.06 04:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
    PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
    PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009.12.03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
    PRC - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
    PRC - [2001.05.10 14:33:53 | 000,096,768 | ---- | M] (Ingo Heeskens) -- C:\Programme\WinEject\WinEject.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.09.08 20:27:51 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
    MOD - [2012.06.13 19:08:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012.06.13 19:08:00 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012.06.13 19:07:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012.06.13 19:07:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012.06.13 19:07:33 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012.05.18 00:21:06 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012.05.10 21:59:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012.05.10 21:58:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012.05.10 21:57:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012.05.10 21:56:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012.05.10 21:56:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012.05.10 21:56:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012.05.10 21:56:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011.12.05 22:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
    MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
    MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
    MOD - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
     
     
    ========== Services (SafeList) ==========
     
    SRV - [2012.09.08 20:27:51 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012.05.08 19:22:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2012.05.08 19:22:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012.04.06 04:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
    SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2012.05.08 19:22:09 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2012.05.08 19:22:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2012.04.06 07:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2012.04.06 03:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
    DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
    DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2011.06.24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
    DRV - [2010.11.25 07:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
    DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2007.03.27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:InPrivate
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 B7 15 08 EE E3 CC 01  [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://eu.ixquick.com/?r=6131"
    FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
    FF - prefs.js..extensions.enabledAddons: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:3.3
    FF - prefs.js..extensions.enabledAddons: guiconfig@slosd.net:1.2.2
    FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2
    FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
    FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.5
    FF - prefs.js..extensions.enabledItems: macfox_nostalgia@smartbright:1.04.03
    FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
     
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 20:27:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 20:27:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.02 19:07:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 20:27:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 20:27:48 | 000,000,000 | ---D | M]
     
    [2011.12.30 23:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Extensions
    [2012.09.14 17:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Firefox\Profiles\cc2xipvt.default\extensions
    [2012.03.12 22:45:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Firefox\Profiles\cc2xipvt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012.07.29 10:28:21 | 000,282,478 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\azhang@cloudacl.com.xpi
    [2012.02.04 22:21:57 | 000,092,840 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\foxfilter@inspiredeffect.net.xpi
    [2012.04.10 19:00:36 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\guiconfig@slosd.net.xpi
    [2012.04.10 19:07:44 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\trackerblock@privacychoice.org.xpi
    [2011.07.17 09:06:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
    [2012.09.14 17:52:24 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2011.09.09 20:14:48 | 000,052,184 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
    [2012.07.25 22:40:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012.09.14 17:52:24 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2011.12.19 20:11:10 | 000,002,419 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\englische-ergebnisse.xml
    [2012.09.15 09:27:34 | 000,001,610 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\ixquick---deutsch.xml
    [2012.02.21 20:47:32 | 000,002,299 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\yasni.xml
    [2012.09.08 20:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
    [2012.09.08 20:27:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.09.02 18:59:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [WinEjectAutoStart1] C:\Program Files\WinEject\WinEject.exe (Ingo Heeskens)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O8 - Extra context menu item: Free YouTube Download - C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6164295E-F4E6-4243-AC60-6957840C6CA8}: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4FAE49C-49C4-4F20-963A-3AF5324A1405}: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.09.16 13:49:40 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    [2012.09.14 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\Documents\Neuer Ordner
    [2012.09.13 00:10:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
    [2012.09.13 00:10:20 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012.09.13 00:10:20 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012.09.13 00:10:19 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2012.09.11 18:27:44 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\Documents\Nero Recode
    [2012.09.09 12:31:53 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Malwarebytes
    [2012.09.09 12:31:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012.09.08 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012.09.04 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012.09.04 22:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
    [2012.09.04 22:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012.09.04 22:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012.09.02 18:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012.09.02 18:58:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012.09.02 18:58:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012.09.02 18:58:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012.09.02 18:58:11 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012.08.27 19:44:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012.08.27 19:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012.08.27 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012.08.26 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\{4AB60B3A-94FD-4B6E-B92D-421889E12527}
    [2012.08.23 21:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
    [2012.08.23 13:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
    [2012.08.23 13:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [2012.08.20 18:56:58 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\adaware
    [2012.08.20 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2012.08.20 18:56:52 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
    [2012.08.20 18:56:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
    [2012.08.20 18:56:04 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\Downloaded Installations
    [2012.08.17 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Media Player Classic
    [2012.04.07 17:10:03 | 000,036,069 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files\uninstall.exe
    [2011.10.22 13:23:12 | 000,068,272 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat
    [2011.10.22 13:23:10 | 002,366,128 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps.exe
    [2011.10.22 13:21:00 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll
    [2011.10.22 13:06:32 | 000,231,600 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps32.dll
    [2011.10.22 13:06:32 | 000,185,520 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.09.16 17:39:25 | 000,004,618 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\Desktop\HiJack This - Verknüpfung.lnk
    [2012.09.16 17:37:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.09.16 17:37:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.09.16 17:34:36 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2012.09.16 17:34:36 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012.09.16 17:34:36 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2012.09.16 17:34:36 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012.09.16 17:30:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.09.16 17:30:06 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
    [2012.09.16 13:48:06 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    [2012.09.14 22:08:28 | 000,540,851 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\Documents\B107 - S.12 -155. Zeit.jpg
    [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012.09.04 17:39:10 | 000,325,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012.09.02 18:58:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012.09.02 18:57:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012.09.02 18:57:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012.09.02 18:57:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012.09.02 18:57:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012.09.02 18:57:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012.08.25 15:26:25 | 000,000,526 | ---- | M] () -- C:\Windows\eReg.dat
    [2012.08.24 19:59:45 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012.08.24 19:59:45 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012.08.24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
    [2012.08.22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012.08.22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012.08.20 18:49:56 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2012.08.20 18:49:56 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
     
    ========== Files Created - No Company Name ==========
     
    [2012.09.16 17:39:25 | 000,004,618 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\Desktop\HiJack This - Verknüpfung.lnk
    [2012.09.14 21:57:29 | 000,540,851 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\Documents\B107 - S.12 -155. Zeit.jpg
    [2012.08.25 15:26:25 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat
    [2012.08.17 12:27:12 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012.07.27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
    [2012.03.08 22:44:42 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
    [2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
    [2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
    [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2012.01.07 23:48:02 | 000,003,584 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.01.02 22:34:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2012.01.02 22:34:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011.12.30 22:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011.10.22 12:48:54 | 000,001,905 | ---- | C] () -- C:\Program Files\README.HTM
    [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
     
    ========== LOP Check ==========
     
    [2012.05.20 20:05:41 | 000,000,000 | -HSD | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\.#
    [2012.08.20 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Ad-Aware Antivirus
    [2012.01.15 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Avery
    [2012.04.16 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Duden
    [2012.09.09 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoft
    [2012.04.07 23:11:22 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012.01.02 16:18:28 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Epson
    [2012.04.08 14:47:03 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\HandBrake
    [2012.09.02 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\PhotoFiltre
    [2012.06.03 21:14:15 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\TeamViewer
    [2012.02.20 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Thunderbird
    [2012.09.05 07:35:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    .

    Und:
    Code:
     OTL Extras logfile created on: 16.09.2012 17:38:30 - Run 1
    OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\PTOLEMAIOS SOTER\Desktop
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,37% Memory free
    6,50 Gb Paging File | 5,06 Gb Available in Paging File | 77,85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397,17 Gb Total Space | 1101,78 Gb Free Space | 78,86% Space Free | Partition Type: NTFS
     
    Computer Name: SONNENSTURM | User Name: PTOLEMAIOS SOTER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03A1C8FA-E8B1-4293-8B9E-227F2B582B11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{03DA5DEC-0C0B-46A4-99A7-23ED85ED688C}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{0F2D71CE-0C10-495F-990D-CC00D995A953}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{16D517D5-B1DE-47A0-A3E2-AD2B8AF04A30}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{3664D89D-6024-4F4F-8CBE-05DDFE68186F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{3857D9C7-EA90-462E-A76D-7D28764AA113}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{3B38F3E8-E9F8-4625-81A4-47A64003855B}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{41754953-7731-42B3-A67F-66A1999AC09A}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{43B4A249-3014-450E-8F17-1652B15E785B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{73EA8445-87FA-4D0E-B601-961669A8779E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{802ACF5C-2659-4EF9-B3C0-33CDD2971E64}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{9A407CDB-A07A-4DCF-B3BF-FB8EB530C02D}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{A22F976C-0AD6-4D81-8E85-0AE07E2A8DB7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{AEB702E5-BF4E-4814-ADAC-8B96F1FC5B05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B2488CEF-AD4C-4AAD-82CC-F70F2E91D824}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{B3737B98-990D-4329-9E0E-C6CD1ED58C72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BDC54C42-D723-4731-A2F8-32C89C5B6186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{C67798CA-3347-4A51-9FC7-4032F1962B97}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{D35A19BF-51A1-4C22-8CCB-46712F7BE526}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{D3D31ECF-BA1A-4AE0-89E0-BD72D15A98BC}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{DD540B0B-0C40-4BB1-9507-2E56A116D6D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{E7AD1285-0968-485C-B7FD-F374DE32BB0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{F03FFB35-8BFD-4642-A155-2763676B1FE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{FB116734-2A98-446A-95F1-6D4C1B330E66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{FE52C8B0-41DF-46BD-B976-BACB9DA361CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04E64D72-0EB3-4CF6-8B5B-D679DC80306C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{0EF778AD-242A-4EE5-83B9-68829807CB98}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{2397F665-D1E9-4034-B13D-46BE535DAB20}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{240A3510-E6A3-4625-A367-DC8AE6597BCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{31D4BC54-F6A6-4D31-8886-FC8CA68AC151}" = protocol=58 | dir=in | app=system | 
    "{33C194E0-5AA3-4D76-9111-ED5F68650C3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{434CC72A-4F93-4E74-979B-029842F93EE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{5E65A22C-7D97-43DE-B92E-6E8749B1395E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{669889AC-381C-4804-B4FA-11BEC2AEFBBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{6754213B-B655-4F12-9106-A5876AD31287}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{6C87E89D-1CF2-47DD-A238-A249A71A3041}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{74412B39-991F-45E6-AAC0-8C0BBDD5DAE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{74F4AE41-0BB8-4613-8FE8-5349F1EA4323}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{790E15F8-7389-4951-BF33-5D1CD3C7C261}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{7CCF0B1B-6813-49C4-ADF0-95894BDAAF9E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{7D8876E2-9AA1-49F5-9790-B8B1E1920B31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{912CDFF3-8F5C-4CE6-8B32-93EEEA53D1CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{91580999-1F07-4C0A-B1C6-33035DAC8041}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{A4E5E2CA-F120-49E4-A5A6-9D0D82E53F72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{A5F4309E-5B07-4269-B257-369AB2CB0C76}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
    "{AE062A5C-91C1-42F0-B0DF-C0EE9CF81129}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{BC03F7CD-AFC2-4F1D-89A9-19C8E8C3E087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C10C5BF6-7158-480D-A559-D586F5CEE109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C5AA12DA-C7B6-4438-AFB6-B8BE5DD73DA6}" = protocol=6 | dir=out | app=system | 
    "{FBC8B5A9-FB59-4B78-8465-C3CEDBA93CD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{FD1EA356-5C37-4498-A33E-44EEC9A698C6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
    "TCP Query User{B89FFADB-2179-4111-A1A4-51C0CA9CD39C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "TCP Query User{BE52797E-C4F1-474F-8616-6EC9E77D0F96}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "TCP Query User{D1DE4206-7E6B-4BEB-8335-8A7823C1248D}C:\program files\tulox\wbuch.exe" = protocol=6 | dir=in | app=c:\program files\tulox\wbuch.exe | 
    "TCP Query User{DE221177-58B3-4575-8ACC-3C5529E4A008}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "TCP Query User{EE776334-CF83-43C0-8D2E-E1BF6B0103A8}C:\program files\tulox\tulox.exe" = protocol=6 | dir=in | app=c:\program files\tulox\tulox.exe | 
    "UDP Query User{02FBFBD8-BB68-4A63-BA51-2DC494A7A1FD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "UDP Query User{08420B90-C4E0-446D-B96C-850F27D31F9D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "UDP Query User{4A3E0889-46C9-4C16-855B-002819AE3DC5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "UDP Query User{D4BD53E3-BE89-4078-8236-8F02D87F46DA}C:\program files\tulox\wbuch.exe" = protocol=17 | dir=in | app=c:\program files\tulox\wbuch.exe | 
    "UDP Query User{E693B747-2A86-4C23-A3D4-9F2B6A3B373D}C:\program files\tulox\tulox.exe" = protocol=17 | dir=in | app=c:\program files\tulox\tulox.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{06F64222-5A0C-4184-B2F1-2097763DCCAD}" = IconEdit Pro V7.04
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
    "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
    "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F198874-3C7D-5983-02EB-9E234C43F174}" = AMD Steady Video Plug-In 
    "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
    "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65D251BB-7B37-40A3-AEAE-75D7AEC35B03}" = Abenteuer auf dem Reiterhof 3 - Das Erbe der Gräfin
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7C723C94-CB1B-E2BD-0E90-BC64DA26074C}" = AMD Fuel
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
    "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
    "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
    "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}" = Duden Korrektor Standard
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{9DB7A055-0C66-C319-9613-CACDC50DDB38}" = ccc-utility
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
    "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
    "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}" = AMD Catalyst Install Manager
    "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
    "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
    "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
    "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
    "{CBAE26C1-B3B1-66FC-81A0-FA1774CF2B20}" = AMD Fuel
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
    "{DB3D1784-421D-9942-3AC4-D90B18615BBC}" = ccc-utility
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
    "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
    "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
    "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
    "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "1-abc.net File Renamer" = 1-abc.net File Renamer (Remove only)
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall
    "EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch
    "EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch
    "EPSON Scanner" = EPSON Scan
    "Fraps" = Fraps
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.7.403
    "Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.16.821
    "Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.11.903
    "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.17.903
    "Free Video Dub_is1" = Free Video Dub version 2.0.14.825
    "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.3.903
    "Free Video to Flash Converter_is1" = Free Video to Flash Converter version 5.0.7.403
    "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.7.403
    "Free YouTube Download_is1" = Free YouTube Download version 3.1.34.824
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.0.2 (Standard)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
    "MozBackup" = MozBackup 1.5.1
    "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
    "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Recover Keys_is1" = Recover Keys
    "TeamViewer 7" = TeamViewer 7
    "tulox" = tulox
    "WinEject" = WinEject
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "PhotoFiltre" = PhotoFiltre
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 09.09.2012 08:28:38 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:03:01 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:05:05 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:09:53 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:11:16 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:12:55 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:15:40 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 10.09.2012 20:23:22 | Computer Name = SONNENSTURM | Source = SideBySide | ID = 16842761
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Duden\Duden
     Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program
     Files\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 2.  Das Stammelement
     der Manifestdatei muss assembliert sein.
     
    Error - 10.09.2012 20:27:26 | Computer Name = SONNENSTURM | Source = SideBySide | ID = 16842815
    Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
     Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
     in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
     ungültig.
     
    Error - 11.09.2012 13:31:13 | Computer Name = SONNENSTURM | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: Recode.exe, Version: 4.10.5.100, 
    Zeitstempel: 0x4db960b8  Name des fehlerhaften Moduls: NeResize.ax, Version: 7.1.12.0,
     Zeitstempel: 0x4d0f50c4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003290  ID des fehlerhaften
     Prozesses: 0x54c  Startzeit der fehlerhaften Anwendung: 0x01cd9041edab4320  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Nero\Nero 10\Nero Recode\Recode.exe  Pfad
     des fehlerhaften Moduls: C:\Program Files\Nero\Nero 10\Nero Recode\SMC\NeResize.ax
    Berichtskennung:
     7b5b099f-fc36-11e1-a21c-406186967e35
     
    Error - 11.09.2012 13:42:49 | Computer Name = SONNENSTURM | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: Recode.exe, Version: 4.10.5.100, 
    Zeitstempel: 0x4db960b8  Name des fehlerhaften Moduls: NeResize.ax, Version: 7.1.12.0,
     Zeitstempel: 0x4d0f50c4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003290  ID des fehlerhaften
     Prozesses: 0x12e0  Startzeit der fehlerhaften Anwendung: 0x01cd9043fa2d9ad8  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Nero\Nero 10\Nero Recode\Recode.exe  Pfad
     des fehlerhaften Moduls: C:\Program Files\Nero\Nero 10\Nero Recode\SMC\NeResize.ax
    Berichtskennung:
     1a69bde1-fc38-11e1-a21c-406186967e35
     
    [ OSession Events ]
    Error - 22.04.2012 07:22:34 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1018
     seconds with 180 seconds of active time.  This session ended with a crash.
     
    Error - 08.07.2012 16:34:52 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 823
     seconds with 780 seconds of active time.  This session ended with a crash.
     
    Error - 26.07.2012 16:39:48 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1608
     seconds with 600 seconds of active time.  This session ended with a crash.
     
    [ System Events ]
    Error - 13.09.2012 01:48:31 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
     
    Error - 13.09.2012 13:50:00 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:00 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:01 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:01 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:02 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 15.09.2012 08:05:35 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
     
    Error - 15.09.2012 13:18:50 | Computer Name = SONNENSTURM | Source = WMPNetworkSvc | ID = 866300
    Description = 
     
    Error - 16.09.2012 07:54:10 | Computer Name = SONNENSTURM | Source = WMPNetworkSvc | ID = 866333
    Description = 
     
    Error - 16.09.2012 11:30:41 | Computer Name = SONNENSTURM | Source = WMPNetworkSvc | ID = 866300
    Description = 
     
     
    < End of report >
    .

    Habe „CCleaner“ installiert und gemäß der Forenseite CCleaner Anleitung ausgeführt.

    Code:
     1-abc.net File Renamer (Remove only)		09.03.2012		
    ABBYY FineReader 5.0 Sprint	ABBYY Software House	31.12.2011	101MB	5.0.0.3411
    Abenteuer auf dem Reiterhof 3 - Das Erbe der Gräfin	Ubisoft	24.08.2012		1.00.0000
    Ad-Aware Antivirus	Lavasoft Limited	20.08.2012	35,4MB	10.2.21.3698
    Ad-Aware Browsing Protection	Lavasoft	20.08.2012		0.9.0.2
    Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	06.05.2012	6,00MB	11.2.202.235
    Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	24.08.2012	6,00MB	11.4.402.265
    Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	16.08.2012	154MB	10.1.4
    Adobe Shockwave Player 11.6	Adobe Systems, Inc.	17.08.2012		11.6.6.636
    AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	04.09.2012	20,2MB	3.0.859.0
    Avira Free Antivirus	Avira	12.09.2012	124MB	12.0.0.1199
    CCleaner	Piriform	22.08.2012		3.22
    DesignPro 5	Avery Dennison	15.01.2012	18,1MB	5.5.708
    Die Sims 2		03.01.2012		
    Die Sims™ 2 Apartment-Leben	Electronic Arts	10.04.2012		
    Die Sims™ 2 Freizeit-Spaß	Electronic Arts	03.01.2012		
    Die Sims™ 2 H&M®-Fashion-Accessoires		03.01.2012		
    Die Sims™ 2 Haustiere		03.01.2012		
    Die Sims™ 2 Party-Accessoires		03.01.2012		
    Die Sims™ 2 Vier Jahreszeiten		03.01.2012		
    Duden Korrektor Standard	Bibliographisches Institut GmbH	16.04.2012	621MB	7.00.0000
    EPSON BX525WD Series Handbuch		31.12.2011		
    EPSON BX525WD Series Netzwerk-Handbuch		31.12.2011		
    EPSON BX525WD Series Printer Uninstall	SEIKO EPSON Corporation	31.12.2011		
    Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	31.12.2011		2.2.0.0
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)	SEIKO EPSON CORPORATION	31.12.2011		1.00.0000
    Epson Event Manager	SEIKO EPSON CORPORATION	31.12.2011	38,7MB	2.40.0001
    EPSON Scan	Seiko Epson Corporation	31.12.2011		
    EpsonNet Print	SEIKO EPSON CORPORATION	31.12.2011		2.4i
    EpsonNet Setup 3.3	SEIKO EPSON CORPORATION	31.12.2011		3.3a
    Fraps		07.04.2012		
    Free 3GP Video Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	69,4MB	5.0.7.403
    Free AVI Video Converter version 5.0.16.821	DVDVideoSoft Ltd.	21.08.2012	78,2MB	5.0.16.821
    Free DVD Video Converter version 2.0.11.903	DVDVideoSoft Ltd.	09.09.2012	100MB	2.0.11.903
    Free MP4 Video Converter version 5.0.17.903	DVDVideoSoft Ltd.	09.09.2012	74,1MB	5.0.17.903
    Free Video Dub version 2.0.14.825	DVDVideoSoft Ltd.	02.09.2012	80,2MB	2.0.14.825
    Free Video Flip and Rotate version 2.1.3.903	DVDVideoSoft Ltd.	15.09.2012	79,8MB	2.1.3.903
    Free Video to Flash Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	72,0MB	5.0.7.403
    Free Video to JPG Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	62,5MB	5.0.7.403
    Free YouTube Download version 3.1.34.824	DVDVideoSoft Ltd.	25.08.2012	84,7MB	3.1.34.824
    Harry Potter TM		25.08.2012		
    IconEdit Pro V7.04	Hagen Wieshofer	03.06.2012	3,90MB	7.0.4.0
    Java 7 Update 7	Oracle	02.09.2012	130MB	7.0.70
    K-Lite Codec Pack 9.0.2 (Standard)		17.08.2012	61,5MB	9.0.2
    Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	14.09.2012	19,2MB	1.65.0.1400
    Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.12.2011	38,8MB	4.0.30319
    Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	30.12.2011	2,93MB	4.0.30319
    Microsoft Office File Validation Add-In	Microsoft Corporation	01.01.2012	7,95MB	14.0.5130.5003
    Microsoft Office Home and Student 2007	Microsoft Corporation	31.12.2011		12.0.6612.1000
    Microsoft Office Live Add-in 1.5	Microsoft Corporation	18.04.2012	508KB	2.0.4024.1
    Microsoft Silverlight	Microsoft Corporation	17.05.2012	64,7MB	5.1.10411.0
    Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	07.04.2012	1,69MB	3.1.0000
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	252KB	8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	31.12.2011	300KB	8.0.61001
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	31.12.2011	240KB	9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.12.2011	596KB	9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	31.12.2011	600KB	9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	31.12.2011	16,5MB	10.0.40219
    Microsoft-Maus- und Tastatur-Center	Microsoft Corporation	02.08.2012		1.1.500.0
    MozBackup 1.5.1	Pavel Cvrcek	30.12.2011		
    Mozilla Firefox 15.0 (x86 de)	Mozilla	02.09.2012	38,8MB	15.0
    Mozilla Maintenance Service	Mozilla	08.09.2012	327KB	15.0.1
    Mozilla Thunderbird 15.0.1 (x86 de)	Mozilla	11.09.2012	39,5MB	15.0.1
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	31.12.2011	35,0KB	4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	31.12.2011	1,33MB	4.20.9876.0
    Nero 10 ClipartPack	Nero AG	13.01.2012	26,5MB	10.6.10000.11.0
    Nero 10 Kwik Themes 1	Nero AG	13.01.2012	51,2MB	10.6.10000.1.0
    Nero 10 Kwik Themes 2	Nero AG	13.01.2012	313MB	10.6.10000.2.0
    Nero 10 Menu TemplatePack 1	Nero AG	13.01.2012	59,7MB	10.6.10000.0.0
    Nero 10 Menu TemplatePack 2	Nero AG	13.01.2012	182MB	10.6.10000.0.0
    Nero 10 Menu TemplatePack 3	Nero AG	13.01.2012	241MB	10.6.10000.1.0
    Nero 10 Sample ImagePack	Nero AG	13.01.2012	5,85MB	10.6.10000.11.0
    Nero 10 Sample Videos	Nero AG	13.01.2012	42,0MB	10.6.10000.11.0
    Nero BackItUp 10	Nero AG	13.01.2012	118MB	5.8.10600.6.100
    Nero Burning ROM 10	Nero AG	13.01.2012	169MB	10.6.10700.5.100
    Nero BurnRights 10	Nero AG	13.01.2012	6,15MB	4.4.10400.2.100
    Nero CoverDesigner 10	Nero AG	13.01.2012	91,3MB	5.6.10600.4.100
    Nero DiscCopy Gadget 10	Nero AG	13.01.2012	34,6MB	3.6.10200.1.100
    Nero DiscSpeed 10	Nero AG	13.01.2012	7,21MB	6.4.10500.1.100
    Nero Express 10	Nero AG	18.03.2012	166MB	10.6.10800.6.100
    Nero InfoTool 10	Nero AG	13.01.2012	7,79MB	7.4.10300.1.100
    Nero Multimedia Suite 10	Nero AG	31.12.2011	2,49GB	10.5.10500
    Nero Prerequisite Installer 1.0	Nero AG	18.03.2012	1,00MB	11.0.11500
    Nero Recode 10	Nero AG	13.01.2012	92,2MB	4.10.10700.5.100
    Nero RescueAgent 10	Nero AG	13.01.2012	6,53MB	3.6.10500.3.100
    Nero SoundTrax 10	Nero AG	18.03.2012	98,1MB	4.10.10500.4.100
    Nero StartSmart 10	Nero AG	13.01.2012	143MB	10.6.10500.3.100
    Nero Vision 10	Nero AG	13.01.2012	223MB	7.4.11000.9.100
    Nero WaveEditor 10	Nero AG	18.03.2012	79,1MB	5.10.10700.6.100
    PC Inspector smart recovery		08.03.2012		4.50
    PhotoFiltre		07.01.2012		
    Realtek Ethernet Controller Driver For Windows 7	Realtek	30.12.2011		7.21.531.2010
    Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	30.12.2011		6.0.1.6136
    Recover Keys	Recover Keys	20.02.2012		
    Skype™ 5.10	Skype Technologies S.A.	27.08.2012	19,4MB	5.10.116
    TeamViewer 7	TeamViewer	05.08.2012		7.0.13989
    tulox		07.01.2012		
    Windows Live Essentials	Microsoft Corporation	07.04.2012		15.4.3555.0308
    Windows Media Player Firefox Plugin	Microsoft Corp	18.03.2012	296KB	1.0.0.8
    WinEject	Ingo Heeskens	15.01.2012		2.00
    .

    Das war's erst einmal.

  7. #7
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Danke für die Rückmeldung!

    Habe die Einleitung gelesen und akzeptiere die Foren-Regeln etc.

    Habe den Fund „Trojan.Win32.Generic!BT“ aus der Quarantäne verschoben!

    Habe „OTL“ wie gewünscht durchgeführt. IN meinem OTL-Menü war ein Häkchen bei „Use No-Company-Name WhiteList“. Dieser Menüpunkt war in dem Screenshot deiner Antwort nicht abgebildet.
    Siehe Ergebnisse:

    Code:
     OTL logfile created on: 16.09.2012 17:38:30 - Run 1
    OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\PTOLEMAIOS SOTER\Desktop
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,37% Memory free
    6,50 Gb Paging File | 5,06 Gb Available in Paging File | 77,85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397,17 Gb Total Space | 1101,78 Gb Free Space | 78,86% Space Free | Partition Type: NTFS
     
    Computer Name: SONNENSTURM | User Name: PTOLEMAIOS SOTER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.09.16 13:48:06 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    PRC - [2012.09.08 20:27:51 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
    PRC - [2012.08.01 09:35:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012.07.12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe
    PRC - [2012.06.26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe
    PRC - [2012.06.26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe
    PRC - [2012.05.08 19:22:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012.05.08 19:22:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
    PRC - [2012.05.08 19:22:09 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012.04.06 04:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2012.04.06 04:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
    PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
    PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009.12.03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
    PRC - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
    PRC - [2001.05.10 14:33:53 | 000,096,768 | ---- | M] (Ingo Heeskens) -- C:\Programme\WinEject\WinEject.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.09.08 20:27:51 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
    MOD - [2012.06.13 19:08:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012.06.13 19:08:00 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012.06.13 19:07:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012.06.13 19:07:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012.06.13 19:07:33 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012.05.18 00:21:06 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012.05.10 21:59:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012.05.10 21:58:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012.05.10 21:57:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012.05.10 21:56:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012.05.10 21:56:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012.05.10 21:56:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012.05.10 21:56:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011.12.05 22:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
    MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
    MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
    MOD - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
     
     
    ========== Services (SafeList) ==========
     
    SRV - [2012.09.08 20:27:51 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012.05.08 19:22:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2012.05.08 19:22:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012.04.06 04:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
    SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2012.05.08 19:22:09 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2012.05.08 19:22:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2012.04.06 07:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2012.04.06 03:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
    DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
    DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2011.06.24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
    DRV - [2010.11.25 07:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
    DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2007.03.27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:InPrivate
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 B7 15 08 EE E3 CC 01  [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://eu.ixquick.com/?r=6131"
    FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
    FF - prefs.js..extensions.enabledAddons: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:3.3
    FF - prefs.js..extensions.enabledAddons: guiconfig@slosd.net:1.2.2
    FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2
    FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
    FF - prefs.js..extensions.enabledItems: {9D6218B8-03C7-4b91-AA43-680B305DD35C}:1.7.9.7
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.5
    FF - prefs.js..extensions.enabledItems: macfox_nostalgia@smartbright:1.04.03
    FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
     
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 20:27:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 20:27:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.02 19:07:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 20:27:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 20:27:48 | 000,000,000 | ---D | M]
     
    [2011.12.30 23:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Extensions
    [2012.09.14 17:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Firefox\Profiles\cc2xipvt.default\extensions
    [2012.03.12 22:45:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\Firefox\Profiles\cc2xipvt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012.07.29 10:28:21 | 000,282,478 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\azhang@cloudacl.com.xpi
    [2012.02.04 22:21:57 | 000,092,840 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\foxfilter@inspiredeffect.net.xpi
    [2012.04.10 19:00:36 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\guiconfig@slosd.net.xpi
    [2012.04.10 19:07:44 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\trackerblock@privacychoice.org.xpi
    [2011.07.17 09:06:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
    [2012.09.14 17:52:24 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2011.09.09 20:14:48 | 000,052,184 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi
    [2012.07.25 22:40:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012.09.14 17:52:24 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2011.12.19 20:11:10 | 000,002,419 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\englische-ergebnisse.xml
    [2012.09.15 09:27:34 | 000,001,610 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\ixquick---deutsch.xml
    [2012.02.21 20:47:32 | 000,002,299 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\yasni.xml
    [2012.09.08 20:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
    [2012.09.08 20:27:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.09.02 18:59:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [WinEjectAutoStart1] C:\Program Files\WinEject\WinEject.exe (Ingo Heeskens)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O8 - Extra context menu item: Free YouTube Download - C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6164295E-F4E6-4243-AC60-6957840C6CA8}: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4FAE49C-49C4-4F20-963A-3AF5324A1405}: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.09.16 13:49:40 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    [2012.09.14 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\Documents\Neuer Ordner
    [2012.09.13 00:10:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
    [2012.09.13 00:10:20 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012.09.13 00:10:20 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012.09.13 00:10:19 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2012.09.11 18:27:44 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\Documents\Nero Recode
    [2012.09.09 12:31:53 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Malwarebytes
    [2012.09.09 12:31:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012.09.09 12:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012.09.08 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012.09.04 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012.09.04 22:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
    [2012.09.04 22:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2012.09.04 22:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012.09.02 18:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012.09.02 18:58:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012.09.02 18:58:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012.09.02 18:58:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012.09.02 18:58:11 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012.08.27 19:44:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012.08.27 19:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012.08.27 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012.08.26 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\{4AB60B3A-94FD-4B6E-B92D-421889E12527}
    [2012.08.23 21:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
    [2012.08.23 13:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
    [2012.08.23 13:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [2012.08.20 18:56:58 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\adaware
    [2012.08.20 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2012.08.20 18:56:52 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
    [2012.08.20 18:56:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
    [2012.08.20 18:56:04 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\Downloaded Installations
    [2012.08.17 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Media Player Classic
    [2012.04.07 17:10:03 | 000,036,069 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files\uninstall.exe
    [2011.10.22 13:23:12 | 000,068,272 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat
    [2011.10.22 13:23:10 | 002,366,128 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps.exe
    [2011.10.22 13:21:00 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll
    [2011.10.22 13:06:32 | 000,231,600 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps32.dll
    [2011.10.22 13:06:32 | 000,185,520 | ---- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.09.16 17:39:25 | 000,004,618 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\Desktop\HiJack This - Verknüpfung.lnk
    [2012.09.16 17:37:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.09.16 17:37:32 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.09.16 17:34:36 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2012.09.16 17:34:36 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012.09.16 17:34:36 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2012.09.16 17:34:36 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012.09.16 17:30:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.09.16 17:30:06 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
    [2012.09.16 13:48:06 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PTOLEMAIOS SOTER\Desktop\OTL.exe
    [2012.09.14 22:08:28 | 000,540,851 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\Documents\B107 - S.12 -155. Zeit.jpg
    [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012.09.04 17:39:10 | 000,325,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012.09.02 18:58:01 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012.09.02 18:57:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012.09.02 18:57:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012.09.02 18:57:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012.09.02 18:57:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012.09.02 18:57:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012.08.25 15:26:25 | 000,000,526 | ---- | M] () -- C:\Windows\eReg.dat
    [2012.08.24 19:59:45 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012.08.24 19:59:45 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012.08.24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
    [2012.08.22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012.08.22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012.08.20 18:49:56 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2012.08.20 18:49:56 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
     
    ========== Files Created - No Company Name ==========
     
    [2012.09.16 17:39:25 | 000,004,618 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\Desktop\HiJack This - Verknüpfung.lnk
    [2012.09.14 21:57:29 | 000,540,851 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\Documents\B107 - S.12 -155. Zeit.jpg
    [2012.08.25 15:26:25 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat
    [2012.08.17 12:27:12 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012.07.27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
    [2012.03.08 22:44:42 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
    [2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
    [2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
    [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2012.01.07 23:48:02 | 000,003,584 | ---- | C] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.01.02 22:34:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2012.01.02 22:34:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011.12.30 22:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011.10.22 12:48:54 | 000,001,905 | ---- | C] () -- C:\Program Files\README.HTM
    [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
     
    ========== LOP Check ==========
     
    [2012.05.20 20:05:41 | 000,000,000 | -HSD | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\.#
    [2012.08.20 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Ad-Aware Antivirus
    [2012.01.15 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Avery
    [2012.04.16 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Duden
    [2012.09.09 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoft
    [2012.04.07 23:11:22 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012.01.02 16:18:28 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Epson
    [2012.04.08 14:47:03 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\HandBrake
    [2012.09.02 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\PhotoFiltre
    [2012.06.03 21:14:15 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\TeamViewer
    [2012.02.20 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\Thunderbird
    [2012.09.05 07:35:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    .

    Und:
    Code:
     OTL Extras logfile created on: 16.09.2012 17:38:30 - Run 1
    OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\PTOLEMAIOS SOTER\Desktop
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,37% Memory free
    6,50 Gb Paging File | 5,06 Gb Available in Paging File | 77,85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 1397,17 Gb Total Space | 1101,78 Gb Free Space | 78,86% Space Free | Partition Type: NTFS
     
    Computer Name: SONNENSTURM | User Name: PTOLEMAIOS SOTER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03A1C8FA-E8B1-4293-8B9E-227F2B582B11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{03DA5DEC-0C0B-46A4-99A7-23ED85ED688C}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{0F2D71CE-0C10-495F-990D-CC00D995A953}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{16D517D5-B1DE-47A0-A3E2-AD2B8AF04A30}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{3664D89D-6024-4F4F-8CBE-05DDFE68186F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{3857D9C7-EA90-462E-A76D-7D28764AA113}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{3B38F3E8-E9F8-4625-81A4-47A64003855B}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{41754953-7731-42B3-A67F-66A1999AC09A}" = rport=10243 | protocol=6 | dir=out | app=system | 
    "{43B4A249-3014-450E-8F17-1652B15E785B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{73EA8445-87FA-4D0E-B601-961669A8779E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{802ACF5C-2659-4EF9-B3C0-33CDD2971E64}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{9A407CDB-A07A-4DCF-B3BF-FB8EB530C02D}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{A22F976C-0AD6-4D81-8E85-0AE07E2A8DB7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
    "{AEB702E5-BF4E-4814-ADAC-8B96F1FC5B05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B2488CEF-AD4C-4AAD-82CC-F70F2E91D824}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{B3737B98-990D-4329-9E0E-C6CD1ED58C72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{BDC54C42-D723-4731-A2F8-32C89C5B6186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{C67798CA-3347-4A51-9FC7-4032F1962B97}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{D35A19BF-51A1-4C22-8CCB-46712F7BE526}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{D3D31ECF-BA1A-4AE0-89E0-BD72D15A98BC}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{DD540B0B-0C40-4BB1-9507-2E56A116D6D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{E7AD1285-0968-485C-B7FD-F374DE32BB0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{F03FFB35-8BFD-4642-A155-2763676B1FE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
    "{FB116734-2A98-446A-95F1-6D4C1B330E66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{FE52C8B0-41DF-46BD-B976-BACB9DA361CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04E64D72-0EB3-4CF6-8B5B-D679DC80306C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{0EF778AD-242A-4EE5-83B9-68829807CB98}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{2397F665-D1E9-4034-B13D-46BE535DAB20}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
    "{240A3510-E6A3-4625-A367-DC8AE6597BCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{31D4BC54-F6A6-4D31-8886-FC8CA68AC151}" = protocol=58 | dir=in | app=system | 
    "{33C194E0-5AA3-4D76-9111-ED5F68650C3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{434CC72A-4F93-4E74-979B-029842F93EE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{5E65A22C-7D97-43DE-B92E-6E8749B1395E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{669889AC-381C-4804-B4FA-11BEC2AEFBBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{6754213B-B655-4F12-9106-A5876AD31287}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{6C87E89D-1CF2-47DD-A238-A249A71A3041}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
    "{74412B39-991F-45E6-AAC0-8C0BBDD5DAE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{74F4AE41-0BB8-4613-8FE8-5349F1EA4323}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
    "{790E15F8-7389-4951-BF33-5D1CD3C7C261}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{7CCF0B1B-6813-49C4-ADF0-95894BDAAF9E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{7D8876E2-9AA1-49F5-9790-B8B1E1920B31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{912CDFF3-8F5C-4CE6-8B32-93EEEA53D1CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{91580999-1F07-4C0A-B1C6-33035DAC8041}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{A4E5E2CA-F120-49E4-A5A6-9D0D82E53F72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{A5F4309E-5B07-4269-B257-369AB2CB0C76}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
    "{AE062A5C-91C1-42F0-B0DF-C0EE9CF81129}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{BC03F7CD-AFC2-4F1D-89A9-19C8E8C3E087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{C10C5BF6-7158-480D-A559-D586F5CEE109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{C5AA12DA-C7B6-4438-AFB6-B8BE5DD73DA6}" = protocol=6 | dir=out | app=system | 
    "{FBC8B5A9-FB59-4B78-8465-C3CEDBA93CD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{FD1EA356-5C37-4498-A33E-44EEC9A698C6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
    "TCP Query User{B89FFADB-2179-4111-A1A4-51C0CA9CD39C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "TCP Query User{BE52797E-C4F1-474F-8616-6EC9E77D0F96}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "TCP Query User{D1DE4206-7E6B-4BEB-8335-8A7823C1248D}C:\program files\tulox\wbuch.exe" = protocol=6 | dir=in | app=c:\program files\tulox\wbuch.exe | 
    "TCP Query User{DE221177-58B3-4575-8ACC-3C5529E4A008}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "TCP Query User{EE776334-CF83-43C0-8D2E-E1BF6B0103A8}C:\program files\tulox\tulox.exe" = protocol=6 | dir=in | app=c:\program files\tulox\tulox.exe | 
    "UDP Query User{02FBFBD8-BB68-4A63-BA51-2DC494A7A1FD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "UDP Query User{08420B90-C4E0-446D-B96C-850F27D31F9D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
    "UDP Query User{4A3E0889-46C9-4C16-855B-002819AE3DC5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "UDP Query User{D4BD53E3-BE89-4078-8236-8F02D87F46DA}C:\program files\tulox\wbuch.exe" = protocol=17 | dir=in | app=c:\program files\tulox\wbuch.exe | 
    "UDP Query User{E693B747-2A86-4C23-A3D4-9F2B6A3B373D}C:\program files\tulox\tulox.exe" = protocol=17 | dir=in | app=c:\program files\tulox\tulox.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{06F64222-5A0C-4184-B2F1-2097763DCCAD}" = IconEdit Pro V7.04
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
    "{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
    "{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
    "{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
    "{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
    "{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
    "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
    "{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
    "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
    "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
    "{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
    "{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
    "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F198874-3C7D-5983-02EB-9E234C43F174}" = AMD Steady Video Plug-In 
    "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
    "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65D251BB-7B37-40A3-AEAE-75D7AEC35B03}" = Abenteuer auf dem Reiterhof 3 - Das Erbe der Gräfin
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7C723C94-CB1B-E2BD-0E90-BC64DA26074C}" = AMD Fuel
    "{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
    "{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
    "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
    "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
    "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
    "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}" = Duden Korrektor Standard
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
    "{9DB7A055-0C66-C319-9613-CACDC50DDB38}" = ccc-utility
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
    "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
    "{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
    "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
    "{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}" = AMD Catalyst Install Manager
    "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
    "{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
    "{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
    "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
    "{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
    "{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
    "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
    "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
    "{CBAE26C1-B3B1-66FC-81A0-FA1774CF2B20}" = AMD Fuel
    "{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
    "{DB3D1784-421D-9942-3AC4-D90B18615BBC}" = ccc-utility
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
    "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
    "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
    "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
    "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
    "{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "1-abc.net File Renamer" = 1-abc.net File Renamer (Remove only)
    "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall
    "EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch
    "EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch
    "EPSON Scanner" = EPSON Scan
    "Fraps" = Fraps
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.7.403
    "Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.16.821
    "Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.11.903
    "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.17.903
    "Free Video Dub_is1" = Free Video Dub version 2.0.14.825
    "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.3.903
    "Free Video to Flash Converter_is1" = Free Video to Flash Converter version 5.0.7.403
    "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.7.403
    "Free YouTube Download_is1" = Free YouTube Download version 3.1.34.824
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.0.2 (Standard)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
    "MozBackup" = MozBackup 1.5.1
    "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
    "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Recover Keys_is1" = Recover Keys
    "TeamViewer 7" = TeamViewer 7
    "tulox" = tulox
    "WinEject" = WinEject
    "WinLiveSuite" = Windows Live Essentials
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "PhotoFiltre" = PhotoFiltre
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 09.09.2012 08:28:38 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:03:01 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:05:05 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:09:53 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:11:16 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:12:55 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 09.09.2012 14:15:40 | Computer Name = SONNENSTURM | Source = .NET Runtime | ID = 1022
    Description = 
     
    Error - 10.09.2012 20:23:22 | Computer Name = SONNENSTURM | Source = SideBySide | ID = 16842761
    Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Duden\Duden
     Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program
     Files\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 2.  Das Stammelement
     der Manifestdatei muss assembliert sein.
     
    Error - 10.09.2012 20:27:26 | Computer Name = SONNENSTURM | Source = SideBySide | ID = 16842815
    Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
     Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
     in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
     ungültig.
     
    Error - 11.09.2012 13:31:13 | Computer Name = SONNENSTURM | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: Recode.exe, Version: 4.10.5.100, 
    Zeitstempel: 0x4db960b8  Name des fehlerhaften Moduls: NeResize.ax, Version: 7.1.12.0,
     Zeitstempel: 0x4d0f50c4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003290  ID des fehlerhaften
     Prozesses: 0x54c  Startzeit der fehlerhaften Anwendung: 0x01cd9041edab4320  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Nero\Nero 10\Nero Recode\Recode.exe  Pfad
     des fehlerhaften Moduls: C:\Program Files\Nero\Nero 10\Nero Recode\SMC\NeResize.ax
    Berichtskennung:
     7b5b099f-fc36-11e1-a21c-406186967e35
     
    Error - 11.09.2012 13:42:49 | Computer Name = SONNENSTURM | Source = Application Error | ID = 1000
    Description = Name der fehlerhaften Anwendung: Recode.exe, Version: 4.10.5.100, 
    Zeitstempel: 0x4db960b8  Name des fehlerhaften Moduls: NeResize.ax, Version: 7.1.12.0,
     Zeitstempel: 0x4d0f50c4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00003290  ID des fehlerhaften
     Prozesses: 0x12e0  Startzeit der fehlerhaften Anwendung: 0x01cd9043fa2d9ad8  Pfad der
     fehlerhaften Anwendung: C:\Program Files\Nero\Nero 10\Nero Recode\Recode.exe  Pfad
     des fehlerhaften Moduls: C:\Program Files\Nero\Nero 10\Nero Recode\SMC\NeResize.ax
    Berichtskennung:
     1a69bde1-fc38-11e1-a21c-406186967e35
     
    [ OSession Events ]
    Error - 22.04.2012 07:22:34 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1018
     seconds with 180 seconds of active time.  This session ended with a crash.
     
    Error - 08.07.2012 16:34:52 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 823
     seconds with 780 seconds of active time.  This session ended with a crash.
     
    Error - 26.07.2012 16:39:48 | Computer Name = SONNENSTURM | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1608
     seconds with 600 seconds of active time.  This session ended with a crash.
     
    [ System Events ]
    Error - 13.09.2012 01:48:31 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
     
    Error - 13.09.2012 13:50:00 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:00 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:01 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:01 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 13.09.2012 13:50:02 | Computer Name = SONNENSTURM | Source = Disk | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
     
    Error - 15.09.2012 08:05:35 | Computer Name = SONNENSTURM | Source = cdrom | ID = 262155
    Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
     
    Error - 15.09.2012 13:18:50 | Computer Name = SONNENSTURM | Source = WMPNetworkSvc | ID = 866300
    Description = 
     
    Error - 16.09.2012 07:54:10 | Computer Name = SONNENSTURM | Source = WMPNetworkSvc | ID = 866333
    Description = 
     
    Error - 16.09.2012 11:30:41 | Computer Name = SONNENSTURM | Source = WMPNetworkSvc | ID = 866300
    Description = 
     
     
    < End of report >
    .

    Habe „CCleaner“ installiert und gemäß der Forenseite CCleaner Anleitung ausgeführt.

    Code:
     1-abc.net File Renamer (Remove only)		09.03.2012		
    ABBYY FineReader 5.0 Sprint	ABBYY Software House	31.12.2011	101MB	5.0.0.3411
    Abenteuer auf dem Reiterhof 3 - Das Erbe der Gräfin	Ubisoft	24.08.2012		1.00.0000
    Ad-Aware Antivirus	Lavasoft Limited	20.08.2012	35,4MB	10.2.21.3698
    Ad-Aware Browsing Protection	Lavasoft	20.08.2012		0.9.0.2
    Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	06.05.2012	6,00MB	11.2.202.235
    Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	24.08.2012	6,00MB	11.4.402.265
    Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	16.08.2012	154MB	10.1.4
    Adobe Shockwave Player 11.6	Adobe Systems, Inc.	17.08.2012		11.6.6.636
    AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	04.09.2012	20,2MB	3.0.859.0
    Avira Free Antivirus	Avira	12.09.2012	124MB	12.0.0.1199
    CCleaner	Piriform	22.08.2012		3.22
    DesignPro 5	Avery Dennison	15.01.2012	18,1MB	5.5.708
    Die Sims 2		03.01.2012		
    Die Sims™ 2 Apartment-Leben	Electronic Arts	10.04.2012		
    Die Sims™ 2 Freizeit-Spaß	Electronic Arts	03.01.2012		
    Die Sims™ 2 H&M®-Fashion-Accessoires		03.01.2012		
    Die Sims™ 2 Haustiere		03.01.2012		
    Die Sims™ 2 Party-Accessoires		03.01.2012		
    Die Sims™ 2 Vier Jahreszeiten		03.01.2012		
    Duden Korrektor Standard	Bibliographisches Institut GmbH	16.04.2012	621MB	7.00.0000
    EPSON BX525WD Series Handbuch		31.12.2011		
    EPSON BX525WD Series Netzwerk-Handbuch		31.12.2011		
    EPSON BX525WD Series Printer Uninstall	SEIKO EPSON Corporation	31.12.2011		
    Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	31.12.2011		2.2.0.0
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)	SEIKO EPSON CORPORATION	31.12.2011		1.00.0000
    Epson Event Manager	SEIKO EPSON CORPORATION	31.12.2011	38,7MB	2.40.0001
    EPSON Scan	Seiko Epson Corporation	31.12.2011		
    EpsonNet Print	SEIKO EPSON CORPORATION	31.12.2011		2.4i
    EpsonNet Setup 3.3	SEIKO EPSON CORPORATION	31.12.2011		3.3a
    Fraps		07.04.2012		
    Free 3GP Video Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	69,4MB	5.0.7.403
    Free AVI Video Converter version 5.0.16.821	DVDVideoSoft Ltd.	21.08.2012	78,2MB	5.0.16.821
    Free DVD Video Converter version 2.0.11.903	DVDVideoSoft Ltd.	09.09.2012	100MB	2.0.11.903
    Free MP4 Video Converter version 5.0.17.903	DVDVideoSoft Ltd.	09.09.2012	74,1MB	5.0.17.903
    Free Video Dub version 2.0.14.825	DVDVideoSoft Ltd.	02.09.2012	80,2MB	2.0.14.825
    Free Video Flip and Rotate version 2.1.3.903	DVDVideoSoft Ltd.	15.09.2012	79,8MB	2.1.3.903
    Free Video to Flash Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	72,0MB	5.0.7.403
    Free Video to JPG Converter version 5.0.7.403	DVDVideoSoft Ltd.	10.04.2012	62,5MB	5.0.7.403
    Free YouTube Download version 3.1.34.824	DVDVideoSoft Ltd.	25.08.2012	84,7MB	3.1.34.824
    Harry Potter TM		25.08.2012		
    IconEdit Pro V7.04	Hagen Wieshofer	03.06.2012	3,90MB	7.0.4.0
    Java 7 Update 7	Oracle	02.09.2012	130MB	7.0.70
    K-Lite Codec Pack 9.0.2 (Standard)		17.08.2012	61,5MB	9.0.2
    Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	14.09.2012	19,2MB	1.65.0.1400
    Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.12.2011	38,8MB	4.0.30319
    Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	30.12.2011	2,93MB	4.0.30319
    Microsoft Office File Validation Add-In	Microsoft Corporation	01.01.2012	7,95MB	14.0.5130.5003
    Microsoft Office Home and Student 2007	Microsoft Corporation	31.12.2011		12.0.6612.1000
    Microsoft Office Live Add-in 1.5	Microsoft Corporation	18.04.2012	508KB	2.0.4024.1
    Microsoft Silverlight	Microsoft Corporation	17.05.2012	64,7MB	5.1.10411.0
    Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	07.04.2012	1,69MB	3.1.0000
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	252KB	8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	31.12.2011	300KB	8.0.61001
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	31.12.2011	240KB	9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.12.2011	596KB	9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	31.12.2011	600KB	9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	31.12.2011	16,5MB	10.0.40219
    Microsoft-Maus- und Tastatur-Center	Microsoft Corporation	02.08.2012		1.1.500.0
    MozBackup 1.5.1	Pavel Cvrcek	30.12.2011		
    Mozilla Firefox 15.0 (x86 de)	Mozilla	02.09.2012	38,8MB	15.0
    Mozilla Maintenance Service	Mozilla	08.09.2012	327KB	15.0.1
    Mozilla Thunderbird 15.0.1 (x86 de)	Mozilla	11.09.2012	39,5MB	15.0.1
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	31.12.2011	35,0KB	4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	31.12.2011	1,33MB	4.20.9876.0
    Nero 10 ClipartPack	Nero AG	13.01.2012	26,5MB	10.6.10000.11.0
    Nero 10 Kwik Themes 1	Nero AG	13.01.2012	51,2MB	10.6.10000.1.0
    Nero 10 Kwik Themes 2	Nero AG	13.01.2012	313MB	10.6.10000.2.0
    Nero 10 Menu TemplatePack 1	Nero AG	13.01.2012	59,7MB	10.6.10000.0.0
    Nero 10 Menu TemplatePack 2	Nero AG	13.01.2012	182MB	10.6.10000.0.0
    Nero 10 Menu TemplatePack 3	Nero AG	13.01.2012	241MB	10.6.10000.1.0
    Nero 10 Sample ImagePack	Nero AG	13.01.2012	5,85MB	10.6.10000.11.0
    Nero 10 Sample Videos	Nero AG	13.01.2012	42,0MB	10.6.10000.11.0
    Nero BackItUp 10	Nero AG	13.01.2012	118MB	5.8.10600.6.100
    Nero Burning ROM 10	Nero AG	13.01.2012	169MB	10.6.10700.5.100
    Nero BurnRights 10	Nero AG	13.01.2012	6,15MB	4.4.10400.2.100
    Nero CoverDesigner 10	Nero AG	13.01.2012	91,3MB	5.6.10600.4.100
    Nero DiscCopy Gadget 10	Nero AG	13.01.2012	34,6MB	3.6.10200.1.100
    Nero DiscSpeed 10	Nero AG	13.01.2012	7,21MB	6.4.10500.1.100
    Nero Express 10	Nero AG	18.03.2012	166MB	10.6.10800.6.100
    Nero InfoTool 10	Nero AG	13.01.2012	7,79MB	7.4.10300.1.100
    Nero Multimedia Suite 10	Nero AG	31.12.2011	2,49GB	10.5.10500
    Nero Prerequisite Installer 1.0	Nero AG	18.03.2012	1,00MB	11.0.11500
    Nero Recode 10	Nero AG	13.01.2012	92,2MB	4.10.10700.5.100
    Nero RescueAgent 10	Nero AG	13.01.2012	6,53MB	3.6.10500.3.100
    Nero SoundTrax 10	Nero AG	18.03.2012	98,1MB	4.10.10500.4.100
    Nero StartSmart 10	Nero AG	13.01.2012	143MB	10.6.10500.3.100
    Nero Vision 10	Nero AG	13.01.2012	223MB	7.4.11000.9.100
    Nero WaveEditor 10	Nero AG	18.03.2012	79,1MB	5.10.10700.6.100
    PC Inspector smart recovery		08.03.2012		4.50
    PhotoFiltre		07.01.2012		
    Realtek Ethernet Controller Driver For Windows 7	Realtek	30.12.2011		7.21.531.2010
    Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	30.12.2011		6.0.1.6136
    Recover Keys	Recover Keys	20.02.2012		
    Skype™ 5.10	Skype Technologies S.A.	27.08.2012	19,4MB	5.10.116
    TeamViewer 7	TeamViewer	05.08.2012		7.0.13989
    tulox		07.01.2012		
    Windows Live Essentials	Microsoft Corporation	07.04.2012		15.4.3555.0308
    Windows Media Player Firefox Plugin	Microsoft Corp	18.03.2012	296KB	1.0.0.8
    WinEject	Ingo Heeskens	15.01.2012		2.00
    .

    Das war's erst einmal.

  8. #8
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.509

    AW: Trojan.Win32.Generic!BT

    Systemreinigung und Prüfung:

    ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
    Nur bei Probleme stoppen und nachfragen


    1.
    Deinstalliere:
    Code:
    "Ad-Aware Free": jetzt läuft mit Anti-Viren-Schutz!
    Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!

    Mehr AV Programme bedeutet nicht mehr Sicherheit! Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen.
    Bevor du ein anderes Antivirenprogramm installierst solltest du auf jeden Fall das vorherige vollständig deinstallieren!

    2.
    Achtung wichtig!:
    Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
    (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)



    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript (unverändert - also beginnend :OTL bis zur letzten Zeile [emptytemp] (ohne "code"!):
    Code:
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
    [2012.02.21 20:47:32 | 000,002,299 | ---- | M] () -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\mozilla\firefox\profiles\cc2xipvt.default\searchplugins\yasni.xml
    [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.09.02 18:59:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
    [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
    [2012.05.20 20:05:41 | 000,000,000 | -HSD | M] -- C:\Users\PTOLEMAIOS SOTER\AppData\Roaming\.#
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    3.
    Alle Programme/Fenster schließen
    Java-Cache leeren - sollte man öfters tun!

    Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
    -> Wie leere ich den Java-Cache?
    -> Java-Cache leeren
    -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

    4.
    Java :
    Ältere Versionen falls noch existieren, deinstallieren
    ► Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
    5.
    Alle Programme/Fenster schließen
    Öffne CCleaner - Anleitung CCleaner
    • "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
    • "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
    • Starte dein System neu auf


    6.
    Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
    ->Tipps zu Internet Explorer
    -> Standard Suchmaschine des Explorers ändern
    -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
    -> Wie kann ich den Cache im Internet Explorer leeren?

    7.
    Vorbereitung

    • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
    • Bitte während der Online-Scans deaktivieren:
      Anti-Virus-Programm und Firewall.
    • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
    • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
      Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
    • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
    • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


    • .


    Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!

    • Eset Online Scanner (NOD32)
      • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
      • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
      • Dein Anti-Virus-Programm während des Scans deaktivieren.
      • Button "ESET Online Scanner" drücken.
      • IE-User müssen das Installieren eines ActiveX Elements erlauben.
      • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
      • Einen Haken bei "Remove found threads" und "Scan archives" machen.
      • Start drücken.
      • Signaturen werden heruntergeladen.
      • Der Scan beginnt automatisch.
      • Wenn fertig, das Protokoll speichern und mir posten.
        -> List of found threats
        -> Export to text file
        -> Back
        -> Delete quarantäne files
      • Finish drücken.
      • Browser schließen.
      • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
      • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


    8.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  9. #9
    schrauber
    Gast

    AW: Trojan.Win32.Generic!BT

    Hi,

    Kira ist im Urlaub, ich übernehme den Thread

  10. #10
    Einsteiger
    Registriert seit
    20.11.2011
    Beiträge
    15

    AW: Trojan.Win32.Generic!BT

    Ich werde der Reihe vorgehen, so wie ich Zeit finde; was keineswegs heißen soll, dass ich nicht dankbar für Vorschläge bin!

    Ich habe zwei Einträge von Ad-Aware: Ad-Aware Antivirus und Ad-Aware Browsing Protection. Soll ich also beide deinstallieren? Reicht die Deinstallation über die Windows-Routine?

    Probleme hatte ich bislang keine festgestellt, nur die in der ersten Mitteilung angefragte Trojaner-Meldung unter Ad-Aware.

Seite 1 von 3 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 14
    Letzter Beitrag: 27.09.2011, 14:46
  2. Trojan.win32.Generic!BT
    Von gmgrafik im Forum Allgemeines
    Antworten: 1
    Letzter Beitrag: 10.11.2010, 22:52
  3. trojan.win32.Generic!BT
    Von glückskäfer im Forum Archiv
    Antworten: 10
    Letzter Beitrag: 13.08.2010, 08:08
  4. Virus (Trojan.Win32.Generic) entfernen!
    Von fotofranz im Forum Archiv
    Antworten: 21
    Letzter Beitrag: 29.09.2009, 18:23
  5. Virus HEUR: Trojan.Win32.Generic
    Von Lauren im Forum Archiv
    Antworten: 25
    Letzter Beitrag: 30.08.2009, 16:31

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •