Ergebnis 1 bis 2 von 2

Thema: Vista WindowsUpdate/Systemwiderherstellung/AViraEchtzeitscan funktionieren nicht mehr

  1. #1
    Einsteiger
    Registriert seit
    23.09.2012
    Beiträge
    1

    Vista WindowsUpdate/Systemwiderherstellung/AViraEchtzeitscan funktionieren nicht mehr

    Hallo zusammen.

    Ich habe folgendes Problem, welches mir heute auffiel. Avira Free Antivirus läuft nicht mehr im Echtzeitscan Modus, dieser lässt sich auch nicht mehr einschalten. Daraufhin habe ich einen Komplettscan durchgeführt, welcher auch 8 Ergebnisse ergab. Hektisch wie ich bin habe ich dieser aus der Quarantäne gelöscht. Ein Treffer war jedoch "exp/java.ternub.gen" Die anderen weiß ich nicht mehr. Bericht folgt. Ich habe mir dann noch AntiMalware von Malwarebytes geladen, update gemacht und Komplettscan durchgeführt. Log folgt ebefalls.
    Danach wollte ich ein Windows update durchführen. Dort war plötzlich das automatische update deaktiviert und ließ sich nicht mehr aktivieren [Ich bekam den Hinweis " Das Sicherheitscenter konnte die Einstellung für "Automatische Updates nicht ändern" mit einem Link auf manuelle Änderung, was ich versuchte, ohne Ergebnis, ich bekam denselben Hinweis nochmal). Danach Systemwiederherstellung versucht. Der Pc fuhr herunter und nach einiger Zeit wieder hoch, die Wiederherstellung hat nicht geklappt. Ich nutze Windows Vista 64 bit home premium Servie Pack 2 (das letzte automatische update wurde am 1.9. durchgeführt).
    Neue Scans mit Avira und AntiMalware ergaben keine Funde. Was ist zu tun?

    Filesharing Programme nutze ich nicht auch keine Programme illegaler Herkunft. Ich setze nun die gesammelten Berichte und Logs ein:

    AVIRA vor dem Löschen der Funde
    Code:
     
    
    Avira Free Antivirus
    Erstellungsdatum der Reportdatei: Sonntag, 23. September 2012  08:48
    
    Es wird nach 4251695 Virenstämmen gesucht.
    
    Das Programm läuft als uneingeschränkte Vollversion.
    Online-Dienste stehen zur Verfügung.
    
    Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
    Seriennummer   : 0000149996-ADJIE-0000001
    Plattform      : Windows Vista x64
    Windowsversion : (Service Pack 2)  [6.0.6002]
    Boot Modus     : Normal gebootet
    Benutzername   : SYSTEM
    Computername   : BROCK-PC
    
    Versionsinformationen:
    BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
    AVSCAN.EXE     : 12.1.0.20     492496 Bytes  15.02.2012 22:12:00
    AVSCAN.DLL     : 12.1.0.18      65744 Bytes  15.02.2012 22:11:59
    LUKE.DLL       : 12.1.0.19      68304 Bytes  15.02.2012 22:12:00
    AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  09.05.2012 04:42:14
    AVREG.DLL      : 12.3.0.17     232200 Bytes  11.05.2012 04:42:10
    VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
    VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
    VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 22:12:17
    VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 22:12:24
    VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 21:13:24
    VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 11:04:58
    VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 18:33:00
    VBASE007.VDF   : 7.11.41.251     2048 Bytes  06.09.2012 18:33:01
    VBASE008.VDF   : 7.11.41.252     2048 Bytes  06.09.2012 18:33:01
    VBASE009.VDF   : 7.11.41.253     2048 Bytes  06.09.2012 18:33:01
    VBASE010.VDF   : 7.11.41.254     2048 Bytes  06.09.2012 18:33:01
    VBASE011.VDF   : 7.11.41.255     2048 Bytes  06.09.2012 18:33:01
    VBASE012.VDF   : 7.11.42.0       2048 Bytes  06.09.2012 18:33:01
    VBASE013.VDF   : 7.11.42.1       2048 Bytes  06.09.2012 18:33:01
    VBASE014.VDF   : 7.11.42.65    203264 Bytes  09.09.2012 18:32:34
    VBASE015.VDF   : 7.11.42.125   156672 Bytes  11.09.2012 18:32:35
    VBASE016.VDF   : 7.11.42.171   187904 Bytes  12.09.2012 18:32:37
    VBASE017.VDF   : 7.11.42.235   141312 Bytes  13.09.2012 19:39:53
    VBASE018.VDF   : 7.11.43.35    133632 Bytes  15.09.2012 19:39:54
    VBASE019.VDF   : 7.11.43.89    129024 Bytes  18.09.2012 19:39:58
    VBASE020.VDF   : 7.11.43.141   130560 Bytes  19.09.2012 19:40:16
    VBASE021.VDF   : 7.11.43.187   121856 Bytes  21.09.2012 19:39:55
    VBASE022.VDF   : 7.11.43.188     2048 Bytes  21.09.2012 19:39:55
    VBASE023.VDF   : 7.11.43.189     2048 Bytes  21.09.2012 19:39:55
    VBASE024.VDF   : 7.11.43.190     2048 Bytes  21.09.2012 19:39:55
    VBASE025.VDF   : 7.11.43.191     2048 Bytes  21.09.2012 19:39:55
    VBASE026.VDF   : 7.11.43.192     2048 Bytes  21.09.2012 19:39:55
    VBASE027.VDF   : 7.11.43.193     2048 Bytes  21.09.2012 19:39:55
    VBASE028.VDF   : 7.11.43.194     2048 Bytes  21.09.2012 19:39:55
    VBASE029.VDF   : 7.11.43.195     2048 Bytes  21.09.2012 19:39:56
    VBASE030.VDF   : 7.11.43.196     2048 Bytes  21.09.2012 19:39:56
    VBASE031.VDF   : 7.11.43.228    93696 Bytes  22.09.2012 19:39:56
    Engineversion  : 8.2.10.164
    AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 16:58:05
    AESCRIPT.DLL   : 8.1.4.54      459131 Bytes  18.09.2012 19:40:17
    AESCN.DLL      : 8.1.8.2       131444 Bytes  02.02.2012 22:12:37
    AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 17:08:36
    AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
    AEPACK.DLL     : 8.3.0.36      811382 Bytes  17.09.2012 19:40:01
    AEOFFICE.DLL   : 8.1.2.42      201083 Bytes  19.07.2012 16:58:10
    AEHEUR.DLL     : 8.1.4.100    5280120 Bytes  17.09.2012 19:40:01
    AEHELP.DLL     : 8.1.23.2      258422 Bytes  01.07.2012 11:05:04
    AEGEN.DLL      : 8.1.5.36      434549 Bytes  24.08.2012 18:32:34
    AEEXP.DLL      : 8.1.0.86       90484 Bytes  07.09.2012 18:33:08
    AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 16:58:03
    AECORE.DLL     : 8.1.27.4      201078 Bytes  07.08.2012 18:32:28
    AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
    AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
    AVPREF.DLL     : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
    AVREP.DLL      : 12.3.0.15     179208 Bytes  09.05.2012 04:42:13
    AVARKT.DLL     : 12.1.0.23     209360 Bytes  15.02.2012 22:11:58
    AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  15.12.2011 13:59:37
    SQLITE3.DLL    : 3.7.0.0       398288 Bytes  15.12.2011 13:59:50
    AVSMTP.DLL     : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
    NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
    RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
    RCTEXT.DLL     : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59
    
    Konfiguration für den aktuellen Suchlauf:
    Job Name..............................: Vollständige Systemprüfung
    Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
    Protokollierung.......................: standard
    Primäre Aktion........................: interaktiv
    Sekundäre Aktion......................: ignorieren
    Durchsuche Masterbootsektoren.........: ein
    Durchsuche Bootsektoren...............: ein
    Bootsektoren..........................: C:, D:, 
    Durchsuche aktive Programme...........: ein
    Laufende Programme erweitert..........: ein
    Durchsuche Registrierung..............: ein
    Suche nach Rootkits...................: ein
    Integritätsprüfung von Systemdateien..: aus
    Optimierter Suchlauf..................: ein
    Datei Suchmodus.......................: Alle Dateien
    Durchsuche Archive....................: ein
    Rekursionstiefe einschränken..........: 20
    Archiv Smart Extensions...............: ein
    Makrovirenheuristik...................: ein
    Dateiheuristik........................: erweitert
    
    Beginn des Suchlaufs: Sonntag, 23. September 2012  08:48
    
    Der Suchlauf über die Masterbootsektoren wird begonnen:
    Masterbootsektor HD0
        [INFO]      Es wurde kein Virus gefunden!
    Masterbootsektor HD1
        [INFO]      Es wurde kein Virus gefunden!
    Masterbootsektor HD2
        [INFO]      Es wurde kein Virus gefunden!
    Masterbootsektor HD3
        [INFO]      Es wurde kein Virus gefunden!
    Masterbootsektor HD4
        [INFO]      Es wurde kein Virus gefunden!
    
    Der Suchlauf über die Bootsektoren wird begonnen:
    Bootsektor 'C:\'
        [INFO]      Es wurde kein Virus gefunden!
    Bootsektor 'D:\'
        [INFO]      Es wurde kein Virus gefunden!
    
    Der Suchlauf nach versteckten Objekten wird begonnen.
    Fehler in der ARK Library
    
    Der Suchlauf über gestartete Prozesse wird begonnen:
    Durchsuche Prozess 'avscan.exe' - '75' Modul(e) wurden durchsucht
    Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
    Durchsuche Prozess 'avcenter.exe' - '109' Modul(e) wurden durchsucht
    Durchsuche Prozess 'avgnt.exe' - '65' Modul(e) wurden durchsucht
    Durchsuche Prozess 'RalinkRegistryWriter.exe' - '25' Modul(e) wurden durchsucht
    Durchsuche Prozess 'PsiService_2.exe' - '18' Modul(e) wurden durchsucht
    Durchsuche Prozess 'PnkBstrB.exe' - '33' Modul(e) wurden durchsucht
    Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
    Durchsuche Prozess 'RaUI.exe' - '59' Modul(e) wurden durchsucht
    Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
    Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
    
    Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
    Die Registry wurde durchsucht ( '2921' Dateien ).
    
    
    Der Suchlauf über die ausgewählten Dateien wird begonnen:
    
    Beginne mit der Suche in 'C:\' <HP>
    C:\Users\Brock\AppData\Local\Temp\hb44lt+G.exe.part
      [WARNUNG]   Die Datei konnte nicht gelesen werden!
    C:\Users\Brock\AppData\Local\Temp\jar_cache1086135786545016418.tmp
      [0] Archivtyp: ZIP
      --> expl5it/Btos.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.LJ
      --> expl5it/gvars.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.BQ
      --> expl5it/MySt1art.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.CM.1
      --> expl5it/Ull.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/2008-5353.AI.1
    C:\Users\Brock\AppData\Local\Temp\jar_cache6252890375092999979.tmp
      [0] Archivtyp: ZIP
      --> Main.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.AL
    C:\Users\Brock\AppData\Local\Temp\ZGI3766.tmp
      [0] Archivtyp: ZIP SFX (self extracting)
      --> Marooned Deluxe/marooned.exe
          [FUND]      Ist das Trojanische Pferd TR/Agent.723431.2
    C:\Users\Brock\AppData\Local\Temp\ZGI8F4F.tmp
      [0] Archivtyp: ZIP SFX (self extracting)
      --> Cake Shop Deluxe/cakeshop.exe
          [FUND]      Ist das Trojanische Pferd TR/Dldr.Agent.twsy
    C:\Users\Brock\AppData\Local\Temp\plugtmp-34\plugin-Ya6lH
      [0] Archivtyp: PDF
      --> pdf_form_1.avp
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pdfka.UR.2
    C:\Users\Brock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\2244a0d8-142c6233
      [0] Archivtyp: ZIP
      --> Update.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
    C:\Users\Brock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\a780286-32dbb362
      [0] Archivtyp: ZIP
      --> Update.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
    C:\Windows\Installer\{4B12CCA9-1E5D-E796-6DFD-B47D4D701CEF}\syshost.exe
      [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    C:\Windows\System32\drivers\67a95380c20a298a.sys
      [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    Beginne mit der Suche in 'D:\' <FACTORY_IMAGE>
    
    Beginne mit der Desinfektion:
    C:\Users\Brock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\a780286-32dbb362
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
      [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55386d3c.qua' verschoben!
    C:\Users\Brock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\2244a0d8-142c6233
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
      [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dab429e.qua' verschoben!
    C:\Users\Brock\AppData\Local\Temp\plugtmp-34\plugin-Ya6lH
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pdfka.UR.2
      [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1fb51828.qua' verschoben!
    C:\Users\Brock\AppData\Local\Temp\ZGI8F4F.tmp
      [FUND]      Ist das Trojanische Pferd TR/Dldr.Agent.twsy
      [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '79f65781.qua' verschoben!
    C:\Users\Brock\AppData\Local\Temp\ZGI3766.tmp
      [FUND]      Ist das Trojanische Pferd TR/Agent.723431.2
      [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3c727abf.qua' verschoben!
    C:\Users\Brock\AppData\Local\Temp\jar_cache6252890375092999979.tmp
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.AL
      [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '431e48b5.qua' verschoben!
    C:\Users\Brock\AppData\Local\Temp\jar_cache1086135786545016418.tmp
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2008-5353.AI.1
      [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0fa664ff.qua' verschoben!
    
    
    Ende des Suchlaufs: Sonntag, 23. September 2012  10:55
    Benötigte Zeit:  2:00:46 Stunde(n)
    
    Der Suchlauf wurde vollständig durchgeführt.
    
      55928 Verzeichnisse wurden überprüft
     1021352 Dateien wurden geprüft
         11 Viren bzw. unerwünschte Programme wurden gefunden
          0 Dateien wurden als verdächtig eingestuft
          0 Dateien wurden gelöscht
          0 Viren bzw. unerwünschte Programme wurden repariert
          7 Dateien wurden in die Quarantäne verschoben
          0 Dateien wurden umbenannt
          2 Dateien konnten nicht durchsucht werden
     1021339 Dateien ohne Befall
       7324 Archive wurden durchsucht
          3 Warnungen
          7 Hinweise
         47 Objekte wurden beim Rootkitscan durchsucht
          0 Versteckte Objekte wurden gefunden
    AntiMalware vor dem Löschen der Funde

    Code:
     
    
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    
    Datenbank Version: v2012.09.07.13
    
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    Brock :: BROCK-PC [Administrator]
    
    23.09.2012 13:40:24
    mbam-log-2012-09-23 (13-40-24).txt
    
    Art des Suchlaufs: Quick-Scan
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 208526
    Laufzeit: 4 Minute(n), 17 Sekunde(n)
    
    Infizierte Speicherprozesse: 1
    c:\windows\installer\{4b12cca9-1e5d-e796-6dfd-b47d4d701cef}\syshost.exe (Backdoor.Agent) -> 2804 -> Löschen bei Neustart.
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Backdoor.Agent) -> Daten: C:\Windows\Installer\{4B12CCA9-1E5D-E796-6DFD-B47D4D701CEF}\syshost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien: 6
    c:\windows\syshost.exe (Trojan.Downloader) -> Löschen bei Neustart.
    c:\users\brock\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
    c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
    c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
    c:\windows\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
    c:\windows\installer\{4b12cca9-1e5d-e796-6dfd-b47d4d701cef}\syshost.exe (Backdoor.Agent) -> Löschen bei Neustart.
    
    (Ende)
    Dann alles nach dem Löschen der Objekte:


    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:04:09, on 23.09.2012
    Platform: Windows Vista SP2 (WinNT 
    
    6.00.1906)
    MSIE: Internet Explorer v7.00 
    
    (7.00.6002.18005)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)
    
    \RALINK\Common\RaUI.exe
    C:\Program Files (x86)\Avira\AntiVir 
    
    Desktop\avgnt.exe
    C:\Adrian\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet 
    
    Explorer\Main,Default_Page_URL = 
    
    http://ie.redirect.hp.com/svs/rdr?
    
    TYPE=3&tp=iehome&locale=de_de&c=84&bd
    
    =Pavilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet 
    
    Explorer\Main,Search Page = 
    
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet 
    
    Explorer\Main,Start Page = 
    
    http://ritterheere.de/index.php?
    
    option=com_ritter&Itemid=2222&page=nachric
    
    hten&karte=1
    R1 - HKLM\Software\Microsoft\Internet 
    
    Explorer\Main,Default_Page_URL = 
    
    http://ie.redirect.hp.com/svs/rdr?
    
    TYPE=3&tp=iehome&locale=de_de&c=84&bd
    
    =Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet 
    
    Explorer\Main,Default_Search_URL = 
    
    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet 
    
    Explorer\Main,Search Page = 
    
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet 
    
    Explorer\Main,Start Page = 
    
    http://ie.redirect.hp.com/svs/rdr?
    
    TYPE=3&tp=iehome&locale=de_de&c=84&bd
    
    =Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet 
    
    Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet 
    
    Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet 
    
    Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: Winamp Search Class - 
    
    {57BCA5FA-5DBB-45a2-B558-
    
    1755C3F6253B} - C:\Program Files (x86)
    
    \Winamp Toolbar\winamptb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - 
    
    {EF99BD32-C1FB-11D2-892F-
    
    0090271D4F88} - C:\PROGRA~2\Yahoo!
    
    \Companion\Installs\cpn\yt.dll (file missing)
    R3 - URLSearchHook: (no name) -  - (no file)
    R3 - URLSearchHook: ICQToolBar - 
    
    {855F3B16-6D32-4fe6-8A56-
    
    BBB695989046} - C:\Program Files (x86)
    
    \ICQ6Toolbar\ICQToolBar.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - 
    
    {02478D38-C3F9-4efb-9B51-
    
    7695ECA05670} - C:\PROGRA~2\Yahoo!
    
    \Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: Adobe PDF Reader - {06849E9F-
    
    C8D7-4D59-B87D-784B7D6BE0B3} - 
    
    C:\Program Files (x86)\Common 
    
    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar Loader - 
    
    {25CEE8EC-5730-41bc-8B58-
    
    22DDC8AB8C20} - C:\Program Files (x86)
    
    \Winamp Toolbar\winamptb.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - 
    
    {761497BB-D6F0-462C-B6EB-
    
    D4DAF1D92D43} - C:\Program Files (x86)
    
    \Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Anmelde-
    
    Hilfsprogramm - {9030D464-4C02-4ABF-
    
    8ECC-5164760863C6} - C:\Program Files 
    
    (x86)\Common Files\Microsoft 
    
    Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - 
    
    {DBC80044-A445-435b-BC74-
    
    9C25C1C588A9} - C:\Program Files (x86)
    
    \Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-
    
    C1FB-11D2-892F-0090271D4F88} - 
    
    C:\PROGRA~2\Yahoo!
    
    \Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: ICQToolBar - {855F3B16-6D32
    
    -4fe6-8A56-BBB695989046} - C:\Program 
    
    Files (x86)\ICQ6Toolbar\ICQToolBar.dll
    O3 - Toolbar: Sammelfreund.Toolbar - 
    
    {01708BC3-6BDC-47fc-98FD-
    
    27875CF91138} - mscoree.dll (file missing)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-
    
    9094-4c5a-858B-BB198F3D8DE2} - 
    
    C:\Program Files (x86)\Winamp 
    
    Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program 
    
    Files (x86)\ATI Technologies\ATI.ACE\Core-
    
    Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files 
    
    (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Google Update] 
    
    "C:\Users\Brock\AppData\Local\Google\Update
    
    \GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %
    
    ProgramFiles%\Windows Sidebar\Sidebar.exe 
    
    /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: 
    
    [WindowsWelcomeCenter] rundll32.exe 
    
    oobefldr.dll,ShowWelcomeCenter (User 
    
    'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %
    
    ProgramFiles%\Windows Sidebar\Sidebar.exe 
    
    /detectMem (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: 
    
    [4E3E0230AEBB4E96] 
    
    C:\Recycle.Bin\Recycle.Bin.exe (User 
    
    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: 
    
    [4E3E0230AEBB4E96] 
    
    C:\Recycle.Bin\Recycle.Bin.exe (User 'Default 
    
    user')
    O4 - Global Startup: Hama Wireless LAN 
    
    Utility.lnk = C:\Program Files (x86)
    
    \Hama\Common\RaUI.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk 
    
    = C:\Program Files (x86)
    
    \RALINK\Common\RaUI.exe
    O8 - Extra context menu item: &Winamp Search 
    
    - C:\ProgramData\Winamp 
    
    Toolbar\ieToolbar\resources\en-
    
    US\local\search.html
    O8 - Extra context menu item: Free YouTube to 
    
    Mp3 Converter - 
    
    C:\Users\Brock\AppData\Roaming\DVDVideoS
    
    oftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Nach Microsoft 
    
    E&xel exportieren - res://C:\PROGRA~2
    
    \MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: An OneNote senden - 
    
    {2670000A-7350-4f3c-8081-5663EE0C6C49} 
    
    - C:\PROGRA~2\MICROS~2\Office12
    
    \ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote 
    
    s&enden - {2670000A-7350-4f3c-8081-
    
    5663EE0C6C49} - C:\PROGRA~2
    
    \MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-
    
    18CC-41C8-B9BE-3C9C571A8263} - 
    
    C:\PROGRA~2\MICROS~2\Office12
    
    \REFIEBAR.DLL
    O9 - Extra button: ICQ6 - {E59EB121-F339-
    
    4851-A3BA-FE49C35617C2} - C:\Program 
    
    Files (x86)\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - 
    
    {E59EB121-F339-4851-A3BA-
    
    FE49C35617C2} - C:\Program Files (x86)
    
    \ICQ6.5\ICQ.exe
    O13 - Gopher Prefix: 
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-
    
    B2CCF06D9A1B} (Zylom Games Player) - 
    
    http://game.zylom.com/activex/zylomgamesplay
    
    er.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-
    
    1ACFD5599AB8} (Oberon Flash Game Host) - 
    
    http://tonline.oberon-
    
    media.com/Gameshell/GameHost/1.0/OberonGa
    
    meHost.cab
    O23 - Service: @%SystemRoot%\system32
    
    \Alg.exe,-112 (ALG) - Unknown owner - 
    
    C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - 
    
    Unknown owner - C:\Windows\system32
    
    \atiesrxx.exe (file missing)
    O23 - Service: Avira Planer 
    
    (AntiVirSchedulerService) - Avira Operations 
    
    GmbH & Co. KG - C:\Program Files (x86)
    
    \Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Echtzeit Scanner 
    
    (AntiVirService) - Avira Operations GmbH & 
    
    Co. KG - C:\Program Files (x86)\Avira\AntiVir 
    
    Desktop\avguard.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - 
    
    Unknown owner - C:\Windows\system32
    
    \DFSR.exe (file missing)
    O23 - Service: GameConsoleService - 
    
    WildTangent, Inc. - C:\Program Files (x86)\HP 
    
    Games\My HP Game 
    
    Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) 
    
    (gupdate) - Google Inc. - C:\Program Files 
    
    (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-Dienst 
    
    (gupdatem) (gupdatem) - Google Inc. - 
    
    C:\Program Files (x86)
    
    \Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager 
    
    (IDriverT) - Macrovision Corporation - 
    
    C:\Program Files (x86)\Common 
    
    Files\InstallShield\Driver\11\Intel 32
    
    \IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - 
    
    Unknown owner - C:\Windows\system32
    
    \lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes 
    
    Corporation - C:\Program Files (x86)
    
    \Malwarebytes' Anti-
    
    Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes 
    
    Corporation - C:\Program Files (x86)
    
    \Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service 
    
    (MozillaMaintenance) - Mozilla Foundation - 
    
    C:\Program Files (x86)\Mozilla Maintenance 
    
    Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - 
    
    Unknown owner - C:\Windows\System32
    
    \msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    
    \netlogon.dll,-102 (Netlogon) - Unknown owner 
    
    - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - 
    
    C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - 
    
    C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32
    
    \psbase.dll,-300 (ProtectedStorage) - Unknown 
    
    owner - C:\Windows\system32\lsass.exe (file 
    
    missing)
    O23 - Service: Protexis Licensing V2 
    
    (PSI_SVC_2) - Protexis Inc. - c:\Program Files 
    
    (x86)\Common Files\Protexis\License 
    
    Service\PsiService_2.exe
    O23 - Service: Ralink Registry Writer 
    
    (RalinkRegistryWriter) - Ralink Technology, 
    
    Corp. - C:\Program Files (x86)
    
    \Hama\Common\RalinkRegistryWriter.exe
    O23 - Service: @%systemroot%\system32
    
    \Locator.exe,-2 (RpcLocator) - Unknown owner 
    
    - C:\Windows\system32\locator.exe (file 
    
    missing)
    O23 - Service: @%SystemRoot%\system32
    
    \samsrv.dll,-1 (SamSs) - Unknown owner - 
    
    C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32
    
    \SLsvc.exe,-101 (slsvc) - Unknown owner - 
    
    C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32
    
    \snmptrap.exe,-3 (SNMPTRAP) - Unknown 
    
    owner - C:\Windows\System32\snmptrap.exe 
    
    (file missing)
    O23 - Service: @%systemroot%\system32
    
    \spoolsv.exe,-1 (Spooler) - Unknown owner - 
    
    C:\Windows\System32\spoolsv.exe (file 
    
    missing)
    O23 - Service: @%SystemRoot%\system32
    
    \ui0detect.exe,-101 (UI0Detect) - Unknown 
    
    owner - C:\Windows\system32\UI0Detect.exe 
    
    (file missing)
    O23 - Service: @%SystemRoot%\system32
    
    \vds.exe,-100 (vds) - Unknown owner - 
    
    C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32
    
    \vssvc.exe,-102 (VSS) - Unknown owner - 
    
    C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32
    
    \wbem\wmiapsrv.exe,-110 (wmiApSrv) - 
    
    Unknown owner - C:\Windows\system32
    
    \wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows 
    
    Media Player\wmpnetwk.exe,-101 
    
    (WMPNetworkSvc) - Unknown owner - 
    
    C:\Program Files (x86)\Windows Media 
    
    Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 9613 bytes
    Sophos Anti-Rootkit (direkt im Anschluss):

    "No hidden items found by scan."

    OTL direkt im Anschluss
    Code:
    OTL logfile created on: 23.09.2012 20:06:35 - Run 1
    OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\Brock\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,27% Memory free
    8,21 Gb Paging File | 6,57 Gb Available in Paging File | 80,06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582,63 Gb Total Space | 394,26 Gb Free Space | 67,67% Space Free | Partition Type: NTFS
    Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
     
    Computer Name: BROCK-PC | User Name: Brock | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2012.09.23 20:06:05 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Brock\Desktop\OTL.exe
    PRC - [2012.09.08 00:11:13 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011.05.12 14:06:46 | 000,437,272 | ---- | M] (Sophos Group) -- C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe
    PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009.05.22 23:08:41 | 000,189,768 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
    PRC - [2009.03.03 00:18:30 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RalinkRegistryWriter.exe
    PRC - [2007.10.17 16:02:50 | 001,040,384 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\RALINK\Common\RaUI.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2012.09.08 00:11:13 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2012.09.08 00:11:13 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009.06.11 15:05:40 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009.05.22 23:08:41 | 000,189,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
    SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009.03.03 00:18:30 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
    SRV - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
    SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012.02.16 00:12:00 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Unknown] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\B3B7.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009.08.03 10:22:58 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
    DRV:64bit: - [2009.03.20 11:01:30 | 000,157,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
    DRV:64bit: - [2009.03.20 11:01:30 | 000,116,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus)
    DRV:64bit: - [2009.03.20 11:01:30 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
    DRV:64bit: - [2008.07.31 13:27:00 | 000,792,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2007.09.24 12:08:52 | 000,575,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
    DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2007.05.02 12:11:14 | 000,145,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm)
    DRV:64bit: - [2007.05.02 12:11:14 | 000,108,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus)
    DRV:64bit: - [2007.05.02 12:11:14 | 000,019,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2009.08.03 10:22:58 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
    DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F137222E-6DE9-44E9-8EF2-CC5A8D3833BB}
    IE:64bit: - HKLM\..\SearchScopes\{D6E4D59A-E5FE-4C8D-8347-B99B76E656E5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
    IE:64bit: - HKLM\..\SearchScopes\{F137222E-6DE9-44E9-8EF2-CC5A8D3833BB}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{D6E4D59A-E5FE-4C8D-8347-B99B76E656E5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
    IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    IE - HKLM\..\SearchScopes\{F137222E-6DE9-44E9-8EF2-CC5A8D3833BB}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ritterheere.de/index.php?option=com_ritter&Itemid=2222&page=nachrichten&karte=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook:  - No CLSID value found
    IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
    IE - HKCU\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
    IE - HKCU\..\SearchScopes\{D6E4D59A-E5FE-4C8D-8347-B99B76E656E5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
    IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    IE - HKCU\..\SearchScopes\{F137222E-6DE9-44E9-8EF2-CC5A8D3833BB}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.startup.homepage: "http://www.google.de/webhp?hl=de"
    FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
    FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brock\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brock\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 00:11:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 00:11:10 | 000,000,000 | ---D | M]
     
    [2009.10.24 11:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brock\AppData\Roaming\mozilla\Extensions
    [2012.08.22 06:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brock\AppData\Roaming\mozilla\Firefox\Profiles\c2wk2csy.default\extensions
    [2010.08.15 18:56:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Brock\AppData\Roaming\mozilla\Firefox\Profiles\c2wk2csy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012.08.22 06:03:30 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Brock\AppData\Roaming\mozilla\Firefox\Profiles\c2wk2csy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
    [2012.08.12 21:22:36 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Brock\AppData\Roaming\mozilla\firefox\profiles\c2wk2csy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2012.09.08 00:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.09.08 00:11:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012.04.05 01:25:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2009.10.26 16:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
    [2012.08.11 22:55:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.08.29 21:01:28 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012.08.11 22:55:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2012.08.11 22:55:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2012.08.11 22:55:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2012.08.11 22:55:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.ritterheere.de/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.ritterheere.de/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Brock\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brock\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brock\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brock\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Brock\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google-Suche = C:\Users\Brock\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Mail = C:\Users\Brock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: ::1             localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll File not found
    O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {01708BC3-6BDC-47fc-98FD-27875CF91138} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [NPSStartup]  File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Brock\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found
    O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Brock\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found
    O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://tonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E8D705C-0DF8-400F-8FA9-4E25A6BD4F12}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC10A3B-9EC8-4545-A928-66AF6F85EB56}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A615081A-DB1C-42C8-8B6A-0E4FEC46738B}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Brock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Brock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012.09.23 20:06:09 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Brock\Desktop\OTL.exe
    [2012.09.23 20:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    [2012.09.23 20:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2012.09.23 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\Brock\Desktop\antirootkit
    [2012.09.23 19:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2012.09.23 19:01:34 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brock\Desktop\HJTInstall.exe
    [2012.09.23 13:47:49 | 000,000,000 | ---D | C] -- C:\Users\Brock\Desktop\NicoleSpiele
    [2012.09.19 20:55:05 | 000,000,000 | ---D | C] -- C:\Users\Brock\Documents\8floor
    [2012.09.19 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mahjong World Contest
    [2012.09.19 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mahjong World Contest
    [2012.09.19 20:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mahjong World Contest
    [2012.09.19 15:11:46 | 000,000,000 | ---D | C] -- C:\Users\Brock\Desktop\Opa Franz 70 Geburtstag
    [2012.09.17 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Rainbow
    [2012.09.17 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garden Rescue
    [2012.09.17 14:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garden Rescue
    [2012.09.17 14:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garden Rescue
    [2012.09.17 14:00:50 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Island 2 - The Missing Ingredient
    [2012.09.17 14:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Island 2 - The Missing Ingredient
    [2012.09.17 14:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Island 2 - The Missing Ingredient
    [2012.09.12 14:16:11 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\tabagames
    [2012.09.12 14:10:45 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghost Towns - Die Katzen von Ulthar
    [2012.09.12 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghost Towns - Die Katzen von Ulthar
    [2012.09.12 14:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ghost Towns - Die Katzen von Ulthar
    [2012.09.11 09:57:17 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Book of Desires
    [2012.09.11 09:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Desires
    [2012.09.11 09:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Book of Desires
    [2012.09.10 14:08:02 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Das gelobte Land
    [2012.09.10 14:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das gelobte Land
    [2012.09.10 14:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Das gelobte Land
    [2012.09.08 00:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012.09.07 12:10:21 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big City Adventure - Vancouver
    [2012.09.07 12:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Big City Adventure - Vancouver
    [2012.09.07 12:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Big City Adventure - Vancouver
    [2012.09.07 09:15:52 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Life Quest 2 - Metropoville
    [2012.09.07 09:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Quest 2 - Metropoville
    [2012.09.07 09:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Life Quest 2 - Metropoville
    [2012.09.06 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\aliasworlds
    [2012.09.06 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kingdom Chronicles
    [2012.09.06 18:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom Chronicles
    [2012.09.06 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingdom Chronicles
    [2012.09.04 19:21:09 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\bfgallmygodsde
    [2012.09.04 16:44:00 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\All My Gods
    [2012.09.04 16:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All My Gods
    [2012.09.04 16:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\All My Gods
    [2012.09.04 13:41:37 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\KatGames
    [2012.09.04 13:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\KatGames
    [2012.09.04 13:37:47 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Cross Formula
    [2012.09.04 13:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cross Formula
    [2012.09.04 13:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cross Formula
    [2012.09.03 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Fifth Gate
    [2012.09.03 20:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Fifth Gate
    [2012.09.03 20:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Fifth Gate
    [2012.09.03 18:48:16 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon Keeper 2
    [2012.09.03 18:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Keeper 2
    [2012.09.03 18:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Keeper 2
    [2012.08.31 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\8floor
    [2012.08.31 20:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\8floor
    [2012.08.31 19:16:58 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Katy and Bob - Way Back Home
    [2012.08.31 19:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Katy and Bob - Way Back Home
    [2012.08.31 19:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Katy and Bob - Way Back Home
    [2012.08.30 15:09:57 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\DikobrazGames
    [2012.08.30 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Solitaire Mystery - Stolen Power
    [2012.08.30 15:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solitaire Mystery - Stolen Power
    [2012.08.30 15:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solitaire Mystery - Stolen Power
    [2012.08.30 07:24:15 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\HeroCraft
    [2012.08.30 07:23:53 | 000,000,000 | ---D | C] -- C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kampf der Mikroben
    [2012.08.30 07:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kampf der Mikroben
    [2012.08.30 07:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kampf der Mikroben
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012.09.23 20:06:05 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Brock\Desktop\OTL.exe
    [2012.09.23 20:05:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316547092-3653108586-1646899538-1000UA.job
    [2012.09.23 20:03:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.09.23 20:03:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.09.23 19:31:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.09.23 19:03:46 | 000,001,392 | ---- | M] () -- C:\Users\Brock\Desktop\HijackThis.lnk
    [2012.09.23 19:01:28 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brock\Desktop\HJTInstall.exe
    [2012.09.23 18:03:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.09.23 18:03:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.09.23 13:40:11 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.09.23 10:15:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A8414F5-EA03-487B-8E4C-D545EBA6B5BE}.job
    [2012.09.23 09:05:34 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3316547092-3653108586-1646899538-1000Core.job
    [2012.09.19 19:59:39 | 000,013,248 | ---- | M] () -- C:\Users\Brock\Documents\kündigung spaka.odt
    [2012.09.19 15:11:31 | 000,000,485 | ---- | M] () -- C:\Users\Brock\Desktop\SDC12253 - Verknüpfung.lnk
    [2012.09.19 15:11:31 | 000,000,485 | ---- | M] () -- C:\Users\Brock\Desktop\SDC12140 - Verknüpfung.lnk
    [2012.09.19 15:10:16 | 000,082,944 | ---- | M] () -- C:\Users\Brock\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.09.18 21:16:29 | 001,432,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.09.18 21:16:29 | 000,623,042 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.09.18 21:16:29 | 000,591,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.09.18 21:16:29 | 000,125,172 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.09.18 21:16:29 | 000,102,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012.09.03 14:35:10 | 000,085,432 | ---- | M] () -- C:\Windows\SysNative\drivers\67a95380c20a298a.sys
    [2012.08.31 20:28:25 | 000,002,097 | ---- | M] () -- C:\Users\Brock\.recently-used.xbel
    [2012.08.30 19:33:59 | 000,973,418 | ---- | M] () -- C:\Users\Brock\Desktop\V-Kiz1-Antrag.pdf
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012.09.23 19:03:46 | 000,001,392 | ---- | C] () -- C:\Users\Brock\Desktop\HijackThis.lnk
    [2012.09.19 19:59:37 | 000,013,248 | ---- | C] () -- C:\Users\Brock\Documents\kündigung spaka.odt
    [2012.09.19 15:11:31 | 000,000,485 | ---- | C] () -- C:\Users\Brock\Desktop\SDC12253 - Verknüpfung.lnk
    [2012.09.19 15:11:31 | 000,000,485 | ---- | C] () -- C:\Users\Brock\Desktop\SDC12140 - Verknüpfung.lnk
    [2012.09.03 14:35:10 | 000,085,432 | ---- | C] () -- C:\Windows\SysNative\drivers\67a95380c20a298a.sys
    [2012.08.31 20:28:25 | 000,002,097 | ---- | C] () -- C:\Users\Brock\.recently-used.xbel
    [2012.08.30 19:33:59 | 000,973,418 | ---- | C] () -- C:\Users\Brock\Desktop\V-Kiz1-Antrag.pdf
    [2012.03.18 20:33:33 | 000,002,329 | ---- | C] () -- C:\Users\Brock\Safari.lnk
    [2012.02.24 00:14:17 | 000,109,560 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011.12.23 17:46:01 | 000,000,000 | ---- | C] () -- C:\Users\Brock\AppData\Local\{7CDA943F-BDC9-4632-AAD3-35CEA4E438DE}
    [2010.12.23 20:34:21 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
    [2010.08.21 11:17:08 | 000,000,088 | RHS- | C] () -- C:\ProgramData\58DDC73341.sys
    [2010.08.21 11:17:07 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010.04.13 23:48:14 | 000,000,373 | ---- | C] () -- C:\Users\Brock\Dokumente - Verknüpfung.lnk
    [2010.03.29 23:55:07 | 000,000,000 | ---- | C] () -- C:\Users\Brock\autotype.dat
    [2010.03.29 23:27:31 | 000,000,522 | ---- | C] () -- C:\Users\Brock\javacpc.ini
    [2010.03.05 00:10:32 | 000,000,732 | ---- | C] () -- C:\Users\Brock\AppData\Local\d3d9caps64.dat
    [2010.02.01 19:33:00 | 000,000,847 | ---- | C] () -- C:\Users\Brock\AppData\Local\RT3070_{0E8D705C-0DF8-400F-8FA9-4E25A6BD4F12}_sta
    [2010.02.01 19:32:49 | 000,000,842 | ---- | C] () -- C:\Users\Brock\AppData\Local\RT3070_{0E8D705C-0DF8-400F-8FA9-4E25A6BD4F12}_prof
    [2009.11.12 16:12:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
    [2009.10.30 14:13:45 | 000,007,480 | ---- | C] () -- C:\Users\Brock\AppData\Local\slot1.mm1
    [2009.10.01 20:18:56 | 000,000,340 | ---- | C] () -- C:\ProgramData\fillup
    [2009.08.28 22:46:04 | 000,000,034 | ---- | C] () -- C:\Users\Brock\jagex_runescape_preferences.dat
    [2009.06.12 17:07:55 | 000,000,394 | ---- | C] () -- C:\Users\Brock\AppData\Roaming\Sammelfreund.Properties
    [2009.05.12 22:07:18 | 000,004,078 | ---- | C] () -- C:\Users\Brock\AppData\Roaming\wklnhst.dat
    [2009.02.24 07:25:06 | 000,000,680 | ---- | C] () -- C:\Users\Brock\AppData\Local\d3d9caps.dat
    [2009.02.24 07:10:24 | 001,234,120 | ---- | C] () -- C:\Users\Brock\wrar380.exe
    [2009.02.22 21:06:25 | 000,082,944 | ---- | C] () -- C:\Users\Brock\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009.02.22 19:11:16 | 000,000,815 | ---- | C] () -- C:\Users\Brock\AppData\Local\RT73_{2AC10A3B-9EC8-4545-A928-66AF6F85EB56}_sta
    [2009.02.22 19:10:23 | 000,000,812 | ---- | C] () -- C:\Users\Brock\AppData\Local\RT73_{2AC10A3B-9EC8-4545-A928-66AF6F85EB56}_prof
     
    ========== ZeroAccess Check ==========
     
    [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 18:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:49EB0FDC
    @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:A7DA2BCD
    @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:50DD4118
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:DFC3B090
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:52E3B819
    @Alternate Data Stream - 252 bytes -> C:\ProgramData\TEMP:3A4C8FE7
    @Alternate Data Stream - 250 bytes -> C:\ProgramData\TEMP:258D2F8B
    @Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:A6B07419
    @Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:1604D047
    @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:DE465908
    @Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:4C71A42B
    @Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:D987CB43
    @Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:04BB186B
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:DE9AC04F
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:B0A727D1
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:A9223B61
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:8DD36B71
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:7D288858
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:371A321E
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:0EC7A545
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:D4558A0B
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:0BACBDD9
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:014BC3B4
    @Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:7EC01D6D
    @Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:517B507A
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:40EE25BB
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:C0BCE04B
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:9BAC4211
    @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:88A44CC1
    @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:73B78E79
    @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:384AA0FD
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:FAFEC4B9
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:47A24D4B
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:B54E4B5A
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:902C848D
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:7E4E56EA
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:4E79C4F8
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:FC70A22A
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:D0D17155
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:C43C957E
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:8075370B
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:A819A132
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:7E082023
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:48977386
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:3E200C29
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:14362DF8
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:FED25C29
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:AD727397
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:5E73E1C2
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:02F30776
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:69E3AF64
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:A561576B
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:2F8138B7
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:1B389835
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:DE6EED8B
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:4EC7F009
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:490BCC52
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:0E684AC9
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:C9FD258B
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:7CEDF9F3
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:0E22C5DB
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:00811B66
    @Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:AECF4772
    @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:D8F9D810
    @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8CCDAB14
    @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:3E06C78F
    @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:375FC7E7
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:55818279
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:ECFD9449
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:32A82570
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:1ECED34B
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:10D45FC3
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:774A0E14
    @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:FBFC061F
    @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B4980368
    @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:7FCB9D0D
    @Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:26499772
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:70E897B5
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:483AC68A
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:9F50A55A
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:BD9F7E4E
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0D52F295
    @Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:A688EF17
    @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:3766E957
    @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:10D98D98
    @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:45912F61
    @Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:B6DD2C7E
    @Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:8D5A0C4E
    @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:3F403D65
    @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:6A936202
    @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:36608448
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:5A9F1AE5
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:391535F9
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F2327E82
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E6BEADB7
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AB3339EF
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AB82C54F
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:8C81B36D
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:3B07E6F4
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2A874675
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F53B274A
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E690114B
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:AE75CCC8
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A8DFD30C
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A039EDF9
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:56F368C9
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:17F7AEA3
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:178093AE
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:9F3CEEE6
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F0A06891
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:EF5B3572
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:ED9B661E
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEE4A457
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:B65280E9
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A71DCB33
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2B9555D8
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FD786DCA
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FAB64002
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CAC06C34
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9812B773
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:834DD57E
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:769BB147
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:22741C1F
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EE39C93C
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E9900C74
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C3392F75
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7C8AA9A6
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:73461BFA
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5E8C18F1
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4F8B72C9
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:193CB03B
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:152FD00E
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F7FFE8AF
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E8C44CB4
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:94874C0A
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8DD20B4A
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8BFA0030
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4B244549
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E9FAC3AB
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A10E88DE
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:89CF6F9C
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:58E38390
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:25F31665
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:10F6E97E
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E8CB831A
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B790962B
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AE8FDB48
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9D5BB34A
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:79875988
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0CD5F2B8
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:03D08225
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BBF60A29
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AA0017FD
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:571CCF8E
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:55C54F7C
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4B1195DD
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3969ACF7
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:06C34166
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:02B823FE
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:008586AE
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3591DDB
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B139DDF3
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9E05DEB0
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8BE7A048
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7EF55396
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:70BDB805
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5E413CD6
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:596E2371
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:20EB6823
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF3C50F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EA10407C
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C178954A
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ADFAD95A
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:943E8182
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9026FFAC
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6212DF7A
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:61AF2B29
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:587F3582
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4A448DB2
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:32ED8AE7
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:18DEBC51
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0915A718
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:058A7351
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:007D45CF
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:EFF3C3C8
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:ED2D63E4
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D999FFD5
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D0AB0B4A
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9E76E7F3
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8D1CA181
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:803039D6
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6A0A47E7
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:488F7244
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:479B1CF9
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:1B8AA588
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F8F070C2
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F78CC2A2
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EC855C73
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C6D0ABC3
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:AED33A42
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A88BE334
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A8606E6E
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:98CD9221
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:76987FE5
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4C3D5A8B
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2C86E2AD
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EA701346
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E6B6120A
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D9B1EB7E
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B36361EE
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8C12CFCD
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8944C195
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:700B9342
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:51E66512
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F45F3031
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E87AB4E3
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:CE6885F1
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BD34FFC5
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B722BCE5
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7BFAAE70
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6FD26134
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6ED8B881
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55E1514E
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:26A148EB
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1224B4C3
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:07C99568
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E0A09032
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D5E0200E
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B1E64E47
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:551BED5F
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1181620C
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:0860D6D6
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:084612C9
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EC7C9796
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E027789A
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D51F4BAE
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C611D6C8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A18121AD
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:896E1EFF
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7881FECE
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:26FBC1F9
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:13765436
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:03A039A3
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D47B19A6
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D3A82449
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D31BE97C
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:95079543
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:68A41423
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6017A808
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1B47CB83
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0E67073E
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB4262DE
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EC0279DC
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DC21D414
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A0CB43B2
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9BFB769D
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:98982C88
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9857FAE3
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:969C0C96
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:42A3BDD7
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:38E2864F
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:27974442
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:18897B1D
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0DFE2AE1
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EA1919C7
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6D084A5
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BEE39E9B
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BE6DC701
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B96C57D4
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A6D89509
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5335CE76
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:33384BC0
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:28DFF83F
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1B9E79B3
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:114C90CA
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FEEEFFAD
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5FC5DCE
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E21433CE
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BB71BBA2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A851461E
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A42FABF7
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:76A59E49
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6425A235
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4CF76F21
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1B7E2022
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:07CBFAD5
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FB647F34
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F98E6C67
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E4EE99EF
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:61A065F2
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1B3549F2
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F9E46E4C
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E895790F
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E222F217
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DE47A3DA
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5B4686D7
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4DCAC4BC
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:43E95997
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:439E3411
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:41D1C7CB
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3DB6F365
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:28819F45
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1BD02801
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FC60E0F8
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1D818F7
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C0A2E219
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:957E9765
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:72A1B66A
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6423D635
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5FFC2819
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517EFA90
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:43CBFAB2
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:29C0641D
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0ADF7EEE
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:09708CB7
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FECEF728
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC2381A4
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC0A74A1
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E6708F08
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D46ECFD5
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D02FBAEC
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D01ACC06
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C8207070
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BDF08FAF
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD27B7FC
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AEABFEC4
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AE2EA3C2
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9F38BF31
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:98AE08EA
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8AED9359
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:75A76CD8
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:598E0FFA
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:43982D5E
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3086B95F
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BE6B5FC3
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9B285B76
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:90865A6D
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:85A0F6D2
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:56C17A93
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:059167AF
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC8FFA4E
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC2D0F32
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F986CC21
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EEB25EAE
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D576A536
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CB0FEE2B
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CA8D6B60
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C928F3BE
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BD8C785E
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A60D0FA6
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:996104FC
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:93D985FC
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:918B7566
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7BE5BAAB
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6641B59F
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:65137F0D
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63210866
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:538B96B5
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4673E9EA
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:34C443B4
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0DAD93FF
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F5E90ED3
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ECC979BD
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3B5F2D1
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D055FC10
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AE9351E0
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A6CDBCAC
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7B52659E
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7943ACC4
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C4A588B
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4D551822
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:425759C6
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2701988C
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:067F588D
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F52A6209
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2C57161
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2A5A561
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CD6DF7CC
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C74009E5
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B4258C5D
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B3942462
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:927EC486
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:56C66609
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:413E2927
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35C78DCC
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:32FFF2D1
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2C250258
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:237E4B91
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1E5EC928
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FD000392
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1F936DF
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E732B44B
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E411AA0D
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BD8010FE
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A1A86E40
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:663B62CA
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C826C73
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:471AD3D0
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:43AA121F
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:122B409D
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:062AF572
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:054F0F17
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E6EC5C2A
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3C282BEA
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3118E26B
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:13019F4B
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:070D9534
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CFFC9DD0
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9E50C1C9
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6677D85A
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:52E1DB1D
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4A1628E5
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4363DE71
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3571475C
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F35AE645
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:EF794BCD
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DE07152F
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7920E530
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1B927722
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:50636E35
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2AFE7797
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:149327FE
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FBE81670
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F7F6E6CB
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C7F5E798
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9D3C16C7
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:93F3E4C9
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6F1F66C0
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:51F17BB8
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:36A39835
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FE66A7BB
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D9EDE5FA
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CEF2A14E
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3D36932D
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D2397415
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D2032EBB
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BABA07C2
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:91486201
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7AF9CAEB
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:39C7B7C6
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:124B94C0
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DF0BC727
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DAE3649B
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C7B98566
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9AA05701
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:385E2CFD
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2F384CF4
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2F141B68
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2CDB9CA3
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E51234A9
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:90B52091
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2E49FF93
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:EB5BDBB0
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D708EEF9
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D0668210
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C0A9D0E7
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:A3251D01
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6444B424
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:554C6431
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2BC498A4
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:EC5EFA15
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E025AEA1
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B268A25C
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:97C4F81F
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:78E0DF72
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:6BF0805F
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:561B1D2B
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:164FA86E
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:08D8BB20
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B1FBBD09
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:27C3CD07
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:15752405
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BC38C00C
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:848CC150
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:225CD7D5
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E07230CC
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:A0C7D68A
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:6E86D926
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:FDC41D2C
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:67BA17B9
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:6710EF08
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FF9C44FE
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0EB1DE
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:79A70C33
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:ED810E46
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D1713795
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C07A6A6B
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:AC83EA04
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5CE2502D
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:55BB2521
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:46700142
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F7061E5F
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8F067037
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:293ADB24
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1DEE6B65
    
    < End of report >
    OTL-Extras

    Code:
    OTL Extras logfile created on: 23.09.2012 20:06:35 - Run 1
    OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\Brock\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
     
    4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,27% Memory free
    8,21 Gb Paging File | 6,57 Gb Available in Paging File | 80,06% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582,63 Gb Total Space | 394,26 Gb Free Space | 67,67% Space Free | Partition Type: NTFS
    Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
     
    Computer Name: BROCK-PC | User Name: Brock | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
    "VistaSp2" = 8B 26 C6 D4 E3 BB CA 01  [binary data]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{037D0AF7-57EA-47C3-95FF-461F53CB1947}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{0D997ED3-02CD-465B-8009-E51F066E0B00}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{0E54198D-7142-4943-B7A4-DF10F4760A72}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{0F57A5B6-E410-4800-AAD6-78FA137DA4A7}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{159362CE-94D5-4A7C-83E9-F86C834ABA28}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{3D0F4138-571D-47F6-9938-60065178DB4A}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{73671A0F-089B-45E3-AA20-6AF44706D09F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
    "{98E61C7D-B232-4813-BA16-D672CCE7A967}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{9D2DF20F-8403-48DA-9243-DC341C748050}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{B8489075-B6D7-49FA-BBE7-0FC730315395}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{CDAEE270-1B3B-4CEC-A7B5-E822784A2D54}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{EA852A1F-7775-4DE7-85D3-F220C3DA37F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{010F8165-4C94-4AF2-9FD9-AB88913A5584}" = dir=in | name=core networking - system ip core | 
    "{01710999-6D41-4A88-9935-3F608577F8CF}" = dir=in | name=core networking - system ip core | 
    "{0285DC16-1F34-493D-BCDF-8E0EC4E3BB48}" = dir=in | name=core networking - system ip core | 
    "{04C55A89-FBB3-4868-9EE7-8F3446A9C80B}" = dir=out | name=core networking - system ip core | 
    "{0BFBE997-BAEC-46FD-BC37-6E415292FE92}" = dir=in | name=core networking - system ip core | 
    "{0CEF521B-F1C7-46CF-B696-588BC876DD31}" = dir=in | name=core networking - system ip core | 
    "{0ED0562D-AFC6-4E08-B5D4-5C4977C4F34D}" = dir=in | name=core networking - system ip core | 
    "{1265A82F-2AEE-4054-B2AA-1E37F42EBCD7}" = dir=in | name=core networking - system ip core | 
    "{142CF540-DB64-465E-A8C1-9F78FA381836}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
    "{149F880A-B2DF-47E5-9D37-09CBA7D70690}" = protocol=6 | dir=in | app=c:\adrian\shv\sh5.exe | 
    "{154AC670-1B13-4E89-A1BE-C7FC37BD7CA4}" = dir=in | name=core networking - system ip core | 
    "{1555F747-5F3F-47BB-9A9C-6B3AA47BBB67}" = dir=in | name=core networking - system ip core | 
    "{15A38EC4-9B1B-4E32-95D3-B5BA2DB694D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
    "{19010AC7-B42A-4F1A-AC32-0113EDB7E0EC}" = dir=in | name=core networking - system ip core | 
    "{199F7877-503D-4F59-88A1-7904161D74DB}" = dir=out | name=core networking - system ip core | 
    "{1C405AC6-BB4E-4895-B715-18419CC4419F}" = dir=out | name=core networking - system ip core | 
    "{23C98714-FE72-420B-ACAF-ED75AE2AC4D6}" = dir=in | name=core networking - system ip core | 
    "{24328948-EE47-4050-8518-50C8DBF19A84}" = dir=in | name=core networking - system ip core | 
    "{24B54864-DC1E-4988-883A-29662784A062}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
    "{24BDDA3F-3D26-4BDB-BE81-850602D91F94}" = dir=out | name=core networking - system ip core | 
    "{26A3A189-EB86-4F6A-8A95-8C1BBC78E41D}" = dir=out | name=core networking - system ip core | 
    "{2A0D7D5D-03F2-4574-AF9F-9D2439F9D048}" = dir=out | name=core networking - system ip core | 
    "{2AFA4668-A176-4952-920B-8EFA37C34C7F}" = dir=in | name=core networking - system ip core | 
    "{2B1BF67F-9FFF-403D-8EDA-BC8C173CE2F1}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
    "{2B5CF4C8-69BA-43BD-8A4E-E38B5A2717BB}" = protocol=17 | dir=in | app=c:\adrian\shv\sh5.exe | 
    "{2B937193-109E-4A43-BCD2-BEA6653230E4}" = dir=out | name=core networking - system ip core | 
    "{2BF254DF-5E53-4F27-A8F0-A5394B1331AB}" = dir=in | name=core networking - system ip core | 
    "{2E88C9AF-0212-47B1-A042-266150F3D3E3}" = dir=in | name=core networking - system ip core | 
    "{2FE8D4D4-2E21-4C36-A6A9-F53779DA30C0}" = dir=in | name=core networking - system ip core | 
    "{30175429-EC93-4C21-85A3-837153DE16B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{31797C78-0148-4353-8000-4F77D71564AB}" = dir=out | name=core networking - system ip core | 
    "{35913558-5BA8-4EE9-AAC4-E1D2BA10AE92}" = dir=out | name=core networking - system ip core | 
    "{360390B3-A578-491A-B325-FF9EA0E9AB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
    "{384848BF-392B-4043-8178-544E933C8A79}" = dir=in | name=core networking - system ip core | 
    "{38B4057E-8BBA-4672-9428-5ACDB46D33DC}" = protocol=6 | dir=in | app=c:\program files (x86)\wings of prey demo\aces.exe | 
    "{39162ADF-31BA-4CAE-A9E5-53B3BFB0BEC5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{393DAD88-C01A-4F7C-933D-7F9242D2A23F}" = dir=out | name=core networking - system ip core | 
    "{3D53D84E-6579-4277-B02E-DBCD820329FD}" = protocol=17 | dir=in | app=c:\program files (x86)\wings of prey demo\launcher.exe | 
    "{3D8DDE3D-09E4-4841-87A7-EA1260E98EEF}" = dir=in | name=core networking - system ip core | 
    "{40296F75-0729-41DE-9ECC-FAFF2E73622B}" = dir=in | name=core networking - system ip core | 
    "{40781DFE-FFCB-4AA9-AC8F-A35FE4E7A825}" = dir=in | name=core networking - system ip core | 
    "{4915BC49-7F63-4084-8F05-834000B06F62}" = dir=out | name=core networking - system ip core | 
    "{4E64011F-9F9F-4C36-80F0-2983750BA573}" = dir=out | name=core networking - system ip core | 
    "{4ED5B602-C643-4856-A74C-CEA594D10F26}" = dir=in | name=core networking - system ip core | 
    "{4F728F43-EAF1-4968-9B89-4AAA20408E80}" = dir=out | name=core networking - system ip core | 
    "{51AAE88C-BF23-4C31-BE33-5591C92293C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
    "{53BE809E-E1C8-48DC-A3A5-8A08DBA967BC}" = dir=in | name=core networking - system ip core | 
    "{56984951-28DD-4E92-B0B7-22A8DAE82F07}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
    "{57219B7B-4E90-4DD1-96F0-29C43EDE85AB}" = dir=in | name=core networking - system ip core | 
    "{5AFFF55E-9824-4B0F-A637-58CD26135E4F}" = dir=out | name=core networking - system ip core | 
    "{5BCBDCF3-233C-4FF3-8D57-8AA672987BC1}" = dir=in | name=core networking - system ip core | 
    "{5E4D6EBE-1750-45A1-BFD5-2CAAA8E75284}" = dir=in | name=core networking - system ip core | 
    "{620A0FC6-5AE3-45C2-88CE-BFB3C29F0B75}" = dir=in | name=core networking - system ip core | 
    "{62927A10-44FE-46A3-AAF0-8F19BE404F2F}" = dir=out | name=core networking - system ip core | 
    "{63A771E2-ED0C-44A2-BE32-D04DE0379ACF}" = dir=in | name=core networking - system ip core | 
    "{63CD1003-1ECA-4584-9580-72F1F5E7B94A}" = dir=in | name=core networking - system ip core | 
    "{65790571-199B-4623-BD81-CCAD88D2962B}" = dir=out | name=core networking - system ip core | 
    "{67374C6C-BD5C-482F-9B60-DF7211FF7B83}" = dir=out | name=core networking - system ip core | 
    "{68B48B7E-C2C0-425B-8479-225BD8F1224C}" = dir=in | name=core networking - system ip core | 
    "{6CECDFF5-345D-4204-AB2E-D1330EEF951E}" = dir=in | name=core networking - system ip core | 
    "{6DE03F6C-8B9B-4354-8D7D-6738E8378FD5}" = dir=in | name=core networking - system ip core | 
    "{6E98AB17-BE23-4378-9FB9-343F6104BF92}" = dir=out | name=core networking - system ip core | 
    "{71319112-FCA7-4E46-9278-EE7843FAA769}" = dir=out | name=core networking - system ip core | 
    "{71830185-7267-4943-B75E-7898B370FDC7}" = dir=out | name=core networking - system ip core | 
    "{72630929-E58E-4F26-B460-929680CD725E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{7468954A-2863-4D14-9CD6-A1FB21615D4E}" = dir=in | name=core networking - system ip core | 
    "{74C30193-A9A3-4278-BA83-E70B871C79AC}" = dir=out | name=core networking - system ip core | 
    "{769B60DF-6245-467C-A58C-8CF480BECAB8}" = dir=in | name=core networking - system ip core | 
    "{76B6E74B-40C0-448A-A785-A06ED152D0FE}" = dir=in | name=core networking - system ip core | 
    "{77D58A5F-D498-4556-94B5-CFC680C71D27}" = dir=in | name=core networking - system ip core | 
    "{801A790A-8F7C-4C4B-BCFC-96A73555DAD4}" = dir=out | name=core networking - system ip core | 
    "{81915C89-7BB5-4913-B8F3-3B39659B70EC}" = dir=out | name=core networking - system ip core | 
    "{830D9556-8987-4857-80BE-79148359584A}" = dir=in | name=core networking - system ip core | 
    "{8500B009-82E4-4514-92AB-CDF3953C5E20}" = dir=out | name=core networking - system ip core | 
    "{85C0806B-7C6E-4049-84F3-F4430461EB3E}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
    "{877308E8-5041-4E0C-BDE5-A373CD43A2D5}" = dir=in | name=core networking - system ip core | 
    "{8777BDD6-D5A3-484B-9485-8E64A8CAA626}" = dir=out | name=core networking - system ip core | 
    "{88E23692-5AF2-4FEB-8E34-8CC319B6B7B4}" = dir=out | name=core networking - system ip core | 
    "{8E945CDF-03D3-4B1F-B59C-01EAF5457A41}" = dir=in | name=core networking - system ip core | 
    "{8EAB7F4F-09F9-4F41-A904-FBCFEF141447}" = dir=in | name=core networking - system ip core | 
    "{8EB83331-7807-4E2B-AE18-B0A1F1F54809}" = dir=out | name=core networking - system ip core | 
    "{90F14B0D-19FD-49A9-B642-01AF8E70D648}" = dir=in | name=core networking - system ip core | 
    "{98C39E94-E07C-4FCE-B5FE-55E308CBC5AF}" = dir=out | name=core networking - system ip core | 
    "{9A128216-9688-49E2-9F20-FC6B00D1725C}" = dir=out | name=core networking - system ip core | 
    "{9BAF4D6D-E461-4AA4-A5C8-EB665F11EBF6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{9E88A5BC-A4C5-412A-B6AA-5597A6E4C037}" = dir=in | name=core networking - system ip core | 
    "{9F195879-A681-4A62-B9DC-8FB0C32867D5}" = dir=out | name=core networking - system ip core | 
    "{A36AFC45-6230-453A-9B3F-B3BC32E0918C}" = protocol=17 | dir=in | app=c:\program files (x86)\wings of prey demo\aces.exe | 
    "{A505A758-CF0D-41C2-A3ED-E26E7D9EB1E4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
    "{A7D2762D-7DC8-4395-A927-3A2D515A32DF}" = dir=in | name=core networking - system ip core | 
    "{A8C3ACA2-650A-4B67-AFB4-371E0D28C072}" = dir=out | name=core networking - system ip core | 
    "{AA0BCDA3-4DE7-4FCA-AC01-6382DDA4D2E0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
    "{AB0ACBC7-990C-4018-9605-262468E624AA}" = dir=out | name=core networking - system ip core | 
    "{AB9C89AA-33CF-43C0-AFE7-C35FD68AB263}" = dir=in | name=core networking - system ip core | 
    "{ABB53820-A0A1-4ECE-B26F-4F624E7FBD10}" = dir=out | name=core networking - system ip core | 
    "{AFBA5435-1491-4E09-B94E-DB75624D62CE}" = dir=in | name=core networking - system ip core | 
    "{B0521784-F971-44C2-87FD-EA9CD10ECCBD}" = dir=in | name=core networking - system ip core | 
    "{B0D60D53-D72F-49B6-8861-BF4199AA5F48}" = dir=in | name=core networking - system ip core | 
    "{B13128E7-8481-41B2-B81D-96C0366B0998}" = dir=out | name=core networking - system ip core | 
    "{B5357596-43A9-40CC-974D-E102F5FC5DFA}" = dir=out | name=core networking - system ip core | 
    "{B69B23E5-8E69-4C25-A21A-2EC35C6554E4}" = dir=out | name=core networking - system ip core | 
    "{B7536C2B-CE76-46A4-9DE7-9995EAFAAAAE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
    "{B83A5F07-09E9-4C3F-9F15-64B236F64340}" = dir=out | name=core networking - system ip core | 
    "{BBEF68EF-6844-4338-A3D2-86501F58A914}" = dir=out | name=core networking - system ip core | 
    "{BC1C7D69-9D6D-4119-85E4-75684B3B8470}" = dir=out | name=core networking - system ip core | 
    "{BCA22CAF-6F1D-4DD1-98BB-40B6FB9DBE91}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{BF93E0C0-54B1-4E44-BC2B-91CE57D1E471}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
    "{C152E76F-B7BD-4D59-9CB3-0F9454B6D279}" = dir=out | name=core networking - system ip core | 
    "{C16D4938-9CE8-47D4-A921-E37E8A5C2379}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{C2C77207-137E-4E97-8DF7-3E1DEB289E5B}" = dir=out | name=core networking - system ip core | 
    "{C4A19412-49B4-4D60-B018-0E79B6CB2B1C}" = dir=in | name=core networking - system ip core | 
    "{C863E2DF-2C61-449B-8BC6-2C7135BF42A4}" = dir=in | name=core networking - system ip core | 
    "{C9DD295F-BD56-4D33-AB19-BA4E52A0B1AB}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 demo\arma2demo.exe | 
    "{CBA50FD5-7F4E-44B1-ACC9-6F87B8567526}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{CDF5284C-3D27-49F3-8692-C3F8AA19D67F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
    "{D39CF7E0-C25C-4D01-B398-81AA02431EAC}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 demo\arma2demo.exe | 
    "{D47DAE13-1746-49DF-8EE3-139AED3FF12B}" = dir=out | name=core networking - system ip core | 
    "{D8832F9F-1950-4AFF-BB62-04D946E1FE22}" = dir=in | name=core networking - system ip core | 
    "{DA988647-C2AA-47EC-AA58-0729422FEEDB}" = dir=out | name=core networking - system ip core | 
    "{DCB15130-5CDF-4729-894C-B2D29E84CB25}" = dir=in | name=core networking - system ip core | 
    "{DD09D307-9882-4595-8A07-35D8BE279B97}" = dir=out | name=core networking - system ip core | 
    "{DD0FF122-6747-41EC-89F6-9E0D87FE4D27}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{DD501C91-F4B8-4F73-B169-90DD382A8964}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
    "{DEDF6C9F-362C-41C0-819E-D005028B20AC}" = dir=out | name=core networking - system ip core | 
    "{E573DB4D-9D90-480C-8519-2B15BEA9A2CB}" = dir=in | name=core networking - system ip core | 
    "{E6A99B70-B290-438E-9C5F-89D4C9017F70}" = dir=out | name=core networking - system ip core | 
    "{E87B7AAC-9DDE-4C20-BD26-206ADCADB07E}" = dir=out | name=core networking - system ip core | 
    "{EDC225AB-4469-401C-B64D-008EBAA27C29}" = dir=in | name=core networking - system ip core | 
    "{EEDEAF2A-6D28-4E34-9D67-5CA78824DE56}" = dir=out | name=core networking - system ip core | 
    "{EEE5B72C-57F9-4A97-A692-558A4D61989C}" = dir=out | name=core networking - system ip core | 
    "{EF51A99A-17C7-433D-B4BC-329E4F1A1BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\wings of prey demo\launcher.exe | 
    "{F05EB3ED-48F5-4711-AE43-0A4EC0870EF6}" = dir=out | name=core networking - system ip core | 
    "{F17BEC74-6451-48D3-822B-C5EE01E25F46}" = dir=in | name=core networking - system ip core | 
    "{F3D69A10-9DF9-45E8-8411-712D966F2857}" = dir=out | name=core networking - system ip core | 
    "{F5B34AA4-A904-41F2-B61E-CB119AF14399}" = dir=out | name=core networking - system ip core | 
    "{F77BEEB2-2DEC-41A8-B237-834B257D85D9}" = dir=in | name=core networking - system ip core | 
    "{F839FCBA-7B29-4195-968F-8C74896B7A11}" = dir=out | name=core networking - system ip core | 
    "{F9107B40-A77C-4AAC-B6A7-8CAB42550CC8}" = dir=in | name=core networking - system ip core | 
    "{FD29DD90-4B02-4C59-8A60-3BDC2370E54B}" = dir=out | name=core networking - system ip core | 
    "{FD4EACD9-CFD7-440D-9445-4DB3B829E5C4}" = dir=out | name=core networking - system ip core | 
    "{FEAFA722-F724-4629-B7D2-23CA4E5E18DF}" = dir=in | name=core networking - system ip core | 
    "{FEC2C3E2-ACBE-4855-8FC4-EC4BB2A5A72F}" = dir=out | name=core networking - system ip core | 
    "TCP Query User{27F099E3-068A-402E-8888-9AD006FEC364}C:\adrian\battle of britain ii\bob.exe" = protocol=6 | dir=in | app=c:\adrian\battle of britain ii\bob.exe | 
    "TCP Query User{369DB6D2-F0FF-49A9-9C22-37A3FBC16E0D}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
    "TCP Query User{36FA9B40-7FB9-4D17-AB7F-95FAD968D50A}C:\users\brock\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\brock\appdata\local\mediaget2\mediaget.exe | 
    "TCP Query User{5D0333CD-377C-4A98-B076-79CA7DD8C73F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
    "TCP Query User{7C0E02DA-B510-4C5E-BCE4-951A02A42870}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
    "TCP Query User{BBCDEF99-FEE8-4225-97BE-D4014931F831}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
    "TCP Query User{C0858D76-9385-4FB5-92EB-FA0AA6EA7626}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
    "TCP Query User{C2823CCC-9C11-4091-AF0D-4AC095F481CB}C:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe | 
    "TCP Query User{CC6A1F37-6A32-42EE-B23D-B9B57BBF9F95}C:\adrian\brettspiel\vietcong\vietcong.exe" = protocol=6 | dir=in | app=c:\adrian\brettspiel\vietcong\vietcong.exe | 
    "TCP Query User{DC6B781D-99AA-4748-8858-A22C5F71900E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
    "UDP Query User{0DA6B176-47A2-461E-BB7B-044B5E4F44CE}C:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe | 
    "UDP Query User{1CA7E40A-F1DC-4F91-8FF7-F073EE8D4343}C:\adrian\brettspiel\vietcong\vietcong.exe" = protocol=17 | dir=in | app=c:\adrian\brettspiel\vietcong\vietcong.exe | 
    "UDP Query User{1F3F5D72-14C0-487A-9767-F41409AF87F0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
    "UDP Query User{23D20C1A-7746-4F03-9FCB-B737137C85B0}C:\adrian\battle of britain ii\bob.exe" = protocol=17 | dir=in | app=c:\adrian\battle of britain ii\bob.exe | 
    "UDP Query User{3520F8A4-337F-4CB2-982D-A90DEBEF6D1A}C:\users\brock\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\brock\appdata\local\mediaget2\mediaget.exe | 
    "UDP Query User{93E3167C-576D-4172-87CB-6338E6E76097}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
    "UDP Query User{BF32FDBD-B974-40E2-9FCA-2026661639AF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
    "UDP Query User{C4DC1AA4-FF7A-4D54-9C07-570EEEF84C0B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
    "UDP Query User{E030D38F-9802-4E46-9B2A-62B081C6ACC3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
    "UDP Query User{EA0DDE2B-BF78-478B-9469-5F4320B269C5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02A116A8-E559-488C-879C-B212F3EA963A}" = Far Cry (Patch 1.32 AMD64)
    "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
    "{2304A2EE-010B-43EE-90F8-2218FB93244E}" = Far Cry (AMD64 Exclusive Content Update)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{956C3A74-CC73-4951-6FB7-1E484B0ABF85}" = ccc-utility64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
    "HP Photosmart Essential" = HP Photosmart Essential 3.0
    "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NVIDIA Drivers" = NVIDIA Drivers
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
    "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
    "{217254AD-7DC2-8E55-B0AA-DF40293E2568}" = Catalyst Control Center Graphics Full Existing
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{2319A25C-57C8-148A-B89E-963B691F80AB}" = CCC Help Hungarian
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3342BFBF-E680-4C73-ACF1-65760F88CBBA}" = webmiles-Sammelfreund
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{41CE9D26-2DF7-498D-8E16-314507EDEE21}" = Samsung PC Studio 3
    "{462E2065-E54B-4CFD-87A2-BAE82EEFACD1}" = Catalyst Control Center Core Implementation
    "{46D1B803-63C8-B1F7-F803-2CABFF3BADD3}" = CCC Help French
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BBDC0E5-6457-CDB9-F1C4-C79321D448AA}" = CCC Help Portuguese
    "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
    "{54521902-EBDE-4F69-B524-3F2FFBCE357E}" = Lernspaß kompakt Mathe 1
    "{557EDA52-5803-C91F-A0A5-635317063D8D}" = Catalyst Control Center Graphics Full New
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
    "{5A9A2B89-58BC-DFB9-CF7F-1127A26A6D1D}" = CCC Help Spanish
    "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
    "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
    "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
    "{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy
    "{65A7D970-7915-4311-E3CC-08745BDF6A66}" = CCC Help English
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AC06152-AD39-D387-6D3B-2A4D0556F207}" = Catalyst Control Center Graphics Previews Common
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
    "{7222FE15-CEDA-9142-A488-CB4AA559F7F9}" = Catalyst Control Center Graphics Previews Vista
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78D8028B-D2BA-A3B9-2EA8-D30F25E3F87F}" = ccc-core-static
    "{7E06305E-6E2C-EBFA-69E9-782891EF06EF}" = Catalyst Control Center Localization All
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
    "{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
    "{934DE9F7-7498-0FC4-FC6A-166097F218F4}" = CCC Help Italian
    "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
    "{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
    "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
    "{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
    "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
    "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "{B7E797F4-2642-BEF9-055B-13B930C9D665}" = CCC Help German
    "{C139A440-9691-AB3C-8AFB-F8FCAC960014}" = CCC Help Polish
    "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
    "{C3A5A0C9-5DBE-7A06-1285-D00F21E19FCF}" = Catalyst Control Center Graphics Light
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC53FB29-E042-1744-2D35-DE2A100B6210}" = CCC Help Greek
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
    "{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
    "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
    "{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
    "{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
    "{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
    "{f045ec64-ed96-11de-bb6e-56f655d89593}}_is1" = "Wings of Prey Demo" (Unistall)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
    "{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
    "{FE2188AD-BDFA-AC75-F326-86043F06B48F}" = Catalyst Control Center HydraVision Full
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.56 beta
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AliceHilfe 1.0.0.1" = AliceHilfe
    "ArmA2 Demo" = ArmA2 Demo Uninstall
    "Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Battle of Britain II" = Battle of Britain II
    "BFG-All My Gods" = All My Gods
    "BFG-Antique Shop" = Antique Shop
    "BFG-Be a King" = Be a King
    "BFG-Big City Adventure - London Classic" = Big City Adventure: London Classic
    "BFG-Big City Adventure - Vancouver" = Big City Adventure: Vancouver
    "BFG-Burger Island 2 - The Missing Ingredient" = Burger Island 2: The Missing Ingredient
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Campgrounds" = Campgrounds
    "BFG-City of Secrets" = City of Secrets
    "BFG-Das gelobte Land" = Das gelobte Land
    "BFG-Diaper Dash" = Diaper Dash
    "BFG-Dragon Keeper 2" = Dragon Keeper 2
    "BFG-Dream Tale - Die goldenen Schluessel" = Dream Tale: Die goldenen Schlüssel
    "BFG-Echoes of the Past - Das versteinerte Koenigshaus" = Echoes of the Past: Das versteinerte K&ouml;nigshaus
    "BFG-Exzellent, Eure Majestaet" = Exzellent, Eure Majestät
    "BFG-Farm Frenzy" = Farm Frenzy
    "BFG-Farm Frenzy - Frische Fische" = Farm Frenzy: Frische Fische
    "BFG-First Class Flurry" = First Class Flurry
    "BFG-Flux Family Secrets - The Rabbit Hole" = Flux Family Secrets: The Rabbit Hole
    "BFG-Froehlicher Koch" = Fröhlicher Koch
    "BFG-Garden Rescue" = Garden Rescue
    "BFG-Gardenscapes - Mansion Makeover" = Gardenscapes: Mansion Makeover™
    "BFG-Ghost Towns - Die Katzen von Ulthar" = Ghost Towns: Die Katzen von Ulthar
    "BFG-Grim Tales - Die Braut" = Grim Tales: Die Braut
    "BFG-Haunted Halls - Kindheitsaengste" = Haunted Halls: Kindheitsängste
    "BFG-Haunted Legends - Der Bronzene Reiter" = Haunted Legends: Der Bronzene Reiter
    "BFG-Hotdog Hotshot" = Hotdog Hotshot
    "BFG-Island Tribe 3" = Island Tribe 3
    "BFG-Kampf der Mikroben" = Kampf der Mikroben
    "BFG-Katy and Bob - Way Back Home" = Katy and Bob: Way Back Home
    "BFG-Kingdom Chronicles" = Kingdom Chronicles
    "BFG-Life Quest 2 - Metropoville" = Life Quest&reg; 2: Metropoville
    "BFG-Love Story - Das Strandhaus" = Love Story: Das Strandhaus
    "BFG-Mahjong World Contest" = Mahjong World Contest
    "BFG-My Life Story - Abenteuer" = My Life Story: Abenteuer
    "BFG-Mystery Age - Die Dunklen Priester" = Mystery Age: Die Dunklen Priester
    "BFG-Mystery Case Files - 13th Skull" = Mystery Case Files &reg;: 13th Skull ™
    "BFG-Mystery Case Files - Dire Grove Sammleredition" = Mystery Case Files&reg;: Dire Grove™ Sammleredition
    "BFG-Nightmare Realm Sammleredition" = Nightmare Realm Sammleredition
    "BFG-Oddly Enough - Der Rattenfaenger von Hameln" = Oddly Enough: Der Rattenfänger von Hameln
    "BFG-Orczz" = Orczz
    "BFG-Royal Envoy 2" = Royal Envoy 2
    "BFG-Sky Taxi 3 - Der Film" = Sky Taxi 3 - Der Film
    "BFG-Solitaire Mystery - Stolen Power" = Solitaire Mystery: Stolen Power
    "BFG-Spa Mania 2" = Spa Mania 2
    "BFG-Supermarket Management 2" = Supermarket Management 2
    "BFG-The Book of Desires" = The Book of Desires
    "BFG-The Cross Formula" = The Cross Formula
    "BFG-The Fifth Gate" = The Fifth Gate
    "BFG-Turbo Pizza" = Turbo Pizza
    "BFG-TV Farm" = TV Farm
    "BFG-Urban Legends - The Maze" = Urban Legends: The Maze
    "BFG-Wedding Dash - Ready, Aim, Love" = Wedding Dash 3: Ready, Aim, Love
    "BFG-Wedding Salon" = Wedding Salon
    "BFG-World's Greatest Cities Mahjong" = World's Greatest Cities Mahjong
    "Cake Mania - Lights, Camera, Action! Deluxe" = Cake Mania - Lights, Camera, Action! Deluxe
    "Canon MP140 series Benutzerregistrierung" = Canon MP140 series Benutzerregistrierung
    "Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
    "GameSpy Arcade" = GameSpy Arcade
    "Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 1+2" = Grundschule Lernspass mit Hexe Lilli Mathematik Klasse 1+2
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
    "ICQToolbar" = ICQ Toolbar
    "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "Lizenz zum Putten!" = W&G - Lizenz zum Putten!
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator 3.1" = Canon MP Navigator 3.1
    "Oblivion-Schilder-Mod_is1" = Oblivion-Schilder-Mod-v0.5
    "OpenAL" = OpenAL
    "Opera 12.01.1532" = Opera 12.01
    "PC-Doctor for Windows" = Hardware Diagnose Tools
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "ST6UNST #1" = BlueShot 1.1.0
    "Uninstall_is1" = Uninstall 1.0.0.1
    "WildTangent hp Master Uninstall" = HP Games
    "Winamp" = Winamp
    "Winamp Toolbar" = Winamp Toolbar
    "WinGimp-2.0_is1" = GIMP 2.6.8
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WinZip Self-Extractor" = WinZip Self-Extractor
    "WT077812" = Jessicas Cupcake Cafe
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 23.09.2012 07:47:16 | Computer Name = Brock-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 23.09.2012 07:49:25 | Computer Name = Brock-PC | Source = .NET Runtime Optimization Service | ID = 1111
    Description = 
     
    Error - 23.09.2012 07:49:28 | Computer Name = Brock-PC | Source = .NET Runtime Optimization Service | ID = 1111
    Description = 
     
    Error - 23.09.2012 07:55:53 | Computer Name = Brock-PC | Source = Avira Antivirus | ID = 4122
    Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
     0xffffffff
     
    Error - 23.09.2012 12:03:44 | Computer Name = Brock-PC | Source = Avira Antivirus | ID = 4122
    Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden.  Fehlercode:
     0xffffffff
     
    Error - 23.09.2012 12:04:06 | Computer Name = Brock-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 23.09.2012 12:04:58 | Computer Name = Brock-PC | Source = Application Error | ID = 1000
    Description = Fehlerhafte Anwendung RaUI.exe, Version 2.0.4.0, Zeitstempel 0x4715b396,
     fehlerhaftes Modul RaUI.exe, Version 2.0.4.0, Zeitstempel 0x4715b396, Ausnahmecode
     0xc0000005, Fehleroffset 0x00057928,  Prozess-ID 0xbc4, Anwendungsstartzeit 01cd99a509bcbac3.
     
    Error - 23.09.2012 12:06:55 | Computer Name = Brock-PC | Source = .NET Runtime Optimization Service | ID = 1111
    Description = 
     
    Error - 23.09.2012 12:07:08 | Computer Name = Brock-PC | Source = .NET Runtime Optimization Service | ID = 1111
    Description = 
     
    Error - 23.09.2012 12:08:28 | Computer Name = Brock-PC | Source = System Restore | ID = 8209
    Description = 
     
    [ Media Center Events ]
    Error - 13.03.2009 09:10:59 | Computer Name = Brock-PC | Source = Media Center Guide | ID = 0
    Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
     GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide
    
     
    [ System Events ]
    Error - 23.09.2012 14:04:42 | Computer Name = Brock-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 23.09.2012 14:04:43 | Computer Name = Brock-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 23.09.2012 14:04:43 | Computer Name = Brock-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 23.09.2012 14:04:43 | Computer Name = Brock-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 23.09.2012 14:04:44 | Computer Name = Brock-PC | Source = Service Control Manager | ID = 7000
    Description = 
     
    Error - 23.09.2012 14:04:42 | Computer Name = Brock-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\B3B7.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 23.09.2012 14:04:43 | Computer Name = Brock-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\B3B7.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 23.09.2012 14:04:43 | Computer Name = Brock-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\B3B7.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 23.09.2012 14:04:43 | Computer Name = Brock-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\B3B7.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
    Error - 23.09.2012 14:04:44 | Computer Name = Brock-PC | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\B3B7.tmp
     nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
     des Treibers zu erhalten.
     
     
    < End of report >
    Ein letzter Komplettscan eben (1, 5 Stunden) ergab keine infizierten Objekte:

    Code:
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    
    Datenbank Version: v2012.09.23.02
    
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 7.0.6002.18005
    Brock :: BROCK-PC [Administrator]
    
    23.09.2012 20:45:55
    mbam-log-2012-09-23 (20-45-55).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 606692
    Laufzeit: 1 Stunde(n), 31 Minute(n), 18 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien: 0
    (Keine bösartigen Objekte gefunden)
    
    (Ende)

    Ich nutze Mozilla Firefox, IE 7, Safari, Google Chrome, Opera

    Das System funktioniert normal, bis auf die o.g. Probleme. Ich weiß nun nicht was tun, bzw. ob eine gefährdung (welcher Art?) vorliegt?


    Lieben Gruß
    Geändert von Felixander (23.09.2012 um 22:41 Uhr)

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.755

    AW: Vista WindowsUpdate/Systemwiderherstellung/AViraEchtzeitscan funktionieren nicht

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** , und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten, anderenfalls können unerwünschte Effekte auftreten.
    ► Falls unvorhersehbare Probleme auftreten sollten, bitte stoppen und um sofortige Rückmeldung! Bis auf weiteres (ohne Abspräche) keine eigenen Aktivitäten vornehmen!

    Kein PN, alle Mitteilungen in deinem Thread!

    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

    1.
    TDSSKiller von Kaspersky

    Wichtig:
    • Deinstalliere über Systemsteuerung => Software/Programme vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche, da sie bei der Rootkit-Suche das Ergebnis verfälschen können.

    • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.

    • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).

    • Starte die TDSSKiller.exe durch Doppelklick.
    • Vista- und Windows7-User mit Rechtsklick und als Administrator starten.



    • Klicke auf Start Scan, um den Suchlauf zu starten.

    • In den Settings die Additional options nicht anhaken und mit Ok bestätigen.




    • Klicke erneut auf Start Scan, um den Suchlauf zu starten.

    • Sollte TDSSKiller Funde machen, wird das Tool fragen, was damit zu tun ist.
      In diesem Fall wähle cure, was soviel wie desinfizieren bedeutet.

    • Bei Funden nach Beendigung des Scans das System neu starten.
      Beim Hochfahren des Systems werden die Funde dann bereinigt und/oder gelöscht.

    • Den Bericht erhälst Du durch Klick auf Report rechts oben. Bitte hier in den Thread posten.
      Da nur der letzte Report unter C:\TDSSKiller<random>.txt gespeichert wird, ggfs. ältere Berichte unter einem anderen Namen speichern.

    Hier findest Du eine ausführlichere Anleitung

    2.
    erneut einen Systemscan mit OTL

    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häkchen bei LOP- und Purity-Prüfung
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    3.
    Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]

    Wie es geht:-> Logfiles in Code-Tags setzen
    gruß
    kira
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Updates funktionieren nicht mehr
    Von Seestern im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 25.06.2010, 08:39
  2. Updates funktionieren nicht mehr!
    Von mak2xkingk im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 22.06.2010, 23:22
  3. Suchmaschinen funktionieren nicht mehr
    Von yabe im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 05.06.2010, 12:03
  4. Updates funktionieren nicht mehr
    Von Styles P im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 04.07.2008, 15:00
  5. Suchmaschinen funktionieren nicht mehr
    Von johndt im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 14.05.2008, 07:20

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •