Keylogger(Acc gehackt)

bananalolly · 22.02.2010, 14:46

Guten tag,
ich habe seit kurzem ein Problem und zwar wurde meine wow(world of warcraft)acc gehackt ich vermute ich habe einen keylogger.Ich habe schon Avira,bitdefender antivirus durch laufen lassen die finden nichts.also entschied ich mich Hijack laufen zu lassen das kamm da raus:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:42, on 12.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\WindowsConfig.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\QIP\qip.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Windows Config] C:\Windows\WindowsConfig.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [GBTUpd] "C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Windows*Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [2.exe] C:\Users\Weltraumaffe\AppData\Local\Temp\
O4 - HKCU\..\Run: [HKCU] C:\Users\Weltraumaffe\AppData\Roaming\Microsoft_H86TZ\server.exe
O4 - HKCU\..\Run: [office] "C:\Windows\system32\rundll32.exe" C:\Users\WELTRA~1\AppData\Local\Temp\mpcor.dll,S
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9272 bytes

Ich habe nicht wirklich viel ahnung von deswegen frage ich zu sicherheit nach vllt kann mir einer helfen.

Danke

cosinus · 22.02.2010, 17:26

Hallo und

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Zitat:

O4 - HKCU\..\Run: [Windows*Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [2.exe] C:\Users\Weltraumaffe\AppData\Local\Temp\
O4 - HKCU\..\Run: [HKCU] C:\Users\Weltraumaffe\AppData\Roaming\Microsoft_H86TZ\server.exe
O4 - HKCU\..\Run: [office] "C:\Windows\system32\rundll32.exe" C:\Users\WELTRA~1\AppData\Local\Temp\mpcor.dll,S

Wenn ich das seh wird mir schlecht

Mach bitte einen Durchgang mit Malwarebytes und poste das Log.

bananalolly · 22.02.2010, 19:18

So danke für den hinweis bin am scanen

bananalolly · 22.02.2010, 19:54

Hoffe das ist das richtige

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3776
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22.02.2010 19:53:45
mbam-log-2010-02-22 (19-53-31).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 431823
Laufzeit: 1 hour(s), 32 minute(s), 39 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Weltraumaffe\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
C:\Users\Weltraumaffe\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\Weltraumaffe\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.

cosinus · 23.02.2010, 23:11

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

bananalolly · 24.02.2010, 17:15

So hier sind sie:
extras.txt

OTL Extras logfile created on: 24.02.2010 17:09:19 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Weltraumaffe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 154,41 Gb Free Space | 63,24% Space Free | Partition Type: NTFS
Drive D: | 687,26 Gb Total Space | 614,84 Gb Free Space | 89,46% Space Free | Partition Type: NTFS
Drive E: | 10,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WELTRAUMAFFE-PC
Current User Name: Weltraumaffe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = E9 19 8E 57 7D 98 CA 01 [binary data]
"VistaSp2" = FC D1 FB F4 22 99 CA 01 [binary data] -- (Microsoft Corporation)

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D515AE0-3996-46F3-A2F1-2CAD4A9ABE63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{24AC7814-0B43-4BC7-B0B7-7D1582D87D9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zero gear\zerogear.bat |
"{43321A3C-6B27-4881-B74F-23E24A87E93B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{506F00EA-FEA8-401A-95E9-E94BC55A2627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{78E51C51-558C-467B-8CC6-8B6D2AF0AB77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zero gear\zerogear.bat |
"{81492D9F-5133-4AB4-9F78-A6BF70ECEA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{8A0EA5E8-84FF-43A9-91C9-E121839CC518}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8C8CBA1D-D023-447A-B4D5-0607FDF3ED30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{909AD7CA-591F-4FF4-B436-307C04E971C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{996934EA-C87F-4AEC-92D6-7AD920BE2CDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{DDD997DE-195D-47AC-A07B-58D5FC47B7DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{ED34D9D6-6745-45CC-A026-FE029089D9B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{33909C7E-ADE0-4311-99FF-70B102044A95}C:\users\weltraumaffe\appdata\local\temp\rar$ex00.698\wowgamecardgen\runtime.exe" = protocol=6 | dir=in | app=c:\users\weltraumaffe\appdata\local\temp\rar$ex00.698\wowgamecardgen\runtime.exe |
"TCP Query User{698D05F2-3FD2-42AF-B071-CE416308BC73}C:\windows\windowsconfig.exe" = protocol=6 | dir=in | app=c:\windows\windowsconfig.exe |
"TCP Query User{760990E0-75A6-452B-9D98-850B48BB1A10}D:\games\2c\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\games\2c\cod2mp_s.exe |
"TCP Query User{92D293B1-BF72-48A3-9993-16C47A00322E}D:\games\1c\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\games\1c\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{B8C9C0D9-C9C0-480D-9CC7-37F136AD024D}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"TCP Query User{BDEEC09E-092A-4D09-BA4C-24AD8C63A7D1}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"UDP Query User{01642A76-7D06-4343-9BCE-BD9CA837977E}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"UDP Query User{358AD9B0-47FB-47AA-A2FC-A8492C92930C}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"UDP Query User{4EAC2767-69D4-44D3-9F0A-63A8C544303E}D:\games\2c\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\games\2c\cod2mp_s.exe |
"UDP Query User{AECC2BD4-84C0-4017-87D9-8D204177FD24}D:\games\1c\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\games\1c\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{D2D61146-214A-4932-8F1A-3AA2009E7C2B}C:\windows\windowsconfig.exe" = protocol=17 | dir=in | app=c:\windows\windowsconfig.exe |
"UDP Query User{F8794471-9DF0-44FF-9E70-5DD88B7B3EF6}C:\users\weltraumaffe\appdata\local\temp\rar$ex00.698\wowgamecardgen\runtime.exe" = protocol=17 | dir=in | app=c:\users\weltraumaffe\appdata\local\temp\rar$ex00.698\wowgamecardgen\runtime.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0ADCC771-E663-00D5-C381-C152F0F4D391}" = ATI AVIVO64 Codecs
"{2729DB28-1CDC-EB41-A806-35D0AA7A8A72}" = ATI Catalyst Install Manager
"{6D3423C7-7F9B-4453-B807-5994A5F39B9D}" = BitDefender Antivirus 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{904977E6-32FF-CBF5-1A45-533967D3A472}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SpeedCommander 11 (x64)" = SpeedCommander 11 (x64)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04C283E4-7FB0-417C-26DD-4AF656A0DECA}" = Catalyst Control Center Graphics Full New
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}" = Nostromo Array Programming Software
"{13C24BBC-F194-C886-C993-93CDA31EF5EE}" = CCC Help Turkish
"{18550D66-9E2F-E996-4374-922CE5136D2B}" = CCC Help English
"{2491C25B-5BDF-139A-20BC-C081DCBF653D}" = CCC Help German
"{2585FE80-3666-B768-93B2-A7585C4BB2B1}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{27A07F33-EADC-8971-6D13-6263D4E90809}" = CCC Help Finnish
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32ABC0EB-8F69-B431-49F5-5C1150E7B7C7}" = Catalyst Control Center Graphics Previews Common
"{39AF8F9C-FAF2-2012-C5A2-8AD0B6DE3B95}" = CCC Help Hungarian
"{3B2A1453-E69E-5F62-AA11-AB09A4E962AD}" = Catalyst Control Center InstallProxy
"{3BCE3FDF-4A7A-FBAC-65B3-F517DF651076}" = CCC Help Swedish
"{46157EFF-B576-CA93-0DE0-41B6B5406432}" = CCC Help Italian
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{5592EAD5-22E8-9AEC-0A8F-19D0EDFD88F0}" = Catalyst Control Center Graphics Light
"{5C62F4FE-E4FB-7193-C1B4-B6A8A557BFDE}" = CCC Help Danish
"{5EA4D0FB-6988-A40B-BC17-10D5F2D70225}" = CCC Help Greek
"{63B3C1C7-CE1A-F2A8-229F-8ED4BE8AF38B}" = Catalyst Control Center Core Implementation
"{6469F22F-63C7-527E-32EE-F8DCB8E711A8}" = CCC Help Spanish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73688255-C643-AFBA-C1AA-8849599838C7}" = CCC Help French
"{80081D11-89C4-F3A5-68D0-024498FBC7BF}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8DD28683-B0FB-3562-8AC1-B3E478E6A3E0}" = CCC Help Polish
"{8F1DA256-8440-A54D-914D-BAE11062F354}" = CCC Help Russian
"{994A45A7-506C-B1A2-C1E4-CE5CA33D3653}" = CCC Help Thai
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A176E83C-9514-A97E-7536-9BDEAC180198}" = CCC Help Norwegian
"{A1BEEC49-4F66-4DCC-8F35-EB6F76C8BC96}" = Call of Duty 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B7988138-1065-5B78-3C8A-98A53EE9EF6D}" = CCC Help Chinese Standard
"{B9A7A351-6C55-697A-8919-9BF7EFED05B3}" = Catalyst Control Center Graphics Full Existing
"{C6B29F03-4D97-3B4E-D906-70958E6B1448}" = HydraVision
"{CA97E53B-2E94-6602-2956-C2D37B91ECE3}" = CCC Help Portuguese
"{CC6E0CC3-0C86-B773-4D82-8188FB91E62E}" = CCC Help Korean
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6421134-78C3-8E9D-1512-5BA1B2088DCF}" = CCC Help Dutch
"{DA9C6CBF-8955-966B-3A87-62AFA677C292}" = CCC Help Czech
"{DB30B278-35EF-2836-B6EC-37639BBBF215}" = Catalyst Control Center HydraVision Full
"{E899BF79-446D-C365-81D7-901D30C58206}" = CCC Help Japanese
"{F08C8A50-8061-2B2A-C0F9-F0715740DE4A}" = Catalyst Control Center Graphics Previews Vista
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE94B77-CBC4-AA4D-676B-1588EFA5C1CE}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"InstallShield_{A1BEEC49-4F66-4DCC-8F35-EB6F76C8BC96}" = Call of Duty 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"OpenAL" = OpenAL
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 18820" = Zero Gear
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"Umschalter_is1" = Gui Umschalter 1.3
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.02.2010 09:42:17 | Computer Name = Weltraumaffe-PC | Source = VSS | ID = 12293
Description =

Error - 12.02.2010 10:00:52 | Computer Name = Weltraumaffe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.8.20081.21709 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: f40 Anfangszeit: 01caabe881ced8f7 Zeitpunkt
der Beendigung: 6

Error - 12.02.2010 11:13:39 | Computer Name = Weltraumaffe-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Windows.old\Users\Denis\AppData\Local\Mozilla\Firefox\Profiles\t4n0rzeo.default\Cache\1918BCE9d01.

[ACCESS_VIOLATION Exception!! EIP = 0x1beab9a] Bitte Avira informieren und die
obige Datei übersenden!

Error - 13.02.2010 00:24:52 | Computer Name = Weltraumaffe-PC | Source = Google Update | ID = 20
Description =

Error - 13.02.2010 01:24:52 | Computer Name = Weltraumaffe-PC | Source = Google Update | ID = 20
Description =

Error - 13.02.2010 02:24:52 | Computer Name = Weltraumaffe-PC | Source = Google Update | ID = 20
Description =

Error - 14.02.2010 17:51:42 | Computer Name = Weltraumaffe-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode:

Error - 20.02.2010 23:24:52 | Computer Name = Weltraumaffe-PC | Source = Google Update | ID = 20
Description =

Error - 21.02.2010 00:24:52 | Computer Name = Weltraumaffe-PC | Source = Google Update | ID = 20
Description =

Error - 22.02.2010 14:29:42 | Computer Name = Weltraumaffe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ts3client_win32.exe, Version 1.0.0.0, Zeitstempel
0x4b6fe06b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x1fb13940, Prozess-ID 0x12a4, Anwendungsstartzeit
01cab3cdf420b6e6.

[ System Events ]
Error - 18.01.2010 11:14:49 | Computer Name = Weltraumaffe-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 18.01.2010 11:16:36 | Computer Name = Weltraumaffe-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 18.01.2010 15:43:49 | Computer Name = Weltraumaffe-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 18.01.2010 15:47:13 | Computer Name = Weltraumaffe-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 18.01.2010 15:48:40 | Computer Name = Weltraumaffe-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 18.01.2010 15:54:39 | Computer Name = Weltraumaffe-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error - 18.01.2010 16:16:34 | Computer Name = Weltraumaffe-PC | Source = DCOM | ID = 10010
Description =

Error - 18.01.2010 16:30:03 | Computer Name = Weltraumaffe-PC | Source = HTTP | ID = 15016
Description =

Error - 18.01.2010 16:32:30 | Computer Name = Weltraumaffe-PC | Source = Microsoft-Windows-Eventlog | ID = 30
Description =

Error - 18.01.2010 16:32:39 | Computer Name = Weltraumaffe-PC | Source = Microsoft-Windows-Eventlog | ID = 30
Description =

< End of report >

OTL.txt

OTL logfile created on: 24.02.2010 17:09:19 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Weltraumaffe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 154,41 Gb Free Space | 63,24% Space Free | Partition Type: NTFS
Drive D: | 687,26 Gb Total Space | 614,84 Gb Free Space | 89,46% Space Free | Partition Type: NTFS
Drive E: | 10,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WELTRAUMAFFE-PC
Current User Name: Weltraumaffe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Weltraumaffe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Games\World of Warcraft\Wow.exe (Blizzard Entertainment)
PRC - C:\Windows\WindowsConfig.exe ()
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\n52te\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Weltraumaffe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (a2free) -- C:\Program Files (x86)\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (BDFM) -- C:\Windows\SysNative\DRIVERS\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (ahcix64) -- C:\Windows\SysNative\drivers\ahcix64.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\DRIVERS\vhidmini.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (JmtFltr) -- C:\Windows\SysNative\drivers\JmtFltr.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (bdftdif) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.02.12 14:31:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.02.20 13:10:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.02.20 13:10:46 | 000,000,000 | ---D | M]

[2010.02.14 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\Weltraumaffe\AppData\Roaming\mozilla\Extensions
[2010.02.23 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Weltraumaffe\AppData\Roaming\mozilla\Firefox\Profiles\2h5wtfek.default\extensions
[2010.02.20 22:27:45 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Weltraumaffe\AppData\Roaming\mozilla\Firefox\Profiles\2h5wtfek.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.02.12 14:37:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Weltraumaffe\AppData\Roaming\mozilla\Firefox\Profiles\2h5wtfek.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.13 10:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Weltraumaffe\AppData\Roaming\mozilla\Firefox\Profiles\2h5wtfek.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.01.20 12:14:16 | 000,000,917 | ---- | M] () -- C:\Users\Weltraumaffe\AppData\Roaming\Mozilla\FireFox\Profiles\2h5wtfek.default\searchplugins\conduit.xml
[2010.01.17 10:46:11 | 000,002,272 | ---- | M] () -- C:\Users\Weltraumaffe\AppData\Roaming\Mozilla\FireFox\Profiles\2h5wtfek.default\searchplugins\google-und-download-suche.xml
[2010.02.08 16:52:38 | 000,002,061 | ---- | M] () -- C:\Users\Weltraumaffe\AppData\Roaming\Mozilla\FireFox\Profiles\2h5wtfek.default\searchplugins\qipsearch.xml
[2010.02.12 09:18:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.14 13:35:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\talkback@mozilla.org

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Microsoft Windows Config] C:\Windows\WindowsConfig.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe (PreRun)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.16 03:05:00 | 000,000,062 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.24 17:06:18 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Weltraumaffe\Desktop\OTL.exe
[2010.02.22 22:27:35 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Local\Conduit
[2010.02.22 22:27:34 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Local\XfireXO
[2010.02.22 18:19:33 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\Malwarebytes
[2010.02.22 18:19:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.22 18:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.22 18:19:27 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.22 18:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.20 22:41:11 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\Documents\DVDVideoSoft
[2010.02.20 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.02.20 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.02.20 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XfireXO
[2010.02.20 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010.02.20 22:27:35 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\Xfire
[2010.02.20 22:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010.02.20 22:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2010.02.19 22:25:26 | 000,019,200 | ---- | C] (Motorola) -- C:\Windows\SysWow64\drivers\USBICP.sys
[2010.02.19 22:25:22 | 000,013,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\vhidmini.sys
[2010.02.19 22:25:17 | 000,049,152 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\Jomantha.cpl
[2010.02.19 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\n52te
[2010.02.19 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\InstallShield
[2010.02.12 21:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.02.12 14:30:59 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\BitDefender
[2010.02.12 14:30:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender
[2010.02.12 14:30:59 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender
[2010.02.12 14:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.02.12 14:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2010.02.12 14:10:34 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\Documents\a-squared Free
[2010.02.12 14:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2010.02.12 09:18:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.02.12 09:18:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.02.12 09:18:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.02.10 13:58:27 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.02.10 13:58:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.02.10 13:58:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.02.10 13:58:27 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.02.10 13:58:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.02.10 13:58:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.02.10 13:58:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.02.10 13:58:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010.02.10 13:58:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.02.10 13:58:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.02.10 13:58:22 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.02.09 21:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2010.02.09 18:27:19 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\Desktop\Downloads
[2010.02.09 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\GetRightToGo
[2010.02.08 21:24:46 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\Desktop\Praktikum
[2010.02.08 21:14:10 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\OpenOffice.org
[2010.02.08 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.02.08 21:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.02.08 21:07:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.02.08 21:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.02.08 21:07:12 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\Desktop\OpenOffice.org 3.1 (de) Installation Files
[2010.02.08 16:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.02.08 16:17:53 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Local\Google
[2010.02.08 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\Acreon
[2010.02.08 15:32:06 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Local\._Revolution_
[2010.02.08 15:18:51 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Local\PunkBuster
[2010.02.04 21:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Umschalter
[2010.02.03 09:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.02.03 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.01.30 16:59:14 | 000,074,880 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.01.30 16:59:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\SysWow64\drivers\ssmdrv.sys
[2010.01.30 16:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.01.30 16:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.01.29 13:47:04 | 000,163,936 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdfm.sys
[2010.01.29 13:46:34 | 000,102,720 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdhv.sys
[2010.01.28 17:00:00 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\AppData\Roaming\TS3Client
[2010.01.28 16:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2010.01.27 15:20:06 | 000,000,000 | ---D | C] -- C:\Users\Weltraumaffe\Desktop\techno
[2010.01.27 02:57:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2010.02.24 17:12:16 | 002,359,296 | -HS- | M] () -- C:\Users\Weltraumaffe\NTUSER.DAT
[2010.02.24 16:33:33 | 000,000,624 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\World of Warcraft.lnk
[2010.02.24 16:32:46 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.24 16:23:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.24 15:50:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.24 15:50:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.24 13:56:45 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.24 13:56:45 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.02.24 13:56:45 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.24 13:56:45 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.02.24 13:56:45 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.24 13:50:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.24 13:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.24 13:49:59 | 4285,595,648 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.23 23:01:53 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.23 23:01:50 | 000,065,536 | -HS- | M] () -- C:\Users\Weltraumaffe\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.02.23 23:01:49 | 000,524,288 | -HS- | M] () -- C:\Users\Weltraumaffe\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.02.23 23:01:44 | 001,647,267 | -H-- | M] () -- C:\Users\Weltraumaffe\AppData\Local\IconCache.db
[2010.02.23 22:15:56 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.02.23 22:15:26 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.02.22 19:29:38 | 000,232,350 | ---- | M] () -- C:\Users\Weltraumaffe\Documents\ts3_clientui-win32-10190-2010-02-22 19_29_37.172271.dmp
[2010.02.22 18:19:32 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.21 04:45:31 | 485,614,869 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.02.20 22:41:11 | 000,001,074 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.20 22:27:34 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.02.15 16:48:01 | 000,000,680 | ---- | M] () -- C:\Users\Weltraumaffe\AppData\Local\d3d9caps.dat
[2010.02.13 12:14:22 | 000,038,827 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\anmeldeformular-bg.pdf
[2010.02.12 21:16:33 | 000,001,928 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\HijackThis.lnk
[2010.02.12 18:45:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Weltraumaffe\Desktop\OTL.exe
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.12 14:33:52 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.12 14:31:32 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Antivirus 2010.lnk
[2010.02.12 09:24:27 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.02.11 04:19:56 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.02.11 04:19:56 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.02.10 17:39:08 | 000,222,902 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\nmtqlmr6.jpg
[2010.02.09 21:12:51 | 000,001,920 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Loadout Manager.lnk
[2010.02.09 20:49:20 | 000,330,560 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\sh6roa37.jpg
[2010.02.09 16:53:54 | 000,052,776 | ---- | M] () -- C:\Users\Weltraumaffe\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.09 16:13:43 | 000,246,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.02.08 21:08:55 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2010.02.08 18:06:05 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.02.08 16:52:45 | 000,000,768 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\QIP 2005.lnk
[2010.02.08 16:19:48 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.02.06 15:01:48 | 000,000,437 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\Ñåòåâàÿ èãðà Call of Duty 2.lnk
[2010.02.06 15:01:48 | 000,000,437 | ---- | M] () -- C:\Users\Weltraumaffe\Desktop\Îäèíî÷íàÿ èãðà Call of Duty 2.lnk
[2010.02.06 15:01:45 | 000,000,107 | ---- | M] () -- C:\Windows\RomeTW.ini
[2010.02.04 21:22:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Umschalter.lnk
[2010.01.30 16:59:17 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.01.29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdfm.sys
[2010.01.29 13:46:34 | 000,102,720 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdhv.sys
[2010.01.28 16:59:31 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

========== Files Created - No Company Name ==========

[2010.02.22 19:29:37 | 000,232,350 | ---- | C] () -- C:\Users\Weltraumaffe\Documents\ts3_clientui-win32-10190-2010-02-22 19_29_37.172271.dmp
[2010.02.22 18:19:32 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.20 22:41:11 | 000,001,074 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.20 22:27:34 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.02.19 22:25:22 | 000,046,464 | ---- | C] () -- C:\Windows\SysNative\drivers\JmtFltr.sys
[2010.02.15 16:48:01 | 000,000,680 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\d3d9caps.dat
[2010.02.13 12:14:22 | 000,038,827 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\anmeldeformular-bg.pdf
[2010.02.12 21:16:33 | 000,001,928 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\HijackThis.lnk
[2010.02.12 19:05:52 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.12 14:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.12 14:33:52 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.12 14:31:32 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Antivirus 2010.lnk
[2010.02.12 14:30:03 | 000,431,522 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\dd_vcredistMSI50AA.txt
[2010.02.12 14:30:02 | 000,011,426 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\dd_vcredistUI50AA.txt
[2010.02.11 04:19:56 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.02.11 04:19:56 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.02.10 17:39:17 | 000,222,902 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\nmtqlmr6.jpg
[2010.02.09 21:12:51 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Loadout Manager.lnk
[2010.02.09 20:49:36 | 000,330,560 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\sh6roa37.jpg
[2010.02.08 21:08:55 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2010.02.08 18:06:16 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.02.08 18:06:10 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.02.08 18:06:05 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.02.08 16:52:45 | 000,000,768 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\QIP 2005.lnk
[2010.02.08 16:20:09 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.02.08 16:19:48 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.02.08 16:18:03 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.08 16:18:02 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.06 15:01:48 | 000,000,437 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\Ñåòåâàÿ èãðà Call of Duty 2.lnk
[2010.02.06 15:01:48 | 000,000,437 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\Îäèíî÷íàÿ èãðà Call of Duty 2.lnk
[2010.02.06 15:01:44 | 000,000,107 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010.02.04 21:22:49 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Umschalter.lnk
[2010.01.31 14:11:34 | 000,000,624 | ---- | C] () -- C:\Users\Weltraumaffe\Desktop\World of Warcraft.lnk
[2010.01.30 16:59:17 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.01.30 16:58:55 | 000,363,064 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\dd_vcredistMSI4AE3.txt
[2010.01.30 16:58:55 | 000,011,218 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\dd_vcredistUI4AE3.txt
[2010.01.28 16:59:32 | 000,432,646 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\dd_vcredistMSI2F18.txt
[2010.01.28 16:59:32 | 000,011,458 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\dd_vcredistUI2F18.txt
[2010.01.28 16:59:31 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.01.27 02:56:56 | 485,614,869 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.01.19 16:18:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.01.19 16:17:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.01.18 20:56:15 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2010.01.16 16:24:24 | 000,003,584 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 15:31:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.01.15 15:16:36 | 000,000,732 | ---- | C] () -- C:\Users\Weltraumaffe\AppData\Local\d3d9caps64.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E7260698
< End of report >

cosinus · 24.02.2010, 19:30

C:\windows\windowsconfig.exe

Bitte diese Datei bei Virustotal auswerten lassen und von jeder den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

bananalolly · 24.02.2010, 20:38

So denke das ist das richtige

http://www.virustotal.com/analisis/e64d5eda8480ed283c467330ffe82a184552467ddbfc8a869c4548208e36260a-1264481890

cosinus · 24.02.2010, 20:40

Neue Malware! Bitte bei uns hochladen > http://www.trojaner-board.de/54791-a...ner-board.html

Wenn die bei uns ist, bitte die Datei umbenennen in windowsconfig.exe.vir

bananalolly · 26.02.2010, 14:26

Tag

Ich hoffe die Datei ist angekommen.
Oder soll ich das noch mal machen?

cosinus · 27.02.2010, 18:34

Nein, die Datei ist angekommen

Wie ich anfangs schon erwähnt habe, lässt sich das 64-Bit-System rel. schlecht bereinigen, mach aber bitte nochmal einen Durchlauf mit http://www.trojaner-board.de/51871-a...tispyware.html

bananalolly · 28.02.2010, 10:26

Hier wäre es

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/28/2010 at 05:20 AM

Application Version : 4.34.1000

Core Rules Database Version : 4624
Trace Rules Database Version: 2436

Scan type : Complete Scan
Total Scan Time : 01:02:04

Memory items scanned : 538
Memory threats detected : 0
Registry items scanned : 5181
Registry threats detected : 0
File items scanned : 74594
File threats detected : 295

Adware.Tracking Cookie
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\weltraumaffe@doubleclick[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\weltraumaffe@xfire.adbureau[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\weltraumaffe@content.yieldmanager[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\weltraumaffe@ad.yieldmanager[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\weltraumaffe@atdmt[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@traffictrack[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@at.atwola[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@advertising[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@ad.zanox[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@adx.chip[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@ads.ad4game[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@ad.yieldmanager[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@doubleclick[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@atdmt[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@webmasterplan[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@adfarm1.adition[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@adtech[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@apmebf[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@rotator.adjuggler[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@collective-media[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@zanox-affiliate[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@content.yieldmanager[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@bs.serving-sys[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@www.zanox-affiliate[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@a7.adserver01[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@gr.burstnet[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@kontera[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@ads.quartermedia[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@mediaplex[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@serving-sys[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@zanox[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@fastclick[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@tacoda[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@chitika[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@burstnet[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@revsci[2].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@msnportal.112.2o7[1].txt
C:\Users\Weltraumaffe\AppData\Roaming\Microsoft\Windows\Cookies\Low\weltraumaffe@tradedoubler[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@yadro[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@atdmt[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@atdmt[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@cgm.adbureau[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@doubleclick[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@count.rbc[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@adbureau[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\denis@tns-counter[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@yadro[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@ad.zanox[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@tto2.traffictrack[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@4stats[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@atdmt[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@tracking.quisma[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@mediaplex[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@adtech[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@www.zanox-affiliate[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@doubleclick[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@zanox-affiliate[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@rotator.adjuggler[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@tacoda[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@zanox[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@cdn.at.atwola[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@statcounter[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@adfarm1.adition[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@at.atwola[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@adsrv.admediate[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@apmebf[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@advertising[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@ads.heias[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@atwola[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@webmasterplan[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@tradedoubler[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@unitymedia[1].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@traffictrack[2].txt
C:\Windows.old\Users\Denis\AppData\Roaming\Microsoft\Windows\Cookies\Low\denis@msnportal.112.2o7[1].txt
.server.cpmstar.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.server.cpmstar.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.server.cpmstar.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.server.cpmstar.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.server.cpmstar.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adviva.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adviva.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.specificclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.doubleclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.zanox.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.zanox.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.zanox.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.zanox-affiliate.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.mediaplex.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.mediaplex.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adbureau.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.cgm.adbureau.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.cgm.adbureau.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.cgm.adbureau.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.cgm.adbureau.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.cgm.adbureau.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.atdmt.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.atdmt.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tradedoubler.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tradedoubler.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tradedoubler.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tradedoubler.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.zanox-affiliate.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.zanox-affiliate.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.smartadserver.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.smartadserver.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.smartadserver.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.smartadserver.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.smartadserver.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.yieldmanager.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.yieldmanager.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.yieldmanager.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.yieldmanager.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.yieldmanager.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.yieldmanager.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adlegend.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adlegend.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.3gnet.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
adserver.mmoga.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.traffictrack.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.webmasterplan.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tto2.traffictrack.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.unitymedia.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.quisma.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.traffictrack.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.content.yieldmanager.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.advertising.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.advertising.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.advertising.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.advertising.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.advertising.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.advertising.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.pornhub.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.pornhub.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.delivery.trafficjunky.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.delivery.trafficjunky.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.pornhub.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.pornhub.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.pornhub.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.pornhub.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adultfriendfinder.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adultfriendfinder.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adultfriendfinder.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adultfriendfinder.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adultfriendfinder.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adultfriendfinder.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adultfriendfinder.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adfarm1.adition.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.bs.serving-sys.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving-sys.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving-sys.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving-sys.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving-sys.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving-sys.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving-sys.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.im.banner.t-online.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.im.banner.t-online.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.im.banner.t-online.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.im.banner.t-online.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.im.banner.t-online.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.apmebf.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.apmebf.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
de.partypoker.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.partypoker.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.partypoker.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
statse.webtrendslive.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.partypoker.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
secure.partyaccount.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.partyaccount.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
rts.pgmediaserve.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
rts.pgmediaserve.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
rts.pgmediaserve.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
rts.pgmediaserve.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.partypoker.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.statcounter.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.statcounter.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.statcounter.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.statcounter.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.ad.adnet.biz [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.euros4click.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving.adsrevenue.clicksor.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.serving.adsrevenue.clicksor.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.myroitracking.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.collegefuckfest.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.collegefuckfest.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.collegefuckfest.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.googleadservices.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.adtech.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.de.at.atwola.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.mindshare.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tracking.mindshare.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
s2.trafficmaxx.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
rotator.adjuggler.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
rotator.adjuggler.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
s03.flagcounter.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.mmstat.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.zedo.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.zedo.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.zedo.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.zedo.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.zedo.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.bluestreak.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.2o7.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.2o7.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.2o7.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tribalfusion.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.fastclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.casalemedia.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.casalemedia.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.casalemedia.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.casalemedia.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.casalemedia.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.fastclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.fastclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.googleadservices.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
adx.chip.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.imrworldwide.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
a7.adserver01.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
a7.adserver01.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.imrworldwide.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
a7.adserver01.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
a7.adserver01.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
a7.adserver01.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.yadro.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.tns-counter.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.himedia.individuad.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.himedia.individuad.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.googleadservices.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.ads.quartermedia.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.ads.quartermedia.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.ads.quartermedia.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.ads.quartermedia.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.ads.quartermedia.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.ads.quartermedia.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.valueclick.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
advertiser.contextmatters.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.adition.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
ad.adition.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.trafficrank.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.trafficrank.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.trafficrank.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
mail.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
avatars.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
id.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.rambler.ru [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.publicidad.net [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.overture.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
.overture.com [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.usenext.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]
www.usenext.de [ C:\Windows.old\Users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\t4n0rzeo.default\cookies.txt ]

Application.Agent/Gen-TempZ
C:\WINDOWS.OLD\$RECYCLE.BIN\S-1-5-21-598036743-728356087-3822363578-1000\$RNKHUGY.EXE
C:\WINDOWS.OLD\USERS\DENIS\DESKTOP\TEST.AU3.EXE

cosinus · 28.02.2010, 21:23

SASW hat da im Wesentlichen nur Cookies gefunden, kein Grund zur Aufregung.

Zitat:

C:\WINDOWS.OLD

Ist das der alte Windowsordner? Hast Du Windows Vista einfach nur "drübergebügelt" über eine alte XP-Installation? Ich würde ja immer bei einem OS-Wechsel formatieren empfehlen...

bananalolly · 01.03.2010, 14:43

Ne ich hatte ein Problem das mein pc beim booten(vista64) immer nicht hochgefahren ist da kam immer ein rosa streifen oben am monitor.
danach habe ich das selbe vista64 einfach neu drauf gemacht.

und wenn ich fragen darf was würde sich als schutz gegen keyloggers und viren empfehlen?
will nicht dass es noch mal vorkommt

cosinus · 01.03.2010, 15:45

Zitat:

und wenn ich fragen darf was würde sich als schutz gegen keyloggers und viren empfehlen?
will nicht dass es noch mal vorkommt

Ein Virenscanner allein reicht da niemals aus. Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

24.02.2010, 19:30	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keylogger(Acc gehackt) C:\windows\windowsconfig.exe Bitte diese Datei bei Virustotal auswerten lassen und von jeder den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen. Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten. __________________ Logfiles bitte immer in CODE-Tags posten

24.02.2010, 20:40	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keylogger(Acc gehackt) Neue Malware! Bitte bei uns hochladen > http://www.trojaner-board.de/54791-a...ner-board.html Wenn die bei uns ist, bitte die Datei umbenennen in windowsconfig.exe.vir __________________ Logfiles bitte immer in CODE-Tags posten

27.02.2010, 18:34	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keylogger(Acc gehackt) Nein, die Datei ist angekommen Wie ich anfangs schon erwähnt habe, lässt sich das 64-Bit-System rel. schlecht bereinigen, mach aber bitte nochmal einen Durchlauf mit http://www.trojaner-board.de/51871-a...tispyware.html __________________ Logfiles bitte immer in CODE-Tags posten

Keylogger(Acc gehackt)

Log-Analyse und Auswertung: Keylogger(Acc gehackt)