|
Log-Analyse und Auswertung: anti-malware log zur auswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.10.2010, 16:26 | #1 |
| anti-malware log zur auswertung hay alle das ist mein erster post , hoffe hab möglichst wenig fehler. Ich weiß nicht ob ich ein Trojaner auf dem pc habe oder nicht. Soll ich mein Computer jetzt formatieren?! Also hier die log-datei. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4903 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 21.10.2010 17:09:29 mbam-log-2010-10-21 (17-09-29).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146253 Laufzeit: 11 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 14 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 4 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. |
21.10.2010, 18:37 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | anti-malware log zur auswertung Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
21.10.2010, 20:48 | #3 |
| anti-malware log zur auswertung OTL) 1log.OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 21.10.2010 20:15:48 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Senad\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{32C71912-532C-46DC-A9F1-3117924AA21D}" = lport=2869 | protocol=6 | dir=in | app=system | "{3B165C69-9D26-44BE-B2DC-FE5DC002E9AA}" = lport=2869 | protocol=6 | dir=in | app=system | "{3F32B2E4-3A82-4D0C-AEEA-B61B0BF5DE3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5654AE0E-1EA0-4A0B-9026-64107BA0CC44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{74AF2B35-6ACC-4C2E-9543-DB5C8DBD03DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{95A09728-FDDE-4E18-972E-04308AFF4960}" = lport=2869 | protocol=6 | dir=in | app=system | "{A18B548C-C0EB-475A-91FA-E24C8DB91FD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C8251346-EC22-45DA-9B32-B94290017165}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0139E08A-8E94-4ED1-9E82-2DB322639286}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | "{0891B45B-7E90-44EB-82A1-B96B7DB8EA58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{09952AAE-AEBA-4F7A-A719-134C30B93ABB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{0BA447DD-343A-41CE-B86D-947C05D113AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{0F983182-B487-4736-B8C9-055E11127822}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{24C52D48-F42D-44B2-8812-4B5F0843BE4E}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | "{2A289B65-5989-4788-B72E-C35D4D041368}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{33DE3C5E-D188-4B86-A8FE-9EB4AB7D4F41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{34D54E44-4DF4-4CC1-935D-B103A95CA4BB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{3A1A66CF-89C4-4140-9E1D-6FB83769E7DD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3A95E764-3B67-451D-A8E0-E115E0F79DD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{408C8A0E-A038-4D33-ACBE-547831CF647B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{44093CD2-EE1A-4C19-9A39-46E79324D40E}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | "{45506B92-F2E4-499D-9A0B-709D4E191D81}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4CA9F8D5-4A71-4316-9CFA-90255A760E5F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{516A3F30-B982-4C68-98A1-815BDA9C09B7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{5E82F0F2-D36B-48B8-BF86-9BB56965768B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "{613FF0EB-27CE-4C3F-8072-675C6F878E0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{666CB7ED-EB3B-429A-8A1A-25EBB902169A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "{66DE233B-098B-49CE-AB71-E3376098B3DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{68C57A13-1250-4B1F-B3E6-5BE041E3B096}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | "{68CCBCF6-EDD7-44BA-B530-6F25B2275430}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe | "{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | "{715F4E3F-E61B-49DA-A0A4-C8838EB5C7FE}" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | "{718E1F3D-3478-4706-93DA-80FDB93F5C91}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{73CFC126-588B-4B8D-BFF8-5EA031414D52}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{77465F61-30D9-4856-BB04-D9E3343DEEAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{782EA5B2-9570-4588-9B03-BCC048235648}" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | "{7956A954-3D7A-47FF-B2AB-0637C1B38963}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{79B6CD9A-3172-493C-AB40-6D5FAE597258}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{7A5D141A-011D-4E41-B0CE-F76C5FEBA09C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{7B0988E3-E402-450B-B444-4E996D66AE46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{7C20506C-7A73-452F-9880-1A9B19C81C9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{7DDC15D9-927F-4582-A895-FA1677F1864B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{7EAD9E89-625F-40A3-BEA5-E4A4C187B7CB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{836DE0DE-F505-45C2-B777-4CD4BDEA8061}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{85352D01-C8EB-4E51-9762-E2D67D358707}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{85D8FCA9-1B95-4736-95A6-388D532FA9F7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{87B53806-46A2-4780-922E-C5667112B5E8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{87BF2D87-56AE-4957-939D-AC8EE52F2D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{8CF8B9F6-E6D7-4432-947A-3B9C1740CFF7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{8FB08B5E-0EF8-46B2-9C7F-51DB553223C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{9E58D4F7-EDDA-4401-84DD-4C382BCD0257}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | "{9F69704C-3150-4B7D-AAC1-162572229869}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{A95B063C-149F-4BAA-A831-08499262DD41}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{A9C5BAA8-1155-41D6-A5CD-F9ED0BCC3E2C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{ACD18395-D930-4BA4-8D83-A78C3EEE0426}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{AF362A85-4A49-4660-8065-1E1C5799FC62}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | "{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | "{B806D263-45E2-4604-969F-7EDBF31F4EB3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{B9FEBF8A-B573-4625-BDF8-838BD57AB5E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | "{BFA89F29-0510-425A-9F99-7F5CC3452369}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{C6089F0E-1C26-4F1C-AE30-5E60D39582A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C7AF4FE9-9374-4EB0-841A-9C7A8A3EA1A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{C819C97F-7EED-4D70-9C47-391712BDB5D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{C84BE8B8-D5F3-4E3B-B0E4-BC3F38B61605}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{CA27CFD2-5416-47AD-B019-CB52ABD3789A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | "{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | "{CFF8FE96-8004-48CA-95A5-25CD3EDAF231}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{D92B0DFC-EDE2-4DC9-87C3-489860C19AAD}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{DC04695E-E0E3-42D5-B937-21E67D6ADF16}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{E219DC92-3E75-4432-BC6A-B62D818BD9F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E30CA022-1E93-4171-898E-C9EF17E2D396}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | "{E33026B8-8B24-4146-BF69-78309EF04094}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | "{ED40B40B-9B5E-4A52-8AAF-E9554F3C7856}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe | "TCP Query User{00548D5D-A624-4225-8424-63DB22322BB7}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "TCP Query User{07CDED4B-AD87-40F7-9C04-4CA7D58718A0}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | "TCP Query User{0852AC21-4C19-46BC-9A59-2F93DCE9DF5D}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "TCP Query User{0995BFBD-357F-4AF2-B95E-E31F9A001970}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | "TCP Query User{0BCEBDC2-D310-4AC0-BD88-D203B97D3834}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "TCP Query User{10694044-61A6-4D36-985A-EAB465ED08F3}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | "TCP Query User{14422F3F-3701-45DD-9355-E3994BDB285F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "TCP Query User{146E16A3-D256-4630-BC89-23F26003009D}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "TCP Query User{18D6E447-C6BB-4839-A835-67CCECF58697}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "TCP Query User{1988BD6D-ED36-4F7B-9705-BB2C00294E3A}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "TCP Query User{1A35859B-8B4E-47D3-A52B-F77D6189940C}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{251587BC-C93E-4F41-A6BC-430632C3BFD9}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "TCP Query User{299CC269-A608-4D59-B5A6-980F3BC71CC0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{2B183796-BCE7-468A-BB8D-A754FCEB01C9}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | "TCP Query User{2D8E5CCD-A3D3-4C3D-8805-7BE68C0FF042}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | "TCP Query User{39195783-2217-4438-95B6-811630CD9696}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "TCP Query User{3BB4A8E9-6AC4-47F9-B3C4-EEECE138BD2B}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{447EE480-6616-40A4-A606-A6A2E7B89E50}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{4D77DD47-3092-486B-BF9D-26359DCC0849}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | "TCP Query User{5437AD72-B13D-4AC7-8D24-6B28CD1B8956}C:\program files\metin2_germany\metin2.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.exe | "TCP Query User{588EA4B6-FF03-4D05-9351-48A9B9D09C62}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "TCP Query User{58A83585-4A1D-444C-9E00-19CF05643C8E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{74E98653-1C96-4145-9D48-35F8E38AA74B}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "TCP Query User{75550ABD-F21D-4189-B8ED-46C9881782D8}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | "TCP Query User{83FAEEA6-22F3-4738-A90B-1214E3BC2D7D}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | "TCP Query User{8D4E4618-AAC2-4A12-99DC-5F0AE784396B}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "TCP Query User{8F234526-4F13-4E46-9313-B7F595D4EC6E}L:\mh\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\mh\metin2_germany\metin2.bin | "TCP Query User{9120E071-628E-44F3-B3B6-153AFB14D314}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "TCP Query User{B8443C0F-BA33-4994-9639-8947AAE670C7}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | "TCP Query User{C0B98893-7AFD-463F-A985-BB6D9BA4BE6A}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "TCP Query User{C954EB8C-7061-42F1-B49B-8A383A2894B2}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | "TCP Query User{D35877DB-698E-4055-A14A-FBAE70796DA3}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | "TCP Query User{D5E429BE-48ED-4A23-BC07-485A397D7CB3}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | "TCP Query User{D8E51C89-764D-42A8-9637-02ABDFC951B5}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "TCP Query User{E6970AD5-9EC4-4016-BDFC-9F18EE914CBE}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | "TCP Query User{F9D35BB9-3096-48B8-A4F9-947D23F58A4D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "TCP Query User{FE8C2221-4E72-4DCF-A051-452FBB5AA03A}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | "TCP Query User{FF6E8328-8316-4767-8786-10A9E343FD3F}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "UDP Query User{030E5AE0-5AF8-439A-850B-C4E33E8C2273}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "UDP Query User{0B87C1E5-2BA8-405F-8AE1-54CF0A331C54}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "UDP Query User{1CFB478F-1B62-451A-8ACC-91C34F6B27FF}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "UDP Query User{1E6129E5-9EF0-4DA9-9F9C-1CB6F670B1F5}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | "UDP Query User{29D1CFD1-79FF-47D2-8403-CDEE3785574B}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | "UDP Query User{2DA8C29F-0DE6-4C2F-911A-A00F84CA115A}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "UDP Query User{2FDFDE65-3D97-4227-A078-08E1CE3DBAFF}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "UDP Query User{31E316F8-AF62-4EFF-80B1-D50421DCEB4F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "UDP Query User{380C8834-B107-41D5-8A30-9D5688E8EBCE}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "UDP Query User{3CBF2878-641F-4ED9-B0F5-BD5D1C00909A}C:\program files\metin2_germany\metin2.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.exe | "UDP Query User{413A58BE-956E-45A2-9949-0F04FC9F1F90}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "UDP Query User{45170A0C-15E4-431A-A3C7-48138C0874B6}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | "UDP Query User{4D839AF7-4CF3-45FA-B895-290D827C0E30}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{4D8ECD20-81D4-4253-AA5D-1DC07A9B8E6F}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | "UDP Query User{4F49D2F3-1D4E-440D-8387-07F82F99B1FA}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | "UDP Query User{509B7D0E-5652-4A40-A9D7-FDF1A869E777}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | "UDP Query User{56278F68-2AA4-47D3-A99C-A6D5C804A6A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{594CD0CB-5510-49A5-B659-2CD8D1AF2BDC}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | "UDP Query User{6D4CC943-4CEA-4BA3-8270-2B5ED64293E2}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{6F52EC1B-DFC0-4FD5-960D-F65254698424}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{6F9F7F64-140C-40C8-AACB-81EE0ACC6CE7}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "UDP Query User{73839211-8BB1-4D5A-BB42-909B80F3F489}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | "UDP Query User{768FE0FF-DB0F-44FC-B5F6-C9533BAACF33}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | "UDP Query User{793CE7BE-2943-4B68-A3F1-E235378B9F6D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "UDP Query User{7FFEEE04-E4CC-4717-B794-C251258EABAB}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "UDP Query User{8BDA34E8-733A-4BFD-894B-36F5FD3D7019}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "UDP Query User{8DF8C2AE-42F2-4790-9DE5-FC95C8E40D6E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{9055E64A-DC14-4C0A-9F91-5AC9718B632B}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "UDP Query User{A6F871A5-E37D-4ACF-8B3A-0FB50430A58F}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | "UDP Query User{AE259E7D-8EA9-4F55-A207-567FD13B4D8F}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | "UDP Query User{AEA78220-1D4D-4402-80BC-94B85121AEBC}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "UDP Query User{BE7C24C2-945D-4CD1-8A32-03F28EA8204E}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "UDP Query User{C30EE879-B6EA-4E73-BD8D-624C60C1CAF9}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | "UDP Query User{CE215832-CF2C-4C85-8C5D-4EAE7C360821}L:\mh\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\mh\metin2_germany\metin2.bin | "UDP Query User{D60CB3CB-4B28-4346-A594-1BC8638A8BFB}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "UDP Query User{DE8C7509-9298-44AD-8A5A-66C7693A0518}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | "UDP Query User{F01D6A35-3FDD-4F4B-A7A3-1F5D68F97E28}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "UDP Query User{FE2903F4-39CB-475D-A372-6ADAD2FFFF5F}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai "{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08 "{0A2D1DFE-5362-6CCF-46D7-07006D726383}" = CCC Help Russian "{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All "{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation "{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{246DB002-665C-CD60-390A-DE2BE952C7CC}" = CCC Help Dutch "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{427E8045-62BF-DD85-079C-21AE345BA815}" = CCC Help Finnish "{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing "{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53 "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek "{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7 "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{85EC876D-27B4-D811-1419-BB021AEA351C}" = CCC Help Danish "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate "{94894501-EC12-432B-B8E2-AA8470CC6266}" = UEFA EURO 2008™ "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1C4983E-7720-3970-5F21-5AFF18AEF5BD}" = CCC Help Swedish "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B98898CD-9097-6D0E-C5B8-418433A00717}" = CCC Help Turkish "{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean "{C388FB07-1679-E1EF-7DE4-172E3FDB595E}" = CCC Help Norwegian "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D6900D91-35A7-5DC4-07D4-AF3123BB3422}" = ATI Problem Report Wizard "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French "{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common "{EFBF0779-93EE-4261-9CF3-EA68FA7E1152}" = CCC Help Czech "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1BFD15D-9EEC-4072-942D-240BA0B99467}" = COMPUTERBILD-Abzockschutz "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F7D3AFB4-94A0-4720-AFC6-5B6283DD7606}_is1" = Borderlands v.1.2 and DLCs "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New "{FD1E62F4-33DC-87C5-8C4A-77D2D8D5ACB8}" = ATI Catalyst Install Manager "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BattlEye" = BattlEye Uninstall "Counter-Strike 1.6 v28 - DigitalZone" = Counter-Strike 1.6 v28 - DigitalZone "Cross Fire_is1" = Cross Fire En "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "FileMenu Tools_is1" = FileMenu Tools "Free Studio_is1" = Free Studio version 4.1 "Game Cam" = Game Cam 2.54.0.47 "ICQToolbar" = ICQ Toolbar "JAP" = JAP "Just Cause 2_is1" = Just Cause 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11) "No-IP.com DUC" = No-IP.com DUC (remove only) "NoIPDUC" = No-IP DUC "OpenAL" = OpenAL "Polipo" = Polipo 1.0.4.1 "PunkBusterSvc" = PunkBuster Services "Tor" = Tor 0.2.1.23 "TVISTA Express Tuner_is1" = DATA BECKER TVISTA Express Tuner "Vidalia" = Vidalia 0.2.7 "VLC media player" = VLC media player 0.9.8a "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "World of Warcraft" = World of Warcraft ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 12:06:45 | Computer Name = Senad-PC | Source = ESENT | ID = 215 Description = WinMail (3072) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 01.11.2009 10:39:12 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621 Description = Error - 03.11.2009 06:29:39 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621 Description = Error - 04.11.2009 10:15:09 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 21.10.2010 10:27:37 | Computer Name = Senad-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 21.10.2010 um 16:25:59 unerwartet heruntergefahren. Error - 21.10.2010 10:29:59 | Computer Name = Senad-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 21.10.2010 um 16:28:33 unerwartet heruntergefahren. Error - 21.10.2010 10:29:48 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 10:31:47 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 10:31:58 | Computer Name = Senad-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 21.10.2010 um 16:29:59 unerwartet heruntergefahren. Error - 21.10.2010 10:33:30 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.10.2010 11:49:35 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 11:51:19 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.10.2010 13:55:43 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 13:57:27 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000 Description = [ TuneUp Events ] Error - 16.07.2010 07:36:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:38:02 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:38:22 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:38:42 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:40:12 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 17.07.2010 12:07:11 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 18.07.2010 12:56:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 18.07.2010 16:38:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 19.07.2010 05:45:28 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 19.07.2010 07:00:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > OTL) 2log.OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.10.2010 20:15:48 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Senad\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe (ActiveState Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- File not found SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File not found SRV - (CLTNetCnService) -- File not found SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (netr73) -- C:\Windows\System32\DRIVERS\netr73.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys () DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys () DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = WEB.DE Suche - einfach, schnell und relevant! [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "AOL Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "184.73.187.184" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "184.73.187.184" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "184.73.187.184" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "184.73.187.184" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "184.73.187.184" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "184.73.187.184" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 14:29:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 14:29:26 | 000,000,000 | ---D | M] [2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions [2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.10.21 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions [2010.04.27 16:14:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.09 12:05:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.11 00:08:25 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.04.21 12:30:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.10.21 14:30:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.30 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\FirefoxAddon@similarWeb.com [2010.09.24 22:16:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\isgdcreator@postspectacular.com [2008.12.23 11:35:24 | 000,001,579 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\aol-search.xml [2010.10.17 12:30:14 | 000,000,950 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin-1.xml [2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin.xml [2010.08.08 23:07:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.19 18:59:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.04 19:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.04 19:30:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.13 22:29:59 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value error. File not found O2 - BHO: (no name) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.21 20:01:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe [2010.10.21 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Senad\AppData\Roaming\Malwarebytes [2010.10.21 16:51:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.21 16:51:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.21 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\Senad\Documents\Square Enix [2010.10.21 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.10.21 14:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.10.15 00:23:25 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.15 00:23:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.15 00:23:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.15 00:23:00 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.15 00:23:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.15 00:23:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.15 00:22:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.15 00:22:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.15 00:22:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.15 00:22:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.15 00:22:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.15 00:22:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.15 00:22:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.15 00:22:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.15 00:22:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.15 00:22:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.15 00:22:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.15 00:22:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.15 00:22:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.15 00:22:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.15 00:22:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.15 00:22:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.15 00:22:54 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.15 00:22:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.15 00:22:52 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.09.29 13:55:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk [2010.10.21 20:13:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CFCB5B28-9326-4B32-85AB-75602B755434}.job [2010.10.21 20:01:21 | 000,694,324 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.21 20:01:21 | 000,611,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.21 20:01:21 | 000,148,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.21 20:01:21 | 000,120,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.21 20:01:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe [2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.21 19:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.21 19:55:51 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys [2010.10.21 16:31:55 | 284,109,127 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.18 21:28:12 | 000,002,253 | ---- | M] () -- C:\Users\Senad\Desktop\Steam.lnk [2010.10.18 12:27:57 | 000,001,053 | ---- | M] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk [2010.10.15 16:37:42 | 000,614,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.09 14:14:14 | 000,073,216 | -HS- | M] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db [2010.10.08 14:28:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.10.08 14:28:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [8248.11.22 10:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Senad\Documents\Locker01.flk [2010.10.21 16:13:05 | 284,109,127 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.10.18 12:27:57 | 000,001,053 | ---- | C] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk [2010.10.09 14:13:48 | 000,073,216 | -HS- | C] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db [2010.07.19 19:02:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.01 21:49:01 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.01.31 01:09:20 | 000,001,648 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d8caps.dat [2009.09.24 20:40:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.13 14:47:15 | 000,322,036 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_nav.dat [2009.06.13 14:47:15 | 000,003,617 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga.dat [2009.06.13 14:47:15 | 000,000,422 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_navps.dat [2009.03.15 17:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Senad\AppData\Roaming\PnkBstrK.sys [2009.02.25 22:52:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys [2009.02.25 22:52:51 | 000,016,896 | ---- | C] () -- C:\Windows\System32\WinFl32.sys [2009.02.25 22:52:51 | 000,000,990 | -HS- | C] () -- C:\Users\Senad\AppData\Roaming\systemfl.$dk [2009.02.14 10:48:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.02.13 23:42:05 | 000,002,750 | ---- | C] () -- C:\Users\Senad\AppData\Local\edsinstaller.txt-20090213.log [2009.02.02 01:11:23 | 000,000,839 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_sta [2009.02.02 01:11:17 | 000,000,792 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_prof [2009.02.02 00:57:44 | 000,290,918 | ---- | C] () -- C:\Windows\System32\Install7x.dll [2008.11.09 14:18:56 | 000,000,173 | ---- | C] () -- C:\Windows\wininit.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.07.26 09:19:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.07.26 09:18:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.07.26 09:17:44 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.24 18:41:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.28 15:16:07 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.06.28 15:16:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.06.19 21:10:01 | 000,000,088 | ---- | C] () -- C:\Users\Senad\AppData\Local\uuttacz.bat [2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.05.24 12:59:25 | 000,008,836 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d9caps.dat [2008.05.23 15:39:46 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.05.16 15:09:05 | 000,011,264 | ---- | C] () -- C:\Users\Senad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.14 17:49:49 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.05.14 17:49:48 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2007.07.26 21:28:01 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini [2007.07.26 19:31:59 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Anti-Malware) Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4904 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 21.10.2010 20:54:58 mbam-log-2010-10-21 (20-54-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 0 Laufzeit: 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
21.10.2010, 20:48 | #4 |
| anti-malware log zur auswertung OTL) 1log.OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.10.2010 20:15:48 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Senad\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{32C71912-532C-46DC-A9F1-3117924AA21D}" = lport=2869 | protocol=6 | dir=in | app=system | "{3B165C69-9D26-44BE-B2DC-FE5DC002E9AA}" = lport=2869 | protocol=6 | dir=in | app=system | "{3F32B2E4-3A82-4D0C-AEEA-B61B0BF5DE3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5654AE0E-1EA0-4A0B-9026-64107BA0CC44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{74AF2B35-6ACC-4C2E-9543-DB5C8DBD03DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{95A09728-FDDE-4E18-972E-04308AFF4960}" = lport=2869 | protocol=6 | dir=in | app=system | "{A18B548C-C0EB-475A-91FA-E24C8DB91FD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C8251346-EC22-45DA-9B32-B94290017165}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0139E08A-8E94-4ED1-9E82-2DB322639286}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | "{0891B45B-7E90-44EB-82A1-B96B7DB8EA58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{09952AAE-AEBA-4F7A-A719-134C30B93ABB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{0BA447DD-343A-41CE-B86D-947C05D113AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{0F983182-B487-4736-B8C9-055E11127822}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{24C52D48-F42D-44B2-8812-4B5F0843BE4E}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | "{2A289B65-5989-4788-B72E-C35D4D041368}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{33DE3C5E-D188-4B86-A8FE-9EB4AB7D4F41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{34D54E44-4DF4-4CC1-935D-B103A95CA4BB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{3A1A66CF-89C4-4140-9E1D-6FB83769E7DD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3A95E764-3B67-451D-A8E0-E115E0F79DD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{408C8A0E-A038-4D33-ACBE-547831CF647B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{44093CD2-EE1A-4C19-9A39-46E79324D40E}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | "{45506B92-F2E4-499D-9A0B-709D4E191D81}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4CA9F8D5-4A71-4316-9CFA-90255A760E5F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{516A3F30-B982-4C68-98A1-815BDA9C09B7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{5E82F0F2-D36B-48B8-BF86-9BB56965768B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "{613FF0EB-27CE-4C3F-8072-675C6F878E0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{666CB7ED-EB3B-429A-8A1A-25EBB902169A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "{66DE233B-098B-49CE-AB71-E3376098B3DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{68C57A13-1250-4B1F-B3E6-5BE041E3B096}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | "{68CCBCF6-EDD7-44BA-B530-6F25B2275430}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe | "{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | "{715F4E3F-E61B-49DA-A0A4-C8838EB5C7FE}" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | "{718E1F3D-3478-4706-93DA-80FDB93F5C91}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{73CFC126-588B-4B8D-BFF8-5EA031414D52}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{77465F61-30D9-4856-BB04-D9E3343DEEAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{782EA5B2-9570-4588-9B03-BCC048235648}" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | "{7956A954-3D7A-47FF-B2AB-0637C1B38963}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{79B6CD9A-3172-493C-AB40-6D5FAE597258}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{7A5D141A-011D-4E41-B0CE-F76C5FEBA09C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{7B0988E3-E402-450B-B444-4E996D66AE46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{7C20506C-7A73-452F-9880-1A9B19C81C9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{7DDC15D9-927F-4582-A895-FA1677F1864B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{7EAD9E89-625F-40A3-BEA5-E4A4C187B7CB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{836DE0DE-F505-45C2-B777-4CD4BDEA8061}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{85352D01-C8EB-4E51-9762-E2D67D358707}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{85D8FCA9-1B95-4736-95A6-388D532FA9F7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{87B53806-46A2-4780-922E-C5667112B5E8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{87BF2D87-56AE-4957-939D-AC8EE52F2D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{8CF8B9F6-E6D7-4432-947A-3B9C1740CFF7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{8FB08B5E-0EF8-46B2-9C7F-51DB553223C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{9E58D4F7-EDDA-4401-84DD-4C382BCD0257}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | "{9F69704C-3150-4B7D-AAC1-162572229869}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{A95B063C-149F-4BAA-A831-08499262DD41}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{A9C5BAA8-1155-41D6-A5CD-F9ED0BCC3E2C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{ACD18395-D930-4BA4-8D83-A78C3EEE0426}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{AF362A85-4A49-4660-8065-1E1C5799FC62}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | "{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | "{B806D263-45E2-4604-969F-7EDBF31F4EB3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{B9FEBF8A-B573-4625-BDF8-838BD57AB5E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | "{BFA89F29-0510-425A-9F99-7F5CC3452369}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{C6089F0E-1C26-4F1C-AE30-5E60D39582A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C7AF4FE9-9374-4EB0-841A-9C7A8A3EA1A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{C819C97F-7EED-4D70-9C47-391712BDB5D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{C84BE8B8-D5F3-4E3B-B0E4-BC3F38B61605}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{CA27CFD2-5416-47AD-B019-CB52ABD3789A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | "{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | "{CFF8FE96-8004-48CA-95A5-25CD3EDAF231}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{D92B0DFC-EDE2-4DC9-87C3-489860C19AAD}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{DC04695E-E0E3-42D5-B937-21E67D6ADF16}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{E219DC92-3E75-4432-BC6A-B62D818BD9F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E30CA022-1E93-4171-898E-C9EF17E2D396}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | "{E33026B8-8B24-4146-BF69-78309EF04094}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | "{ED40B40B-9B5E-4A52-8AAF-E9554F3C7856}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe | "TCP Query User{00548D5D-A624-4225-8424-63DB22322BB7}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "TCP Query User{07CDED4B-AD87-40F7-9C04-4CA7D58718A0}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | "TCP Query User{0852AC21-4C19-46BC-9A59-2F93DCE9DF5D}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "TCP Query User{0995BFBD-357F-4AF2-B95E-E31F9A001970}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | "TCP Query User{0BCEBDC2-D310-4AC0-BD88-D203B97D3834}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "TCP Query User{10694044-61A6-4D36-985A-EAB465ED08F3}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | "TCP Query User{14422F3F-3701-45DD-9355-E3994BDB285F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "TCP Query User{146E16A3-D256-4630-BC89-23F26003009D}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "TCP Query User{18D6E447-C6BB-4839-A835-67CCECF58697}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "TCP Query User{1988BD6D-ED36-4F7B-9705-BB2C00294E3A}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "TCP Query User{1A35859B-8B4E-47D3-A52B-F77D6189940C}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{251587BC-C93E-4F41-A6BC-430632C3BFD9}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "TCP Query User{299CC269-A608-4D59-B5A6-980F3BC71CC0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{2B183796-BCE7-468A-BB8D-A754FCEB01C9}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | "TCP Query User{2D8E5CCD-A3D3-4C3D-8805-7BE68C0FF042}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | "TCP Query User{39195783-2217-4438-95B6-811630CD9696}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "TCP Query User{3BB4A8E9-6AC4-47F9-B3C4-EEECE138BD2B}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{447EE480-6616-40A4-A606-A6A2E7B89E50}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{4D77DD47-3092-486B-BF9D-26359DCC0849}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | "TCP Query User{5437AD72-B13D-4AC7-8D24-6B28CD1B8956}C:\program files\metin2_germany\metin2.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.exe | "TCP Query User{588EA4B6-FF03-4D05-9351-48A9B9D09C62}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "TCP Query User{58A83585-4A1D-444C-9E00-19CF05643C8E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{74E98653-1C96-4145-9D48-35F8E38AA74B}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "TCP Query User{75550ABD-F21D-4189-B8ED-46C9881782D8}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | "TCP Query User{83FAEEA6-22F3-4738-A90B-1214E3BC2D7D}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | "TCP Query User{8D4E4618-AAC2-4A12-99DC-5F0AE784396B}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "TCP Query User{8F234526-4F13-4E46-9313-B7F595D4EC6E}L:\mh\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\mh\metin2_germany\metin2.bin | "TCP Query User{9120E071-628E-44F3-B3B6-153AFB14D314}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "TCP Query User{B8443C0F-BA33-4994-9639-8947AAE670C7}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | "TCP Query User{C0B98893-7AFD-463F-A985-BB6D9BA4BE6A}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "TCP Query User{C954EB8C-7061-42F1-B49B-8A383A2894B2}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | "TCP Query User{D35877DB-698E-4055-A14A-FBAE70796DA3}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | "TCP Query User{D5E429BE-48ED-4A23-BC07-485A397D7CB3}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | "TCP Query User{D8E51C89-764D-42A8-9637-02ABDFC951B5}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "TCP Query User{E6970AD5-9EC4-4016-BDFC-9F18EE914CBE}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | "TCP Query User{F9D35BB9-3096-48B8-A4F9-947D23F58A4D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "TCP Query User{FE8C2221-4E72-4DCF-A051-452FBB5AA03A}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | "TCP Query User{FF6E8328-8316-4767-8786-10A9E343FD3F}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "UDP Query User{030E5AE0-5AF8-439A-850B-C4E33E8C2273}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "UDP Query User{0B87C1E5-2BA8-405F-8AE1-54CF0A331C54}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | "UDP Query User{1CFB478F-1B62-451A-8ACC-91C34F6B27FF}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "UDP Query User{1E6129E5-9EF0-4DA9-9F9C-1CB6F670B1F5}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | "UDP Query User{29D1CFD1-79FF-47D2-8403-CDEE3785574B}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | "UDP Query User{2DA8C29F-0DE6-4C2F-911A-A00F84CA115A}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "UDP Query User{2FDFDE65-3D97-4227-A078-08E1CE3DBAFF}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "UDP Query User{31E316F8-AF62-4EFF-80B1-D50421DCEB4F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "UDP Query User{380C8834-B107-41D5-8A30-9D5688E8EBCE}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | "UDP Query User{3CBF2878-641F-4ED9-B0F5-BD5D1C00909A}C:\program files\metin2_germany\metin2.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.exe | "UDP Query User{413A58BE-956E-45A2-9949-0F04FC9F1F90}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | "UDP Query User{45170A0C-15E4-431A-A3C7-48138C0874B6}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | "UDP Query User{4D839AF7-4CF3-45FA-B895-290D827C0E30}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{4D8ECD20-81D4-4253-AA5D-1DC07A9B8E6F}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | "UDP Query User{4F49D2F3-1D4E-440D-8387-07F82F99B1FA}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | "UDP Query User{509B7D0E-5652-4A40-A9D7-FDF1A869E777}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | "UDP Query User{56278F68-2AA4-47D3-A99C-A6D5C804A6A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{594CD0CB-5510-49A5-B659-2CD8D1AF2BDC}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | "UDP Query User{6D4CC943-4CEA-4BA3-8270-2B5ED64293E2}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{6F52EC1B-DFC0-4FD5-960D-F65254698424}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{6F9F7F64-140C-40C8-AACB-81EE0ACC6CE7}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | "UDP Query User{73839211-8BB1-4D5A-BB42-909B80F3F489}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | "UDP Query User{768FE0FF-DB0F-44FC-B5F6-C9533BAACF33}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | "UDP Query User{793CE7BE-2943-4B68-A3F1-E235378B9F6D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "UDP Query User{7FFEEE04-E4CC-4717-B794-C251258EABAB}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "UDP Query User{8BDA34E8-733A-4BFD-894B-36F5FD3D7019}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "UDP Query User{8DF8C2AE-42F2-4790-9DE5-FC95C8E40D6E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{9055E64A-DC14-4C0A-9F91-5AC9718B632B}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | "UDP Query User{A6F871A5-E37D-4ACF-8B3A-0FB50430A58F}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | "UDP Query User{AE259E7D-8EA9-4F55-A207-567FD13B4D8F}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | "UDP Query User{AEA78220-1D4D-4402-80BC-94B85121AEBC}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "UDP Query User{BE7C24C2-945D-4CD1-8A32-03F28EA8204E}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | "UDP Query User{C30EE879-B6EA-4E73-BD8D-624C60C1CAF9}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | "UDP Query User{CE215832-CF2C-4C85-8C5D-4EAE7C360821}L:\mh\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\mh\metin2_germany\metin2.bin | "UDP Query User{D60CB3CB-4B28-4346-A594-1BC8638A8BFB}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | "UDP Query User{DE8C7509-9298-44AD-8A5A-66C7693A0518}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | "UDP Query User{F01D6A35-3FDD-4F4B-A7A3-1F5D68F97E28}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "UDP Query User{FE2903F4-39CB-475D-A372-6ADAD2FFFF5F}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai "{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08 "{0A2D1DFE-5362-6CCF-46D7-07006D726383}" = CCC Help Russian "{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All "{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation "{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{246DB002-665C-CD60-390A-DE2BE952C7CC}" = CCC Help Dutch "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{427E8045-62BF-DD85-079C-21AE345BA815}" = CCC Help Finnish "{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing "{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53 "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek "{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7 "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{85EC876D-27B4-D811-1419-BB021AEA351C}" = CCC Help Danish "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional "{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate "{94894501-EC12-432B-B8E2-AA8470CC6266}" = UEFA EURO 2008™ "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1C4983E-7720-3970-5F21-5AFF18AEF5BD}" = CCC Help Swedish "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B98898CD-9097-6D0E-C5B8-418433A00717}" = CCC Help Turkish "{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean "{C388FB07-1679-E1EF-7DE4-172E3FDB595E}" = CCC Help Norwegian "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D6900D91-35A7-5DC4-07D4-AF3123BB3422}" = ATI Problem Report Wizard "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French "{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common "{EFBF0779-93EE-4261-9CF3-EA68FA7E1152}" = CCC Help Czech "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1BFD15D-9EEC-4072-942D-240BA0B99467}" = COMPUTERBILD-Abzockschutz "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F7D3AFB4-94A0-4720-AFC6-5B6283DD7606}_is1" = Borderlands v.1.2 and DLCs "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New "{FD1E62F4-33DC-87C5-8C4A-77D2D8D5ACB8}" = ATI Catalyst Install Manager "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BattlEye" = BattlEye Uninstall "Counter-Strike 1.6 v28 - DigitalZone" = Counter-Strike 1.6 v28 - DigitalZone "Cross Fire_is1" = Cross Fire En "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "FileMenu Tools_is1" = FileMenu Tools "Free Studio_is1" = Free Studio version 4.1 "Game Cam" = Game Cam 2.54.0.47 "ICQToolbar" = ICQ Toolbar "JAP" = JAP "Just Cause 2_is1" = Just Cause 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11) "No-IP.com DUC" = No-IP.com DUC (remove only) "NoIPDUC" = No-IP DUC "OpenAL" = OpenAL "Polipo" = Polipo 1.0.4.1 "PunkBusterSvc" = PunkBuster Services "Tor" = Tor 0.2.1.23 "TVISTA Express Tuner_is1" = DATA BECKER TVISTA Express Tuner "Vidalia" = Vidalia 0.2.7 "VLC media player" = VLC media player 0.9.8a "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "World of Warcraft" = World of Warcraft ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 31.10.2009 12:06:45 | Computer Name = Senad-PC | Source = ESENT | ID = 215 Description = WinMail (3072) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 01.11.2009 10:39:12 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621 Description = Error - 03.11.2009 06:29:39 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621 Description = Error - 04.11.2009 10:15:09 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 21.10.2010 10:27:37 | Computer Name = Senad-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 21.10.2010 um 16:25:59 unerwartet heruntergefahren. Error - 21.10.2010 10:29:59 | Computer Name = Senad-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 21.10.2010 um 16:28:33 unerwartet heruntergefahren. Error - 21.10.2010 10:29:48 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 10:31:47 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 10:31:58 | Computer Name = Senad-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 21.10.2010 um 16:29:59 unerwartet heruntergefahren. Error - 21.10.2010 10:33:30 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.10.2010 11:49:35 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 11:51:19 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.10.2010 13:55:43 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038 Description = EDID contain an error in the RangeLimit field Error - 21.10.2010 13:57:27 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000 Description = [ TuneUp Events ] Error - 16.07.2010 07:36:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:38:02 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:38:22 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:38:42 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 16.07.2010 07:40:12 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 17.07.2010 12:07:11 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 18.07.2010 12:56:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 18.07.2010 16:38:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 19.07.2010 05:45:28 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 19.07.2010 07:00:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > OTL) 2log.OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.10.2010 20:15:48 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Senad\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe (ActiveState Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- File not found SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File not found SRV - (CLTNetCnService) -- File not found SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (netr73) -- C:\Windows\System32\DRIVERS\netr73.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys () DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys () DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = WEB.DE Suche - einfach, schnell und relevant! [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "AOL Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "184.73.187.184" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "184.73.187.184" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "184.73.187.184" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "184.73.187.184" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "184.73.187.184" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "184.73.187.184" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 14:29:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 14:29:26 | 000,000,000 | ---D | M] [2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions [2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.10.21 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions [2010.04.27 16:14:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.09 12:05:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.11 00:08:25 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.04.21 12:30:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.10.21 14:30:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.30 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\FirefoxAddon@similarWeb.com [2010.09.24 22:16:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\isgdcreator@postspectacular.com [2008.12.23 11:35:24 | 000,001,579 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\aol-search.xml [2010.10.17 12:30:14 | 000,000,950 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin-1.xml [2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin.xml [2010.08.08 23:07:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.19 18:59:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.04 19:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.04 19:30:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.13 22:29:59 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value error. File not found O2 - BHO: (no name) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.21 20:01:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe [2010.10.21 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Senad\AppData\Roaming\Malwarebytes [2010.10.21 16:51:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.21 16:51:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.21 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\Senad\Documents\Square Enix [2010.10.21 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.10.21 14:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.10.15 00:23:25 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.15 00:23:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.15 00:23:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.15 00:23:00 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.15 00:23:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.15 00:23:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.15 00:22:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.15 00:22:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.15 00:22:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.15 00:22:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.15 00:22:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.15 00:22:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.15 00:22:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.15 00:22:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.15 00:22:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.15 00:22:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.15 00:22:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.15 00:22:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.15 00:22:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.15 00:22:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.15 00:22:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.15 00:22:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.15 00:22:54 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.15 00:22:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.15 00:22:52 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.09.29 13:55:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk [2010.10.21 20:13:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CFCB5B28-9326-4B32-85AB-75602B755434}.job [2010.10.21 20:01:21 | 000,694,324 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.21 20:01:21 | 000,611,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.21 20:01:21 | 000,148,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.21 20:01:21 | 000,120,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.21 20:01:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe [2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.21 19:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.21 19:55:51 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys [2010.10.21 16:31:55 | 284,109,127 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.18 21:28:12 | 000,002,253 | ---- | M] () -- C:\Users\Senad\Desktop\Steam.lnk [2010.10.18 12:27:57 | 000,001,053 | ---- | M] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk [2010.10.15 16:37:42 | 000,614,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.09 14:14:14 | 000,073,216 | -HS- | M] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db [2010.10.08 14:28:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.10.08 14:28:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [8248.11.22 10:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Senad\Documents\Locker01.flk [2010.10.21 16:13:05 | 284,109,127 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.10.18 12:27:57 | 000,001,053 | ---- | C] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk [2010.10.09 14:13:48 | 000,073,216 | -HS- | C] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db [2010.07.19 19:02:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.01 21:49:01 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.01.31 01:09:20 | 000,001,648 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d8caps.dat [2009.09.24 20:40:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.13 14:47:15 | 000,322,036 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_nav.dat [2009.06.13 14:47:15 | 000,003,617 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga.dat [2009.06.13 14:47:15 | 000,000,422 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_navps.dat [2009.03.15 17:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Senad\AppData\Roaming\PnkBstrK.sys [2009.02.25 22:52:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys [2009.02.25 22:52:51 | 000,016,896 | ---- | C] () -- C:\Windows\System32\WinFl32.sys [2009.02.25 22:52:51 | 000,000,990 | -HS- | C] () -- C:\Users\Senad\AppData\Roaming\systemfl.$dk [2009.02.14 10:48:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.02.13 23:42:05 | 000,002,750 | ---- | C] () -- C:\Users\Senad\AppData\Local\edsinstaller.txt-20090213.log [2009.02.02 01:11:23 | 000,000,839 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_sta [2009.02.02 01:11:17 | 000,000,792 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_prof [2009.02.02 00:57:44 | 000,290,918 | ---- | C] () -- C:\Windows\System32\Install7x.dll [2008.11.09 14:18:56 | 000,000,173 | ---- | C] () -- C:\Windows\wininit.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.07.26 09:19:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.07.26 09:18:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.07.26 09:17:44 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.24 18:41:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.06.28 15:16:07 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.06.28 15:16:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.06.19 21:10:01 | 000,000,088 | ---- | C] () -- C:\Users\Senad\AppData\Local\uuttacz.bat [2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.05.24 12:59:25 | 000,008,836 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d9caps.dat [2008.05.23 15:39:46 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.05.16 15:09:05 | 000,011,264 | ---- | C] () -- C:\Users\Senad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.14 17:49:49 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.05.14 17:49:48 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2007.07.26 21:28:01 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini [2007.07.26 19:31:59 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Anti-Malware) Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4904 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 21.10.2010 20:54:58 mbam-log-2010-10-21 (20-54-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 0 Laufzeit: 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
23.10.2010, 16:38 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | anti-malware log zur auswertungZitat:
Was war da passiert? Wieso wurden keine Objekte durchsucht?
__________________ Logfiles bitte immer in CODE-Tags posten |
24.10.2010, 13:46 | #6 |
| anti-malware log zur auswertung Also... 1)Malwarebytes schließt nach einem vollständigen Scan ohne eine Log , vllt weil ich schon alle infizierten Objeckte gelöscht habe und somit keine mehr da sind. 2)Hijackthis log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:50:07, on 24.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Senad\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Deutschland R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing) O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - (no file) O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - (no file) O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7688 bytes 3)OTL , sind beide log's schon oben. hoff du hast jetzt alles nötige um sagen zu können ob ich ein trojaner auf dem pc habe. mfg wambo |
24.10.2010, 14:19 | #7 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | anti-malware log zur auswertungZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
24.10.2010, 19:15 | #8 |
| anti-malware log zur auswertung 1)Ja quickscan geht einwandfrei , hab grade einen gemacht hier der log: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4937 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.7930.16406 24.10.2010 20:11:39 mbam-log-2010-10-24 (20-11-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146801 Laufzeit: 4 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 2)Hab den IE9 deinstalliert , nach dem neu start ist der weg. Was soll ich jetzt machen ohne voll scan? otl und HijackThis ist soweit fertig. mfg wambo |
24.10.2010, 20:23 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | anti-malware log zur auswertung Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys () DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128 FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "AOL Search" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "184.73.187.184" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "184.73.187.184" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "184.73.187.184" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "184.73.187.184" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "184.73.187.184" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "184.73.187.184" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 1 O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found [8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2010, 13:59 | #10 |
| anti-malware log zur auswertung All processes killed ========== OTL ========== Service XDva370 stopped successfully! Service XDva370 deleted successfully! File C:\Windows\System32\XDva370.sys File not found not found. Service XDva352 stopped successfully! Service XDva352 deleted successfully! File C:\Windows\System32\XDva352.sys File not found not found. Service XDva349 stopped successfully! Service XDva349 deleted successfully! File C:\Windows\System32\XDva349.sys File not found not found. Service WinVd32 stopped successfully! Service WinVd32 deleted successfully! C:\Windows\System32\WinVd32.sys moved successfully. Service WinFl32 stopped successfully! Service WinFl32 deleted successfully! C:\Windows\System32\WinFl32.sys moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "AOL Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" removed from keyword.URL Prefs.js: "184.73.187.184" removed from network.proxy.backup.ftp Prefs.js: 80 removed from network.proxy.backup.ftp_port Prefs.js: "184.73.187.184" removed from network.proxy.backup.gopher Prefs.js: 80 removed from network.proxy.backup.gopher_port Prefs.js: "184.73.187.184" removed from network.proxy.backup.socks Prefs.js: 80 removed from network.proxy.backup.socks_port Prefs.js: "184.73.187.184" removed from network.proxy.backup.ssl Prefs.js: 80 removed from network.proxy.backup.ssl_port Prefs.js: "184.73.187.184" removed from network.proxy.ftp Prefs.js: 80 removed from network.proxy.ftp_port Prefs.js: "184.73.187.184" removed from network.proxy.gopher Prefs.js: 80 removed from network.proxy.gopher_port Prefs.js: "184.73.187.184" removed from network.proxy.http Prefs.js: 80 removed from network.proxy.http_port Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: "184.73.187.184" removed from network.proxy.socks Prefs.js: 80 removed from network.proxy.socks_port Prefs.js: "184.73.187.184" removed from network.proxy.ssl Prefs.js: 80 removed from network.proxy.ssl_port Prefs.js: 1 removed from network.proxy.type Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found. File 0 not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\Autorun.exe not found. C:\Users\Senad\Documents\Locker01.flk moved successfully. ADS C:\ProgramData\TEMP:671329E4 deleted successfully. ADS C:\ProgramData\TEMP:B203B914 deleted successfully. ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 49660 bytes ->Temporary Internet Files folder emptied: 687400 bytes ->Flash cache emptied: 75 bytes User: Public User: Senad ->Temp folder emptied: 6503783906 bytes ->Temporary Internet Files folder emptied: 11123217 bytes ->Java cache emptied: 30664865 bytes ->FireFox cache emptied: 97237343 bytes ->Google Chrome cache emptied: 819568 bytes ->Opera cache emptied: 6445185 bytes ->Flash cache emptied: 1090 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 331776 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 25256913 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6.367,00 mb OTL by OldTimer - Version 3.2.16.0 log created on 10252010_145459 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot. Registry entries deleted on Reboot... mfg wambo |
25.10.2010, 14:56 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | anti-malware log zur auswertung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2010, 16:00 | #12 |
| anti-malware log zur auswertung Combofix Logfile: Code:
ATTFilter ComboFix 10-10-24.05 - Senad 25.10.2010 16:51:16.1.3 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.2039 [GMT 2:00] ausgeführt von:: c:\users\Senad\Desktop\cofi.exe SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Senad\AppData\Local\aaoga.dat c:\users\Senad\AppData\Local\aaoga_nav.dat c:\users\Senad\AppData\Local\aaoga_navps.dat c:\users\Senad\AppData\Roaming\.# D:\install.exe . ((((((((((((((((((((((( Dateien erstellt von 2010-09-25 bis 2010-10-25 )))))))))))))))))))))))))))))) . 2010-10-25 14:15 . 2010-10-25 14:15 -------- dc----w- c:\program files\CCleaner 2010-10-25 12:54 . 2010-10-25 12:54 -------- dc----w- C:\_OTL 2010-10-22 13:44 . 2010-08-17 23:54 280064 -c--a-w- c:\windows\system32\XpsGdiConverter.dll 2010-10-22 13:44 . 2010-08-17 23:54 135680 -c--a-w- c:\windows\system32\XpsRasterService.dll 2010-10-22 13:44 . 2010-08-17 23:52 979456 -c--a-w- c:\windows\system32\MFH264Dec.dll 2010-10-22 13:44 . 2010-08-17 23:51 357376 -c--a-w- c:\windows\system32\MFHEAACdec.dll 2010-10-22 13:44 . 2010-08-17 23:51 261632 -c--a-w- c:\windows\system32\mfreadwrite.dll 2010-10-22 13:44 . 2010-08-17 23:51 302592 -c--a-w- c:\windows\system32\mfmp4src.dll 2010-10-22 13:44 . 2010-08-17 23:50 680960 -c--a-w- c:\windows\system32\d2d1.dll 2010-10-22 13:44 . 2010-08-17 23:49 1174528 -c--a-w- c:\windows\system32\d3d10warp.dll 2010-10-22 13:44 . 2010-08-17 23:49 1068032 -c--a-w- c:\windows\system32\DWrite.dll 2010-10-22 13:44 . 2010-08-17 23:49 797184 -c--a-w- c:\windows\system32\FntCache.dll 2010-10-22 13:44 . 2010-08-17 23:48 161280 -c--a-w- c:\windows\system32\d3d10_1.dll 2010-10-22 13:44 . 2010-08-17 23:48 219648 -c--a-w- c:\windows\system32\d3d10_1core.dll 2010-10-22 13:40 . 2010-10-22 13:40 -------- dc----w- c:\users\Senad\AppData\Local\Google 2010-10-22 11:38 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6514632-BC9C-452A-990A-594EB7CF2F2A}\mpengine.dll 2010-10-21 14:52 . 2010-10-21 14:52 -------- dc----w- c:\users\Senad\AppData\Roaming\Malwarebytes 2010-10-21 14:51 . 2010-04-29 10:19 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-21 14:51 . 2010-10-21 14:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-21 14:51 . 2010-10-21 14:51 -------- dc----w- c:\programdata\Malwarebytes 2010-10-21 14:51 . 2010-04-29 10:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-10-21 12:31 . 2010-10-21 12:31 -------- dc----w- c:\programdata\McAfee 2010-10-21 12:30 . 2010-10-21 12:34 -------- dc----w- c:\programdata\NOS 2010-10-09 23:30 . 2010-10-09 23:30 1079048 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-09-29 11:55 . 2010-06-22 13:30 2048 -c--a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 09:41 . 2009-10-03 09:49 222080 -c----w- c:\windows\system32\MpSigStub.exe 2010-10-08 12:28 . 2010-03-01 19:49 139128 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-08 12:28 . 2010-08-11 18:23 215128 -c--a-w- c:\windows\system32\PnkBstrB.xtr 2010-10-08 12:28 . 2010-03-01 19:48 215128 -c--a-w- c:\windows\system32\PnkBstrB.exe 2010-08-17 14:11 . 2010-09-15 11:53 128000 -c--a-w- c:\windows\system32\spoolsv.exe 2010-08-17 11:27 . 2010-08-17 11:27 418480 -c--a-w- c:\windows\system32\wrap_oal.dll 2010-08-17 11:27 . 2010-08-17 11:27 115432 -c--a-w- c:\windows\system32\OpenAL32.dll 2010-08-11 18:17 . 2009-03-15 15:07 138056 -c--a-w- c:\users\Senad\AppData\Roaming\PnkBstrK.sys 2010-08-11 18:17 . 2010-08-11 18:17 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe 2010-08-11 18:17 . 2010-03-01 19:48 75064 -c--a-w- c:\windows\system32\PnkBstrA.exe 2010-08-11 13:50 . 2008-07-24 16:41 691696 -c--a-w- c:\windows\system32\drivers\sptd.sys 2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "amsn"="c:\users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe" [2006-11-24 16896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HideSCABattery"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\CCleaner.exe] path=CCleaner.exe backup=c:\windows\pss\CCleaner.exe.Startup backupExtension=.Startup [HKLM\~\startupfolder\CCleaner.lnk] path=CCleaner.lnk backup=c:\windows\pss\CCleaner.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\ccsetup2-14-763.exe] path=ccsetup2-14-763.exe backup=c:\windows\pss\ccsetup2-14-763.exe.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2007-06-15 14:48 326440 -c--a-w- c:\acer\Empowering Technology\SysMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-05-22 13:49 151552 -c--a-w- c:\acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] 2010-04-29 10:19 1090952 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 20:16 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-06-15 08:45 1826816 -c--a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 19:48 57344 -c--a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=c:\windows\ehome\ehTray.exe "Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-11 691696] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 13560] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032] S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://go.web.de/home uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - FF - ProfilePath - c:\users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.ftp - 72.44.50.58 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.gopher - 72.44.50.58 FF - prefs.js: network.proxy.gopher_port - 80 FF - prefs.js: network.proxy.http - 72.44.50.58 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 72.44.50.58 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 72.44.50.58 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll FF - plugin: c:\users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) MSConfigStartUp-Xpadder - c:\users\Senad\Desktop\Xpadder53\Xpadder.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-10-25 16:56 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-815123407-3361847440-313347045-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:e5,87,9b,17,e6,53,00,fe,20,6b,2f,d0,9c,53,0c,6b,a1,1a,bd,a4,16,c4,2c, e4,d7,0e,cf,92,9d,38,7d,08,2e,9f,c4,94,ce,51,1c,c1,7c,3f,e9,a9,e9,6f,c0,f9,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . Zeit der Fertigstellung: 2010-10-25 16:58:24 ComboFix-quarantined-files.txt 2010-10-25 14:58 Vor Suchlauf: 19 Verzeichnis(se), 157.493.424.128 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 157.433.098.240 Bytes frei - - End Of File - - 1E5870731F1E2FA007B7E0C4BF474D3C warte auf anweisungen , mfg wambo |
25.10.2010, 18:31 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | anti-malware log zur auswertung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.10.2010, 15:37 | #14 |
| anti-malware log zur auswertung Gmer log... GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover Rootkit scan 2010-10-26 16:31:02 Windows 6.0.6002 Service Pack 2 Running: eskuyi7p.exe; Driver: C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x8F805000, 0x2E6316, 0xE8000020] PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 8AF9B03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 8AF9B0AF 1 Byte [16] PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 8AF9B0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 8AF9B130 6 Bytes [0E, 83, 78, 14, 01, 75] PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 8AF9B137 234 Bytes [83, 78, 18, 37, 75, 02, B3, ...] PAGE ... .reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0x81E11300, 0x25D4C, 0xE0000060] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x60 0xB7 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xB7 0x44 0xB6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xFC 0x10 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF7 0x81 0xB7 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x57 0x9E 0x9F 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x49 0x9D 0x98 0xB9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x60 0xB7 0x3C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xB7 0x44 0xB6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xFC 0x10 0xA4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF7 0x81 0xB7 0xC7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x57 0x9E 0x9F 0xAF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x49 0x9D 0x98 0xB9 ... ---- EOF - GMER 1.0.15 ---- Osam log.. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 16:33:20 on 26.10.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.11 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl "WebSpeech" - ? - C:\PROGRA~1\COMMON~1\WEBSPE~1.0\LgxIEControl.cpl (File not found) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "AEGIS Protocol (IEEE 802.1x) v3.4.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\Windows\System32\DRIVERS\AegisP.sys "ASPI32" (ASPI32) - "Adaptec" - C:\Windows\system32\drivers\ASPI32.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Senad\AppData\Local\Temp\catchme.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys (File not found) "int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pwrcypow" (pwrcypow) - ? - C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys (Hidden registry entry, rootkit activity | File not found) "RT73 USB Wireless LAN Card Driver for Vista" (netr73) - ? - C:\Windows\System32\DRIVERS\netr73.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} "FileMenuTools" - "LopeSoft - Software desarrollado por Rubén López Hernández" - C:\Program Files\LopeSoft\FileMenu Tools\FileMenuTools.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {03B54A4E-A635-418E-81FC-CF60CBB141AA} "SimpleShlExt extension" - ? - (File not found | COM-object registry key not found) {7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" - ? - (File not found | COM-object registry key not found) {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {2D9700CB-A777-4DB0-96E1-1EBEBB7D1510} "{2D9700CB-A777-4DB0-96E1-1EBEBB7D1510}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? - (File not found | COM-object registry key not found) "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} "WebSpeech" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll <binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {02478D38-C3F9-4EFB-9B51-7695ECA05670} "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} "{83A30C59-3A50-49E6-9DAF-4923C4EA3C23}" - ? - (File not found | COM-object registry key not found) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "amsn" - ? - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe (File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bonjour-Dienst" (Bonjour Service) - ? - "C:\Program Files\Bonjour\mDNSResponder.exe" (File not found) "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe "ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (File not found) "getPlus(R) Helper 3004" (nosGetPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (File not found) "Google Updater Service" (gusvc) - ? - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (File not found) "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Steam Client Service" (Steam Client Service) - ? - C:\Windows\system32\drivers\Steam Client Service.sys (File not found) "Symantec Lic NetConnect service" (CLTNetCnService) - ? - C:\Windows\system32\drivers\CLTNetCnService.sys (File not found) [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "igfxcui" - ? - igfxdev.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - ? - C:\Program Files\Bonjour\mdnsNSP.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck log... MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: ACER BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ACER System Product Name: Aspire M5630 Logical Drives Mask: 0x000003fc Kernel Drivers (total 151): 0x82C34000 \SystemRoot\system32\ntoskrnl.exe 0x82C01000 \SystemRoot\system32\hal.dll 0x80C00000 \SystemRoot\system32\kdcom.dll 0x80C07000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80C77000 \SystemRoot\system32\PSHED.dll 0x80C88000 \SystemRoot\system32\BOOTVID.dll 0x80C90000 \SystemRoot\system32\CLFS.SYS 0x80CD1000 \SystemRoot\system32\CI.dll 0x80DB1000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80E2D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80E3A000 \SystemRoot\system32\drivers\acpi.sys 0x80E80000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80E89000 \SystemRoot\system32\drivers\msisadrv.sys 0x80E91000 \SystemRoot\system32\drivers\pci.sys 0x80EB8000 \SystemRoot\System32\drivers\partmgr.sys 0x80EC7000 \SystemRoot\system32\drivers\volmgr.sys 0x80ED6000 \SystemRoot\System32\drivers\volmgrx.sys 0x80F20000 \SystemRoot\system32\drivers\intelide.sys 0x80F27000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80F35000 \SystemRoot\System32\drivers\mountmgr.sys 0x80F45000 \SystemRoot\system32\drivers\atapi.sys 0x80F4D000 \SystemRoot\system32\drivers\ataport.SYS 0x80F6B000 \SystemRoot\system32\drivers\fltmgr.sys 0x80F9D000 \SystemRoot\system32\drivers\fileinfo.sys 0x8A803000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8A874000 \SystemRoot\system32\drivers\ndis.sys 0x8A97F000 \SystemRoot\system32\drivers\msrpc.sys 0x8A9AA000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A9E5000 \SystemRoot\System32\drivers\tcpip.sys 0x8AACF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AAEA000 \SystemRoot\System32\Drivers\Ntfs.sys 0x80FAD000 \SystemRoot\system32\drivers\volsnap.sys 0x80FE6000 \SystemRoot\System32\Drivers\spldr.sys 0x80FEE000 \SystemRoot\System32\Drivers\mup.sys 0x8AC0D000 \SystemRoot\System32\drivers\ecache.sys 0x8AC34000 \SystemRoot\system32\drivers\disk.sys 0x8AC45000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8AC66000 \SystemRoot\system32\drivers\crcdisk.sys 0x8AC8F000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8AC9A000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8ACA3000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8ACB2000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x8F804000 \SystemRoot\system32\DRIVERS\atipmdag.sys 0x8FD65000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FE06000 \SystemRoot\System32\drivers\watchdog.sys 0x8FE12000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FE9F000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8FEB7000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8FEC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8FF00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8FF0F000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8FF1F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8FF2D000 \SystemRoot\system32\DRIVERS\parport.sys 0x8FF58000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8FF63000 \SystemRoot\system32\DRIVERS\serial.sys 0x8FF7D000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8FF87000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8FF9F000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x8FFA1000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys 0x8FFB2000 \SystemRoot\system32\DRIVERS\serscan.sys 0x8FFC9000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8ACDC000 \SystemRoot\system32\DRIVERS\storport.sys 0x8AD1D000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8AD28000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8AD3F000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8AD4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8AD6D000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8AD7C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8AD90000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8ADA5000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8ADB5000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8FFF8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8ADC0000 \SystemRoot\system32\DRIVERS\ks.sys 0x8ADEA000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8ADF4000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8AE01000 \SystemRoot\System32\drivers\vga.sys 0x8AE0D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8AE2E000 \SystemRoot\system32\DRIVERS\monitor.sys 0x8AE3D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8AE72000 \SystemRoot\system32\drivers\AtiHdmi.sys 0x8AE90000 \SystemRoot\system32\drivers\portcls.sys 0x8AEBD000 \SystemRoot\system32\drivers\drmk.sys 0x91C04000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x91DB8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91DC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x91DD2000 \SystemRoot\System32\Drivers\Null.SYS 0x91DD9000 \SystemRoot\System32\Drivers\Beep.SYS 0x91DE0000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x91DFC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x91E03000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x91E0B000 \SystemRoot\system32\drivers\rdpencdd.sys 0x91E13000 \SystemRoot\System32\Drivers\Msfs.SYS 0x91E1E000 \SystemRoot\System32\Drivers\Npfs.SYS 0x91E2C000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x91E35000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91E4B000 \SystemRoot\system32\DRIVERS\smb.sys 0x91E5F000 \SystemRoot\system32\drivers\afd.sys 0x91EA7000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91ED9000 \SystemRoot\system32\DRIVERS\pacer.sys 0x91EEF000 \SystemRoot\system32\DRIVERS\netbios.sys 0x91EFD000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x91F10000 \??\C:\Windows\system32\Drivers\vmm.sys 0x91F4B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x91F51000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x91F8D000 \SystemRoot\system32\drivers\nsiproxy.sys 0x91F97000 \SystemRoot\System32\Drivers\dfsc.sys 0x91FAE000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x91FD0000 \SystemRoot\System32\Drivers\ASPI32.SYS 0x91FD5000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91FE2000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x91FED000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8AEE2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x91FF5000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x99C40000 \SystemRoot\System32\win32k.sys 0x8FF45000 \SystemRoot\System32\drivers\Dxapi.sys 0x91FF7000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8AEF7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8AF07000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x91DF3000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8FF4F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x99E60000 \SystemRoot\System32\TSDDD.dll 0x99E80000 \SystemRoot\System32\cdd.dll 0x8AF1E000 \SystemRoot\system32\drivers\luafv.sys 0x8AF39000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8AF4E000 \SystemRoot\system32\drivers\spsys.sys 0x8FFC2000 \SystemRoot\system32\DRIVERS\AegisP.sys 0x8AC6F000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x81C09000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x81C33000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x81C3D000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x81C50000 \SystemRoot\system32\drivers\HTTP.sys 0x81CBD000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x81CDA000 \SystemRoot\system32\DRIVERS\bowser.sys 0x81CF3000 \SystemRoot\System32\drivers\mpsdrv.sys 0x81D08000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x81D27000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x81D60000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x81D78000 \SystemRoot\System32\DRIVERS\srv2.sys 0x81DA0000 \SystemRoot\System32\DRIVERS\srv.sys 0x81DEE000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x81DF5000 \??\C:\Windows\system32\drivers\acedrv11.sys 0x81E38000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys 0x81E3F000 \SystemRoot\system32\drivers\peauth.sys 0x81F1D000 \SystemRoot\System32\Drivers\secdrv.SYS 0x81F27000 \SystemRoot\System32\drivers\tcpipreg.sys 0x81F33000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl 0x81F35000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x81F4A000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x81F5C000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x81F72000 \??\C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys 0x771D0000 \Windows\System32\ntdll.dll Processes (total 51): 0 System Idle Process 4 System 472 C:\Windows\System32\smss.exe 540 csrss.exe 584 C:\Windows\System32\wininit.exe 596 csrss.exe 628 C:\Windows\System32\services.exe 640 C:\Windows\System32\lsass.exe 648 C:\Windows\System32\lsm.exe 784 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\winlogon.exe 912 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\atiesrxx.exe 1044 C:\Windows\System32\svchost.exe 1080 C:\Windows\System32\svchost.exe 1100 C:\Windows\System32\svchost.exe 1200 C:\Windows\System32\audiodg.exe 1232 C:\Windows\System32\svchost.exe 1248 C:\Windows\System32\SLsvc.exe 1276 C:\Windows\System32\svchost.exe 1460 C:\Windows\System32\atieclxx.exe 1480 C:\Windows\System32\svchost.exe 1864 C:\Windows\System32\spoolsv.exe 1908 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1956 C:\Windows\System32\svchost.exe 1972 C:\Windows\System32\taskeng.exe 192 C:\Windows\System32\dwm.exe 508 C:\Windows\explorer.exe 2052 C:\Windows\RtHDVCpl.exe 2064 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2376 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 2396 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 2480 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2504 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2520 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe 2564 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 2600 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2724 C:\Windows\System32\PnkBstrA.exe 2736 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2764 C:\Windows\System32\svchost.exe 2932 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2956 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 3140 WUDFHost.exe 3252 WmiPrvSE.exe 3488 C:\Program Files\Windows Media Player\wmpnscfg.exe 3556 C:\Windows\System32\mobsync.exe 3756 C:\Program Files\Windows Media Player\wmpnetwk.exe 3932 C:\Windows\System32\taskeng.exe 3176 C:\Users\Senad\Desktop\MBRCheck.exe 1544 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000058`94f00000 (NTFS) PhysicalDrive0 Model Number: WDCWD7500AAKS-00RBA0, Rev: 30.04G30 Size Device Name MBR Status -------------------------------------------- 698 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! warte auf anweisung , mfg wambo |
27.10.2010, 11:55 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | anti-malware log zur auswertung Starte bitte MBRCheck.exe erneut. Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter bei
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop. Poste mir den Inhalt von beiden .txt Dokumenten
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu anti-malware log zur auswertung |
.dll, adware.egdaccess, anti-malware, auswertung, browser, computer, dateien, explorer, files, formatieren, formatieren?, helper, log, microsoft, mozilla, rogue.residue, rogue.webmedia, service, software, system, system32, trojan.agent, trojan.fakealert, trojaner, updates, version, wmp |