Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Beschädigte Festplatte cluster

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.04.2011, 17:01   #1
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



Hallo,
ich bin zum ersten mal in einem Forum und brauche Hilfe. Ich habe die Meldung bekommen: "Beschädigte Festplatte-Cluster gefunden. Private Daten sind in Gefahr." ich habe bereits in anderen Forumsbeiträgen erfahren das die Programme OTL und Unhide nützlich sind und habe sie deshalb bereits runtergeladen. Ich habe auch bereits OTL durchlaufen lassen, weiß aber nicht wie ich weiter machen soll.

Alt 26.04.2011, 06:48   #2
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



Jetzt sind noch weitere probleme aufgetaucht. WTR loader funktioniert nicht, einige Icons sind vom Desktop gelöscht worden, ebenso wie meine Fotos, Lieder etc. Und die Nachricht das es Probleme mit dem RAM-Speicher gibt.
__________________


Alt 26.04.2011, 19:11   #3
markusg
/// Malware-holic
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



wie wäre es damit die otl logs zu posten, woher sollen wir wissen wies weiter geht, wenn wir nicht mal die logs kennen :d
erstelle neue, poste sie.
__________________
__________________

Alt 26.04.2011, 19:38   #4
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



Die OTL.Txt Datei:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2011 20:24:05 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 0,82 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Bruno\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (fxusbase) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.201.1:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
 
[2008.11.17 14:59:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2011.02.27 22:26:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.25 16:47:17 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.11.28 23:19:56 | 000,000,944 | -H-- | M] () -- C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pd0gx28i.default\searchplugins\icqplugin.xml
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Movies_on_DVD_TV_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [conhost]  File not found
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [vKECjCxHfiQS] C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
O4 - Startup: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (C:\Users\Bruno\AppData\Roaming\dwm.exe) -  File not found
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell\AutoRun\command - "" = H:\AutoLcd209x.exe
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell\AutoRun\command - "" = F:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.25 16:59:13 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.25 15:54:22 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.23 21:47:17 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\Desktop\m
[2011.04.23 21:46:57 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\Desktop\Twistys
[2011.04.16 12:57:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 21:49:46 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 21:49:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 21:49:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 21:49:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 21:49:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 21:49:30 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 21:49:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 21:49:29 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 21:49:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 21:49:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 21:49:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 21:49:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 21:49:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 21:49:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 21:20:52 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.04.04 20:24:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.04.04 20:24:23 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 20:29:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 20:29:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 20:29:20 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 20:29:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 20:21:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:21:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:21:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 20:21:18 | 3218,034,688 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 19:21:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.25 16:59:17 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.25 16:56:35 | 000,147,507 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.25 16:53:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.25 16:00:01 | 000,002,299 | -H-- | M] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2011.04.25 15:54:22 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.24 23:27:33 | 000,137,728 | -H-- | M] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 16:36:35 | 000,427,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 13:43:46 | 000,056,039 | -H-- | M] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 21:22:35 | 000,001,036 | -H-- | M] () -- C:\Users\Bruno\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.12 16:04:20 | 002,942,142 | -H-- | M] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 20:19:50 | 000,007,592 | -H-- | M] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2011.04.04 16:00:26 | 004,326,427 | -H-- | M] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.28 22:01:04 | 082,655,457 | -H-- | M] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.13 13:43:45 | 000,056,039 | -H-- | C] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 16:04:13 | 002,942,142 | -H-- | C] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 16:00:26 | 004,326,427 | -H-- | C] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.31 21:18:54 | 082,655,457 | -H-- | C] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[2011.03.18 14:10:05 | 000,000,206 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2011.03.06 12:23:54 | 000,005,616 | -H-- | C] () -- C:\Users\Bruno\AppData\Roaming\77AA.835
[2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.06.05 15:48:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 18:31:07 | 000,148,792 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.12.25 18:25:29 | 000,002,299 | -H-- | C] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2009.09.26 15:28:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.26 15:28:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.28 12:15:37 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.18 16:23:54 | 000,022,328 | -H-- | C] () -- C:\Users\Bruno\AppData\Roaming\PnkBstrK.sys
[2009.03.18 16:23:54 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.18 16:23:39 | 000,103,736 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.03.18 16:23:38 | 000,669,184 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.03.16 16:43:07 | 000,066,872 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.03.14 12:57:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.03.05 20:56:49 | 000,000,319 | -H-- | C] () -- C:\Windows\game.ini
[2008.11.27 16:35:47 | 000,007,592 | -H-- | C] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2008.11.22 21:27:15 | 000,032,825 | -H-- | C] () -- C:\Windows\Irremote.ini
[2008.11.22 21:27:01 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\dmcrypto.dll
[2008.11.22 21:26:11 | 000,006,225 | -H-- | C] () -- C:\Windows\HCWPNP.INI
[2008.11.17 15:59:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.17 14:59:59 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2008.11.16 14:41:30 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll
[2008.11.16 14:38:04 | 000,007,119 | -H-- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.15 20:06:55 | 000,147,507 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.11.15 19:46:17 | 000,137,728 | -H-- | C] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.15 19:44:19 | 000,147,507 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.07 10:13:30 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.22 03:48:06 | 000,626,688 | -H-- | C] () -- C:\Windows\Image.dll
[2008.08.22 03:48:06 | 000,200,704 | -H-- | C] () -- C:\Windows\PLFSetI.exe
[2008.08.22 03:48:06 | 000,020,480 | -H-- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2008.08.22 03:48:06 | 000,000,036 | -H-- | C] () -- C:\Windows\PidList.ini
[2008.08.22 03:43:20 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.14 16:17:34 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.04.24 18:32:56 | 000,389,120 | -H-- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,427,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.01.09 00:34:06 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2001.01.09 00:32:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.01.08 16:47:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2001.01.08 16:47:34 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.01.08 16:28:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2001.01.08 16:24:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2001.01.08 16:20:57 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2001.01.08 16:19:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== LOP Check ==========
 
[2008.11.15 19:20:17 | 000,000,000 | -HSD | M] -- C:\Users\Bruno\AppData\Roaming\.#
[2010.07.04 17:14:47 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Acer
[2001.01.08 16:45:51 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Acer GameZone Console
[2011.04.25 16:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools
[2009.11.03 19:24:27 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite
[2009.10.31 18:07:28 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\digital publishing
[2011.04.12 21:21:45 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.02.20 14:03:27 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.11.15 19:24:48 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\eSobi
[2009.08.22 18:11:32 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\ICQ
[2009.06.28 12:18:43 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\MAGIX
[2011.04.25 16:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\PowerCinema
[2011.04.25 16:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\SoftDMA
[2009.06.28 12:12:47 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\TerraTec
[2009.05.12 15:05:51 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Ubisoft
[2008.11.15 17:38:34 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Validity
[2010.04.21 19:22:22 | 000,000,000 | -H-D | M] -- C:\Users\Bruno\AppData\Roaming\Verbindungsassistent
[2011.04.26 19:21:08 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 26.04.2011, 19:40   #5
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2011 20:24:05 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 0,82 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD0A731-624D-42EE-8E6A-816E7C800CB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3F4A1377-5D43-43B6-82C2-5D1E505638AE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{404589EE-7543-4B1E-92D4-D544B2B589B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A0218BF-E0CA-4F8C-9DF8-750061C4EBCF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5B18AE25-F2A3-40F2-988E-0F90F2838800}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5BD864C0-B267-4BD1-8A53-B80CCD06F701}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5D7DA397-C9EA-4FA6-B8BF-B65EE6E224F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6344AC85-796C-4BB6-B5DD-4EE5615C03EF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6671D867-1ED9-4BFC-90C1-341B9E05571C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6F4BDC0F-E177-46B4-A73F-D9E1E1EAF56E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{70A7EACF-07B4-49C9-B996-DB196268F190}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7C52C206-4E62-400E-BA98-C956C4A331B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A3EBCF9C-F78A-40C3-95A2-1950AEB4F1F1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BD907BCD-06E8-4F4B-8C94-E7769C58BFD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C00BA0A8-A76A-4AE5-A58A-906785843A40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C30D773D-CF8A-4447-9021-F145EE4A2DCE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CA8108C9-122B-4722-BAC3-6A3538859E99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEA093F1-B80C-46A9-A4AC-E363180E7A71}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CFC8ED7B-D6C4-4E95-8E42-366E87F8DE5A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E86FD625-F4AD-4D99-A30E-7D3C386A27D3}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C0CC6-B387-41CB-980B-46348BB4EFFB}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{02814DEA-8AD0-48C7-ACEE-5A2C0A4CE7D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04DF50EB-47A1-4CFD-8DEB-596CC4212988}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{052C9A74-FE4C-4FA4-A54E-2AC77AAD9755}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe | 
"{055620E5-EF4E-418B-8B1A-696FD248C644}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{08A303BE-6202-4109-842B-021D7E7593CA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{0F24558D-3C1E-447B-B38F-B1C187F761AE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{0FBCAF41-FC58-4090-A9FB-EF079611B06A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{1075CB75-F2A8-47D1-A250-013815EF8453}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{1183C61E-642E-4A9F-8BC4-38DF03F5AF44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{14373484-E649-43C9-9149-454E65DB1AAA}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{1ADD36AB-5021-459C-8353-C326834EF928}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{1ED30451-9595-40C8-958C-A1A88724C8CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{20B24E21-2082-4EAF-BAFB-1FB7F831DB08}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{26A1E309-38CC-45B8-B85F-A560D27C72FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{272EF665-235F-41AB-9CBF-BC19398999B6}" = protocol=17 | dir=in | app=e:\resident 5\re5dx10.exe | 
"{299288A4-0848-4E2E-92C1-436B54E63815}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2CC60DDA-8399-4602-A89C-FA7FAE0B9240}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{2D493799-E6A4-429F-A6D6-120DD9ECD398}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{2E33A51B-5070-4CEE-A1C3-AC64072901F5}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{2EA20073-8479-49BC-A21B-F5A280F9C60A}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{309C41C1-FF14-4E33-B6D5-4FC55690B008}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{36E0F9F3-81E0-43A1-90D8-631DCBD7909C}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe | 
"{39237FD8-9FAA-430F-A494-E94A30ED5ADD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{42FEFD8D-926F-4366-9FD2-6AD66F959C87}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{46DC8319-884D-4A9B-9986-8D3EDB3906A3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{4A6A8F77-075F-4CFD-8F5D-3990D28711ED}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{533EDFCA-92FE-45FD-BEBA-B587980BB448}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5B7C67B7-5A9C-4E1E-9495-48DE47D43C80}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{5F018486-20CE-4F4A-B320-CEC4F901684A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{6311C509-4402-428D-89F9-B0FE882CB8C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{63334DB2-189E-48F5-84D6-F7D2E1E21DB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{68C2A5DC-3FA4-4A1B-A047-40EC9F3FEF62}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe | 
"{695B19DB-CE0D-4C5C-8D4E-33D054153874}" = protocol=17 | dir=in | app=e:\resident 5\re5dx9.exe | 
"{6994894D-0B07-4039-9A29-A5ADF649A3CC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{69BF45A0-33B9-49E0-8F5D-70D31450834E}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe | 
"{6EC19944-E484-4B6E-8116-C00E1C5C38BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6F08BFB0-E6E9-4B56-B20A-9820DC096CD5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{72257AED-1741-4175-BA6F-3DBE69EEF51F}" = protocol=6 | dir=in | app=e:\resident 5\re5dx9.exe | 
"{745F1B3F-3332-4691-B7A2-49C4C5D11A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{78B3474C-0BA4-427C-8021-E52C087326D0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{78FCDD30-20C1-4EB9-9997-90E36C086157}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{797234D0-CD5D-4B0E-8655-3A0CEF38C37F}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe | 
"{7A0D8EFD-0228-4564-AAAB-6B896B5A8AA4}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe | 
"{7C006AE4-8CCF-4DCB-9BD8-A6A3AD8B4F90}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{7C8B885A-AAD6-47A6-87F7-8FE1B62F4A84}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe | 
"{7CA38CB5-A8DC-41CF-AAF5-BD5670977E46}" = protocol=6 | dir=in | app=e:\resident 5\re5dx10.exe | 
"{7E0C4F18-4F8E-4FD0-BD76-A865E6FA6692}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{847693F1-DB97-4F24-B184-6BE43B8834C1}" = protocol=17 | dir=in | app=e:\activision\codwawmp.exe | 
"{891AEE52-D601-48DD-B6A6-DCE39642397B}" = protocol=6 | dir=in | app=e:\activision\codwawmp.exe | 
"{92B64617-59F6-47F0-9CDB-60DC13AE843A}" = protocol=6 | dir=in | app=e:\activision\codwaw.exe | 
"{94EE35D0-AAB9-4376-A3FA-E004008A9C1A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{96BB53FC-D52A-4086-99FD-154A624292EE}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{97F55C3A-A388-4F41-AAED-3B40A6CB4E4E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{98077976-F41F-4CC7-AD58-BE38D13A6D6E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{98C44D1D-4E0C-4D16-9F39-CFBFB554B90F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9E4F995F-DA4F-4EA1-9565-05D4F9C5929A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{9F5F0965-F33D-4EB0-828A-5BE2E9D03F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A115E800-4EBF-423A-B5B1-2F7A2319B21D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{A2F9A547-1AB7-4D17-ADBF-AEE96DE1292F}" = protocol=17 | dir=in | app=e:\activision\codwaw.exe | 
"{A7210CE2-A7D3-4713-A96F-3AC1DD60D619}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A8E2603C-BDCD-44F2-8A2E-70267D67CB7F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{AD55BE77-812F-4307-8964-2E75BBD9A1A0}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{B5292D5D-5101-47B9-8A33-245C0FED61FA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B8C771AE-C75B-4B34-82A7-D6BC502A4227}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{C008179D-093F-4C58-81C7-18DFBD222B8F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{C1EA2ED5-3975-432A-AC6D-3BE34791D107}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{C980B28D-9CF4-4329-ABE6-CE5D0E916230}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{CBF480E5-67A0-4AE4-B503-53C4D4C1F221}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{CF24FFE5-8D55-4F4D-B3CA-4EFD3C906EC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{D002BFA0-4577-468B-B2EE-306D2180C9CB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{D4255894-7084-47D6-8942-5BF01BDADFDE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{E252F1EC-24AC-47DC-8A57-7E5E934D8063}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E4EC6C7D-43CE-47B2-87F0-2FA18B59190A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{E68CAF8E-38A0-4B69-B950-8E1C8D7B45C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EA1AE03D-7E77-4B48-AEC9-A94313C4E5CF}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{ECEFF28E-12B8-41E6-9D85-4889011AFA76}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{F15D7B8F-4A9F-4793-96A9-40D806C96C06}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{F28F6E3A-6E43-44F9-8C12-B48E80D5A6DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F46B168B-D746-4AE0-BA18-08DB9C1A803A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F6708A7D-132D-4604-BBB9-8D5D340BC8EA}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe | 
"{F900BC06-A179-41C5-943C-AF1E804CFC0A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F9B250A7-A435-451A-A308-E79874315693}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FC614412-1C7B-426A-A598-5B8E85474092}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{FE480BB4-A133-4BA1-909C-5FD505A5BDD5}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"TCP Query User{19077D5E-1DC4-4110-B3D6-6D97E2B7B0A5}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{213D4DE6-4E12-4910-AAEA-19840D03D4D3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{25C7ABAB-AE90-4A8F-8115-75140E1BCAE6}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{2BB95264-6D07-4EC2-8D06-139B68745F39}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"TCP Query User{2CB75835-63E9-4C43-899A-FBF4895C381D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{34C1B0BF-BE22-4B8C-A5BC-670651B1D045}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe | 
"TCP Query User{3F16511C-4DFB-45F5-8736-133C3F4DF19B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{85482E50-E47F-4041-9CBE-6E209DA306E4}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{8AA0A186-6A44-49F2-A42E-E318FFECDC1B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{90F4A2AE-3F92-475C-AC82-14F21BDC41AA}E:\medal of honor allied assault\mohaa.exe" = protocol=6 | dir=in | app=e:\medal of honor allied assault\mohaa.exe | 
"TCP Query User{9A1243B9-0B4B-4485-B4CE-365056C8E41D}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{9C66E9E2-2A11-451D-BEDB-C552C54E56CE}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{9F14B0D3-4285-431C-ABC6-06623541FAF0}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{B160B986-C232-47E8-B9F9-3189A3616A4D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{B3F53491-61C2-4790-8415-A53F7CF23174}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"TCP Query User{CA3B0EA4-40F7-4C7C-830E-597B842CDCED}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=6 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe | 
"TCP Query User{CE9F7F6B-50E9-4023-ABF5-3D66E39A0EA6}E:\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war\w40kwa.exe | 
"TCP Query User{CEBD54A3-52EA-424F-9B47-2FE8E96BD0EF}E:\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe | 
"TCP Query User{CEEB84C3-98AD-4CE4-9AB6-A28FB11B7B58}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{CFF4492B-8C4B-4033-91A8-3FCDF598008C}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{E6A7E5C9-CEE5-4FBF-A1B1-84E26C3C6BFE}E:\sierra\fear\fearxp\fearxp.exe" = protocol=6 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe | 
"TCP Query User{EA4F8C62-445B-49DA-8052-27C91D7D60BF}E:\activision\cod5\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\cod5\codwaw.exe | 
"TCP Query User{EE43A55A-F51E-41F7-AD3D-4B1B3F980166}E:\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe | 
"TCP Query User{EED0D8D0-A1E7-4A61-AEE1-D8D4CDBE3314}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{03E066DB-203C-4254-9238-0F2491D1A88D}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{0ACEF304-A32E-48F1-BA2A-B0FC1DEF1C02}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{11B2B188-54CB-40C9-9784-367A2CC2FD9C}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{1D1CDBB0-97B8-4EDC-803A-DD9C366D2187}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{2397C66C-743F-4018-AA55-3F0C42CB89AF}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{25BA73DD-AB1E-43C6-9E73-BBEC2D837848}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{25F7C99B-FF3C-40C9-9070-F01338F10443}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{4E6DECC2-CF65-45CE-874A-A7209787D55C}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{5741EC0B-6A27-417F-9E59-14312D4941A1}E:\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war\w40kwa.exe | 
"UDP Query User{57471A0A-026A-42E4-89D9-F0991E0C360E}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"UDP Query User{6A87E708-BB6F-4E9B-AA93-6C9B91EDA868}E:\activision\cod5\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\cod5\codwaw.exe | 
"UDP Query User{6FAA8E05-E381-47E0-A0E9-2C0FA4D1D1AF}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{881EA9DF-B7B7-4B8E-A82B-A1FAABB68C80}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=17 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe | 
"UDP Query User{8CE789D0-0A01-4254-8BAB-87B219A62A9B}E:\medal of honor allied assault\mohaa.exe" = protocol=17 | dir=in | app=e:\medal of honor allied assault\mohaa.exe | 
"UDP Query User{9071A018-3857-416A-A211-E0BDF450B704}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{92093DF9-DAE3-41C4-92F7-6C1CFF38AA83}E:\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe | 
"UDP Query User{92774E51-D5ED-40CF-AF48-98F06B8A7DF6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{9A3E1483-8534-48B4-9990-244F7E6831B9}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{AB44A913-C86D-4516-A3E9-A8E1CADE55C1}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{BAFAAB9F-2799-432A-9C63-B7BAAEF75A88}E:\sierra\fear\fearxp\fearxp.exe" = protocol=17 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe | 
"UDP Query User{C299D621-2ED7-465B-8C50-CC734CAFD450}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{CC4153B1-EDF9-4618-9A3B-FB438DF39F3A}E:\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe | 
"UDP Query User{D552E128-4643-43E6-B723-7E2E9B2FD417}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe | 
"UDP Query User{EEF393D8-804C-4EF2-94A7-412FB6B586E4}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2009
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.2
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B446F5BC-0503-452D-B9B9-37B782A51FB1}" = G51 Skins
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection

AAV 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ask Toolbar_is1" = Ask Toolbar
"AVIConverter" = AVIConverter 5.1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"DPP" = Canon Utilities Digital Photo Professional 3.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Studio_is1" = Free Studio version 5.0.8
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LManager" = Launch Manager
"MAGIX Movies on DVD TV Edition D" = MAGIX Movies on DVD TV Edition 7.0.3.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2011 12:45:13 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
 0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel 
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f,  Prozess-ID 0xa64, Anwendungsstartzeit
 01cc04314fc0612d.
 
Error - 26.04.2011 12:45:19 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2011 12:45:25 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.04.2011 12:45:25 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.04.2011 12:46:45 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vKECjCxHfiQS.exe, Version 1.8.0.0, Zeitstempel
 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276,  Prozess-ID 0x11b0, 
Anwendungsstartzeit 01cc04315a6c967d.
 
Error - 26.04.2011 14:21:32 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
 0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel 
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f,  Prozess-ID 0x9b4, Anwendungsstartzeit
 01cc043ec4a0041c.
 
Error - 26.04.2011 14:21:35 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.04.2011 14:23:10 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vKECjCxHfiQS.exe, Version 1.8.0.0, Zeitstempel
 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276,  Prozess-ID 0x1268, 
Anwendungsstartzeit 01cc043ecfaa090c.
 
[ OSession Events ]
Error - 16.12.2010 04:35:10 | Computer Name = Bruno-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1175
 seconds with 900 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.04.2011 10:12:02 | Computer Name = Bruno-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.04.2011 um 16:05:19 unerwartet heruntergefahren.
 
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.04.2011 10:14:53 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 10:35:01 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 10:58:39 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 25.04.2011 12:50:25 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 12:54:03 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.04.2011 12:51:16 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.04.2011 14:28:04 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---


Alt 26.04.2011, 19:53   #6
markusg
/// Malware-holic
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
:Files
C:\ProgramData\vKECjCxHfiQS.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
--> Beschädigte Festplatte cluster

Alt 26.04.2011, 20:02   #7
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\ProgramData\vKECjCxHfiQS.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bruno
->Flash cache emptied: 16298 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Bruno
->Temp folder emptied: 480104196 bytes
->Temporary Internet Files folder emptied: 991497432 bytes
->FireFox cache emptied: 42377629 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1445310 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16964946 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.461,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04262011_205732

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 26.04.2011, 20:11   #8
markusg
/// Malware-holic
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



sorry neues otl scriptund dann hochladen
:OTL
:Files
C:\ProgramData\vKECjCxHfiQS.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.04.2011, 20:19   #9
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



soll ich nun zu movedfiles.rar auf diesen upload channel hochladen ?

Alt 26.04.2011, 20:25   #10
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2011 21:21:26 - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 2,67 Gb Free Space | 1,85% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bruno\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (fxusbase) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.201.1:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.19 14:01:30 | 000,000,000 | ---D | M]
 
[2008.11.17 14:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2011.02.27 22:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.25 16:47:17 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\pd0gx28i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.11.28 23:19:56 | 000,000,944 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pd0gx28i.default\searchplugins\icqplugin.xml
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.08.22 18:10:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2010.06.05 15:43:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Movies_on_DVD_TV_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [conhost]  File not found
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - Startup: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1717747699-2736376619-3284485778-1000 Winlogon: Shell - (C:\Users\Bruno\AppData\Roaming\dwm.exe) -  File not found
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe02-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{024bfe04-2d1d-11df-a168-404e57434401}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c1b-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba54c2e-2c40-11df-b5e7-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be788-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79b-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d75be79d-2d1a-11df-a41b-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe181-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{e95fe182-381a-11df-ac3e-404e57434401}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{eb06c8cd-3b99-11e0-ba58-404e57434401}\Shell\AutoRun\command - "" = H:\AutoLcd209x.exe
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ef248c-d51a-11de-b95d-404e57434401}\Shell\AutoRun\command - "" = F:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.25 16:59:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.23 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\m
[2011.04.23 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\Bruno\Desktop\Twistys
[2011.04.16 12:57:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 21:49:46 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 21:49:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 21:49:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 21:49:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 21:49:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 21:49:30 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 21:49:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 21:49:29 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 21:49:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 21:49:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 21:49:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 21:49:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 21:49:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 21:49:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 21:20:52 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.04.04 20:24:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.04.04 20:24:23 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 21:07:00 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 21:06:59 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 21:06:59 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 21:06:59 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 21:02:01 | 000,504,657 | ---- | M] () -- C:\unhide.exe
[2011.04.26 20:59:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:59:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 20:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 20:59:12 | 3218,034,688 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 20:58:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.25 16:59:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bruno\Desktop\OTL.exe
[2011.04.25 16:56:35 | 000,147,507 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.25 16:53:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.25 16:00:01 | 000,002,299 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2011.04.24 23:27:33 | 000,137,728 | ---- | M] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 16:36:35 | 000,427,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 13:43:46 | 000,056,039 | ---- | M] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 21:22:35 | 000,001,036 | ---- | M] () -- C:\Users\Bruno\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.12 16:04:20 | 002,942,142 | ---- | M] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 20:19:50 | 000,007,592 | ---- | M] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2011.04.04 16:00:26 | 004,326,427 | ---- | M] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.28 22:01:04 | 082,655,457 | ---- | M] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.26 21:11:16 | 000,504,657 | ---- | C] () -- C:\unhide.exe
[2011.04.13 13:43:45 | 000,056,039 | ---- | C] () -- C:\Users\Bruno\Desktop\TUM_twoinone-Einladung_Mentoring.pdf
[2011.04.12 16:04:13 | 002,942,142 | ---- | C] () -- C:\Users\Bruno\Desktop\Brusco_-_Abbronzatissima.mp3
[2011.04.04 16:00:26 | 004,326,427 | ---- | C] () -- C:\Users\Bruno\Desktop\1bDiesozialeMarktwirtschaftundihreZiele.pdf
[2011.03.31 21:18:54 | 082,655,457 | ---- | C] () -- C:\Users\Bruno\Desktop\Absolvia 2001.pdf
[2011.03.18 14:10:05 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.03.06 12:23:54 | 000,005,616 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\77AA.835
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.06.05 15:48:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 18:31:07 | 000,148,792 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.12.25 18:25:29 | 000,002,299 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\acervcmtmp.ini
[2009.09.26 15:28:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.26 15:28:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.28 12:15:37 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.18 16:23:54 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.03.18 16:23:54 | 000,022,328 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\PnkBstrK.sys
[2009.03.18 16:23:39 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.03.18 16:23:38 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.03.16 16:43:07 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.03.14 12:57:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.03.05 20:56:49 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.11.27 16:35:47 | 000,007,592 | ---- | C] () -- C:\Users\Bruno\AppData\Local\d3d9caps.dat
[2008.11.22 21:27:15 | 000,032,825 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.11.22 21:27:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2008.11.22 21:26:11 | 000,006,225 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008.11.17 15:59:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.17 14:59:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.16 14:41:30 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.11.16 14:38:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.15 20:06:55 | 000,147,507 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.15 19:46:17 | 000,137,728 | ---- | C] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.15 19:44:19 | 000,147,507 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.22 03:48:06 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.08.22 03:48:06 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.08.22 03:48:06 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2008.08.22 03:48:06 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.08.22 03:43:20 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,427,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.01.09 00:34:06 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2001.01.09 00:32:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.01.08 16:47:34 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2001.01.08 16:47:34 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2001.01.08 16:28:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2001.01.08 16:24:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2001.01.08 16:20:57 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2001.01.08 16:20:57 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2001.01.08 16:19:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== LOP Check ==========
 
[2008.11.15 19:20:17 | 000,000,000 | -HSD | M] -- C:\Users\Bruno\AppData\Roaming\.#
[2010.07.04 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Acer
[2001.01.08 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Acer GameZone Console
[2011.04.25 16:47:15 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools
[2009.11.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite
[2009.10.31 18:07:28 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\digital publishing
[2011.04.12 21:21:45 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2011.02.20 14:03:27 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.11.15 19:24:48 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\eSobi
[2009.08.22 18:11:32 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\ICQ
[2009.06.28 12:18:43 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\MAGIX
[2011.04.25 16:47:18 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\PowerCinema
[2011.04.25 16:47:18 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\SoftDMA
[2009.06.28 12:12:47 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\TerraTec
[2009.05.12 15:05:51 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Ubisoft
[2008.11.15 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Validity
[2010.04.21 19:22:22 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Verbindungsassistent
[2011.04.26 20:58:09 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< :Files >
 
< C:\ProgramData\vKECjCxHfiQS.exe >
 
< :Commands >
 
< [purity] >
 
< [EMPTYFLASH]  >
 
< [emptytemp] >
 
< [Reboot] >

< End of report >
         
--- --- ---

Alt 26.04.2011, 20:25   #11
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2011 21:21:26 - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 2,67 Gb Free Space | 1,85% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 2,56 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 6,48 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD0A731-624D-42EE-8E6A-816E7C800CB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3F4A1377-5D43-43B6-82C2-5D1E505638AE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{404589EE-7543-4B1E-92D4-D544B2B589B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A0218BF-E0CA-4F8C-9DF8-750061C4EBCF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5B18AE25-F2A3-40F2-988E-0F90F2838800}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5BD864C0-B267-4BD1-8A53-B80CCD06F701}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5D7DA397-C9EA-4FA6-B8BF-B65EE6E224F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6344AC85-796C-4BB6-B5DD-4EE5615C03EF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6671D867-1ED9-4BFC-90C1-341B9E05571C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6F4BDC0F-E177-46B4-A73F-D9E1E1EAF56E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{70A7EACF-07B4-49C9-B996-DB196268F190}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7C52C206-4E62-400E-BA98-C956C4A331B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A3EBCF9C-F78A-40C3-95A2-1950AEB4F1F1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BD907BCD-06E8-4F4B-8C94-E7769C58BFD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C00BA0A8-A76A-4AE5-A58A-906785843A40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C30D773D-CF8A-4447-9021-F145EE4A2DCE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CA8108C9-122B-4722-BAC3-6A3538859E99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEA093F1-B80C-46A9-A4AC-E363180E7A71}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CFC8ED7B-D6C4-4E95-8E42-366E87F8DE5A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E86FD625-F4AD-4D99-A30E-7D3C386A27D3}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C0CC6-B387-41CB-980B-46348BB4EFFB}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{02814DEA-8AD0-48C7-ACEE-5A2C0A4CE7D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04DF50EB-47A1-4CFD-8DEB-596CC4212988}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{052C9A74-FE4C-4FA4-A54E-2AC77AAD9755}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe | 
"{055620E5-EF4E-418B-8B1A-696FD248C644}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{08A303BE-6202-4109-842B-021D7E7593CA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{0F24558D-3C1E-447B-B38F-B1C187F761AE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{0FBCAF41-FC58-4090-A9FB-EF079611B06A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{1075CB75-F2A8-47D1-A250-013815EF8453}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{1183C61E-642E-4A9F-8BC4-38DF03F5AF44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{14373484-E649-43C9-9149-454E65DB1AAA}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{1ADD36AB-5021-459C-8353-C326834EF928}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{1ED30451-9595-40C8-958C-A1A88724C8CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{20B24E21-2082-4EAF-BAFB-1FB7F831DB08}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{26A1E309-38CC-45B8-B85F-A560D27C72FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{272EF665-235F-41AB-9CBF-BC19398999B6}" = protocol=17 | dir=in | app=e:\resident 5\re5dx10.exe | 
"{299288A4-0848-4E2E-92C1-436B54E63815}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2CC60DDA-8399-4602-A89C-FA7FAE0B9240}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{2D493799-E6A4-429F-A6D6-120DD9ECD398}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{2E33A51B-5070-4CEE-A1C3-AC64072901F5}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{2EA20073-8479-49BC-A21B-F5A280F9C60A}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{309C41C1-FF14-4E33-B6D5-4FC55690B008}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{36E0F9F3-81E0-43A1-90D8-631DCBD7909C}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe | 
"{39237FD8-9FAA-430F-A494-E94A30ED5ADD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{42FEFD8D-926F-4366-9FD2-6AD66F959C87}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{46DC8319-884D-4A9B-9986-8D3EDB3906A3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{4A6A8F77-075F-4CFD-8F5D-3990D28711ED}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{533EDFCA-92FE-45FD-BEBA-B587980BB448}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5B7C67B7-5A9C-4E1E-9495-48DE47D43C80}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{5F018486-20CE-4F4A-B320-CEC4F901684A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{6311C509-4402-428D-89F9-B0FE882CB8C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{63334DB2-189E-48F5-84D6-F7D2E1E21DB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{68C2A5DC-3FA4-4A1B-A047-40EC9F3FEF62}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe | 
"{695B19DB-CE0D-4C5C-8D4E-33D054153874}" = protocol=17 | dir=in | app=e:\resident 5\re5dx9.exe | 
"{6994894D-0B07-4039-9A29-A5ADF649A3CC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{69BF45A0-33B9-49E0-8F5D-70D31450834E}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\f.e.a.r. mission perseus\fearxp2.exe | 
"{6EC19944-E484-4B6E-8116-C00E1C5C38BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6F08BFB0-E6E9-4B56-B20A-9820DC096CD5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{72257AED-1741-4175-BA6F-3DBE69EEF51F}" = protocol=6 | dir=in | app=e:\resident 5\re5dx9.exe | 
"{745F1B3F-3332-4691-B7A2-49C4C5D11A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{78B3474C-0BA4-427C-8021-E52C087326D0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{78FCDD30-20C1-4EB9-9997-90E36C086157}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{797234D0-CD5D-4B0E-8655-3A0CEF38C37F}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe | 
"{7A0D8EFD-0228-4564-AAAB-6B896B5A8AA4}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe | 
"{7C006AE4-8CCF-4DCB-9BD8-A6A3AD8B4F90}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{7C8B885A-AAD6-47A6-87F7-8FE1B62F4A84}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe | 
"{7CA38CB5-A8DC-41CF-AAF5-BD5670977E46}" = protocol=6 | dir=in | app=e:\resident 5\re5dx10.exe | 
"{7E0C4F18-4F8E-4FD0-BD76-A865E6FA6692}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{847693F1-DB97-4F24-B184-6BE43B8834C1}" = protocol=17 | dir=in | app=e:\activision\codwawmp.exe | 
"{891AEE52-D601-48DD-B6A6-DCE39642397B}" = protocol=6 | dir=in | app=e:\activision\codwawmp.exe | 
"{92B64617-59F6-47F0-9CDB-60DC13AE843A}" = protocol=6 | dir=in | app=e:\activision\codwaw.exe | 
"{94EE35D0-AAB9-4376-A3FA-E004008A9C1A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{96BB53FC-D52A-4086-99FD-154A624292EE}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{97F55C3A-A388-4F41-AAED-3B40A6CB4E4E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{98077976-F41F-4CC7-AD58-BE38D13A6D6E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{98C44D1D-4E0C-4D16-9F39-CFBFB554B90F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9E4F995F-DA4F-4EA1-9565-05D4F9C5929A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{9F5F0965-F33D-4EB0-828A-5BE2E9D03F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A115E800-4EBF-423A-B5B1-2F7A2319B21D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{A2F9A547-1AB7-4D17-ADBF-AEE96DE1292F}" = protocol=17 | dir=in | app=e:\activision\codwaw.exe | 
"{A7210CE2-A7D3-4713-A96F-3AC1DD60D619}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A8E2603C-BDCD-44F2-8A2E-70267D67CB7F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{AD55BE77-812F-4307-8964-2E75BBD9A1A0}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{B5292D5D-5101-47B9-8A33-245C0FED61FA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B8C771AE-C75B-4B34-82A7-D6BC502A4227}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{C008179D-093F-4C58-81C7-18DFBD222B8F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{C1EA2ED5-3975-432A-AC6D-3BE34791D107}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{C980B28D-9CF4-4329-ABE6-CE5D0E916230}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{CBF480E5-67A0-4AE4-B503-53C4D4C1F221}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{CF24FFE5-8D55-4F4D-B3CA-4EFD3C906EC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{D002BFA0-4577-468B-B2EE-306D2180C9CB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{D4255894-7084-47D6-8942-5BF01BDADFDE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{E252F1EC-24AC-47DC-8A57-7E5E934D8063}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E4EC6C7D-43CE-47B2-87F0-2FA18B59190A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{E68CAF8E-38A0-4B69-B950-8E1C8D7B45C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EA1AE03D-7E77-4B48-AEC9-A94313C4E5CF}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{ECEFF28E-12B8-41E6-9D85-4889011AFA76}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{F15D7B8F-4A9F-4793-96A9-40D806C96C06}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{F28F6E3A-6E43-44F9-8C12-B48E80D5A6DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F46B168B-D746-4AE0-BA18-08DB9C1A803A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F6708A7D-132D-4604-BBB9-8D5D340BC8EA}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe | 
"{F900BC06-A179-41C5-943C-AF1E804CFC0A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F9B250A7-A435-451A-A308-E79874315693}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FC614412-1C7B-426A-A598-5B8E85474092}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{FE480BB4-A133-4BA1-909C-5FD505A5BDD5}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"TCP Query User{19077D5E-1DC4-4110-B3D6-6D97E2B7B0A5}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{213D4DE6-4E12-4910-AAEA-19840D03D4D3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{25C7ABAB-AE90-4A8F-8115-75140E1BCAE6}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{2BB95264-6D07-4EC2-8D06-139B68745F39}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"TCP Query User{2CB75835-63E9-4C43-899A-FBF4895C381D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{34C1B0BF-BE22-4B8C-A5BC-670651B1D045}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe | 
"TCP Query User{3F16511C-4DFB-45F5-8736-133C3F4DF19B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{85482E50-E47F-4041-9CBE-6E209DA306E4}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{8AA0A186-6A44-49F2-A42E-E318FFECDC1B}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{90F4A2AE-3F92-475C-AC82-14F21BDC41AA}E:\medal of honor allied assault\mohaa.exe" = protocol=6 | dir=in | app=e:\medal of honor allied assault\mohaa.exe | 
"TCP Query User{9A1243B9-0B4B-4485-B4CE-365056C8E41D}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{9C66E9E2-2A11-451D-BEDB-C552C54E56CE}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{9F14B0D3-4285-431C-ABC6-06623541FAF0}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{B160B986-C232-47E8-B9F9-3189A3616A4D}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{B3F53491-61C2-4790-8415-A53F7CF23174}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"TCP Query User{CA3B0EA4-40F7-4C7C-830E-597B842CDCED}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=6 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe | 
"TCP Query User{CE9F7F6B-50E9-4023-ABF5-3D66E39A0EA6}E:\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war\w40kwa.exe | 
"TCP Query User{CEBD54A3-52EA-424F-9B47-2FE8E96BD0EF}E:\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe | 
"TCP Query User{CEEB84C3-98AD-4CE4-9AB6-A28FB11B7B58}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"TCP Query User{CFF4492B-8C4B-4033-91A8-3FCDF598008C}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{E6A7E5C9-CEE5-4FBF-A1B1-84E26C3C6BFE}E:\sierra\fear\fearxp\fearxp.exe" = protocol=6 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe | 
"TCP Query User{EA4F8C62-445B-49DA-8052-27C91D7D60BF}E:\activision\cod5\codwaw.exe" = protocol=6 | dir=in | app=e:\activision\cod5\codwaw.exe | 
"TCP Query User{EE43A55A-F51E-41F7-AD3D-4B1B3F980166}E:\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe | 
"TCP Query User{EED0D8D0-A1E7-4A61-AEE1-D8D4CDBE3314}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{03E066DB-203C-4254-9238-0F2491D1A88D}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{0ACEF304-A32E-48F1-BA2A-B0FC1DEF1C02}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{11B2B188-54CB-40C9-9784-367A2CC2FD9C}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{1D1CDBB0-97B8-4EDC-803A-DD9C366D2187}E:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=e:\2k games\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{2397C66C-743F-4018-AA55-3F0C42CB89AF}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe | 
"UDP Query User{25BA73DD-AB1E-43C6-9E73-BBEC2D837848}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{25F7C99B-FF3C-40C9-9070-F01338F10443}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{4E6DECC2-CF65-45CE-874A-A7209787D55C}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{5741EC0B-6A27-417F-9E59-14312D4941A1}E:\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war\w40kwa.exe | 
"UDP Query User{57471A0A-026A-42E4-89D9-F0991E0C360E}E:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"UDP Query User{6A87E708-BB6F-4E9B-AA93-6C9B91EDA868}E:\activision\cod5\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\cod5\codwaw.exe | 
"UDP Query User{6FAA8E05-E381-47E0-A0E9-2C0FA4D1D1AF}E:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{881EA9DF-B7B7-4B8E-A82B-A1FAABB68C80}\\bruno-pc\public\warcraft iii\war3.exe" = protocol=17 | dir=in | app=\\bruno-pc\public\warcraft iii\war3.exe | 
"UDP Query User{8CE789D0-0A01-4254-8BAB-87B219A62A9B}E:\medal of honor allied assault\mohaa.exe" = protocol=17 | dir=in | app=e:\medal of honor allied assault\mohaa.exe | 
"UDP Query User{9071A018-3857-416A-A211-E0BDF450B704}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{92093DF9-DAE3-41C4-92F7-6C1CFF38AA83}E:\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\unreal tournament 3\binaries\ut3.exe | 
"UDP Query User{92774E51-D5ED-40CF-AF48-98F06B8A7DF6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{9A3E1483-8534-48B4-9990-244F7E6831B9}E:\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{AB44A913-C86D-4516-A3E9-A8E1CADE55C1}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{BAFAAB9F-2799-432A-9C63-B7BAAEF75A88}E:\sierra\fear\fearxp\fearxp.exe" = protocol=17 | dir=in | app=e:\sierra\fear\fearxp\fearxp.exe | 
"UDP Query User{C299D621-2ED7-465B-8C50-CC734CAFD450}E:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{CC4153B1-EDF9-4618-9A3B-FB438DF39F3A}E:\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=e:\activision\call of duty - world at war\codwaw.exe | 
"UDP Query User{D552E128-4643-43E6-B723-7E2E9B2FD417}E:\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=e:\ghost recon advanced warfighter 2\graw2.exe | 
"UDP Query User{EEF393D8-804C-4EF2-94A7-412FB6B586E4}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2009
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.2
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B446F5BC-0503-452D-B9B9-37B782A51FB1}" = G51 Skins
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection

AAV 6.0.00.15
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ask Toolbar_is1" = Ask Toolbar
"AVIConverter" = AVIConverter 5.1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner (remove only)
"DPP" = Canon Utilities Digital Photo Professional 3.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Studio_is1" = Free Studio version 5.0.8
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LManager" = Launch Manager
"MAGIX Movies on DVD TV Edition D" = MAGIX Movies on DVD TV Edition 7.0.3.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1717747699-2736376619-3284485778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2011 14:21:35 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.04.2011 14:21:56 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.04.2011 14:23:10 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vKECjCxHfiQS.exe, Version 1.8.0.0, Zeitstempel
 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276,  Prozess-ID 0x1268, 
Anwendungsstartzeit 01cc043ecfaa090c.
 
Error - 26.04.2011 14:48:27 | Computer Name = Bruno-PC | Source = VSS | ID = 8194
Description = 
 
Error - 26.04.2011 14:58:06 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BackupSvc.exe, Version 5.1.0.3, Zeitstempel 
0x47f5eee7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x9a8, Anwendungsstartzeit
 01cc043ec495a3dc.
 
Error - 26.04.2011 14:59:25 | Computer Name = Bruno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CompileMOF.exe, Version 3.0.2000.0, Zeitstempel
 0x474a325e, fehlerhaftes Modul CompileMOF.exe, Version 3.0.2000.0, Zeitstempel 
0x474a325e, Ausnahmecode 0xc000000d, Fehleroffset 0x00002a7f,  Prozess-ID 0x9ec, Anwendungsstartzeit
 01cc04440fea8a98.
 
Error - 26.04.2011 14:59:31 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2011 14:59:46 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.04.2011 14:59:46 | Computer Name = Bruno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 16.12.2010 04:35:10 | Computer Name = Bruno-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1175
 seconds with 900 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 25.04.2011 10:12:47 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.04.2011 10:14:53 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 10:35:01 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 10:58:39 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 25.04.2011 12:50:25 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 12:54:03 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.04.2011 12:51:16 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.04.2011 14:28:04 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 26.04.2011 14:57:32 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---

Alt 26.04.2011, 20:35   #12
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



hab ich des richtig gemacht?

Alt 26.04.2011, 20:37   #13
markusg
/// Malware-holic
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



du sollst auf fix klicken nicht auf scan
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.04.2011, 20:42   #14
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\ProgramData\vKECjCxHfiQS.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bruno
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Bruno
->Temp folder emptied: 288030 bytes
->Temporary Internet Files folder emptied: 4506622 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1445310 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 873 bytes

Total Files Cleaned = 6,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04262011_213902

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 26.04.2011, 21:09   #15
Problem392
 
Beschädigte Festplatte cluster - Standard

Beschädigte Festplatte cluster



Jetzt sind die Dateien wieder sichtbar, soll ich jetzt Unhide nochmal durchlaufen lassen?

Antwort

Themen zu Beschädigte Festplatte cluster
andere, anderen, bereits, beschädigte, beschädigte festplatte-cluster, brauche, cluster, daten, festplatte, forum, gefunde, meldung, platte, private, programme, unhide




Ähnliche Themen: Beschädigte Festplatte cluster


  1. festplatte beschädigt-cluster (xp)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2011 (6)
  2. beschädigte Festplattem Cluster
    Log-Analyse und Auswertung - 19.07.2011 (4)
  3. Beschädigte Festplatten Cluster
    Log-Analyse und Auswertung - 24.06.2011 (9)
  4. Beschädigte Festplatte-Cluster gefunden. Private Daten sind in Gefahr
    Log-Analyse und Auswertung - 09.06.2011 (16)
  5. Festplatte Cluster Fehler
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (8)
  6. Beschädigte Festplatte-Cluster
    Log-Analyse und Auswertung - 23.05.2011 (21)
  7. Beschädigte Festplatte-Cluster
    Mülltonne - 23.05.2011 (1)
  8. Beschädigte Festplatte-Cluster
    Mülltonne - 22.05.2011 (1)
  9. KRITISSCHER FEHLER: Beschädigte Festplatten- cluster
    Plagegeister aller Art und deren Bekämpfung - 19.05.2011 (10)
  10. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Log-Analyse und Auswertung - 04.05.2011 (14)
  11. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (19)
  12. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (41)
  13. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (23)
  14. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Log-Analyse und Auswertung - 29.04.2011 (37)
  15. kritischer fehler beschädigte festplatte-cluster
    Log-Analyse und Auswertung - 29.04.2011 (15)
  16. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Dateien sind in Gefahr.
    Log-Analyse und Auswertung - 26.04.2011 (3)
  17. Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr
    Alles rund um Windows - 24.04.2011 (3)

Zum Thema Beschädigte Festplatte cluster - Hallo, ich bin zum ersten mal in einem Forum und brauche Hilfe. Ich habe die Meldung bekommen: "Beschädigte Festplatte-Cluster gefunden. Private Daten sind in Gefahr." ich habe bereits in anderen - Beschädigte Festplatte cluster...
Archiv
Du betrachtest: Beschädigte Festplatte cluster auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.