Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   anti-malware log zur auswertung (https://www.trojaner-board.de/92073-anti-malware-log-auswertung.html)

wambo99 21.10.2010 16:26
anti-malware log zur auswertung
 
hay alle
das ist mein erster post , hoffe hab möglichst wenig fehler.

Ich weiß nicht ob ich ein Trojaner auf dem pc habe oder nicht.
Soll ich mein Computer jetzt formatieren?!
Also hier die log-datei.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4903

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

21.10.2010 17:09:29
mbam-log-2010-10-21 (17-09-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146253
Laufzeit: 11 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

cosinus 21.10.2010 18:37
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

wambo99 21.10.2010 20:48
OTL) 1log.OTL Logfile:
Code:
OTL Extras logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32C71912-532C-46DC-A9F1-3117924AA21D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B165C69-9D26-44BE-B2DC-FE5DC002E9AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F32B2E4-3A82-4D0C-AEEA-B61B0BF5DE3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5654AE0E-1EA0-4A0B-9026-64107BA0CC44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{74AF2B35-6ACC-4C2E-9543-DB5C8DBD03DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95A09728-FDDE-4E18-972E-04308AFF4960}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A18B548C-C0EB-475A-91FA-E24C8DB91FD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C8251346-EC22-45DA-9B32-B94290017165}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0139E08A-8E94-4ED1-9E82-2DB322639286}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{0891B45B-7E90-44EB-82A1-B96B7DB8EA58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{09952AAE-AEBA-4F7A-A719-134C30B93ABB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{0BA447DD-343A-41CE-B86D-947C05D113AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0F983182-B487-4736-B8C9-055E11127822}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{24C52D48-F42D-44B2-8812-4B5F0843BE4E}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{2A289B65-5989-4788-B72E-C35D4D041368}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{33DE3C5E-D188-4B86-A8FE-9EB4AB7D4F41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{34D54E44-4DF4-4CC1-935D-B103A95CA4BB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{3A1A66CF-89C4-4140-9E1D-6FB83769E7DD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3A95E764-3B67-451D-A8E0-E115E0F79DD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{408C8A0E-A038-4D33-ACBE-547831CF647B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{44093CD2-EE1A-4C19-9A39-46E79324D40E}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{45506B92-F2E4-499D-9A0B-709D4E191D81}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4CA9F8D5-4A71-4316-9CFA-90255A760E5F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{516A3F30-B982-4C68-98A1-815BDA9C09B7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5E82F0F2-D36B-48B8-BF86-9BB56965768B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{613FF0EB-27CE-4C3F-8072-675C6F878E0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{666CB7ED-EB3B-429A-8A1A-25EBB902169A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{66DE233B-098B-49CE-AB71-E3376098B3DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{68C57A13-1250-4B1F-B3E6-5BE041E3B096}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{68CCBCF6-EDD7-44BA-B530-6F25B2275430}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{715F4E3F-E61B-49DA-A0A4-C8838EB5C7FE}" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{718E1F3D-3478-4706-93DA-80FDB93F5C91}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{73CFC126-588B-4B8D-BFF8-5EA031414D52}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{77465F61-30D9-4856-BB04-D9E3343DEEAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{782EA5B2-9570-4588-9B03-BCC048235648}" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{7956A954-3D7A-47FF-B2AB-0637C1B38963}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{79B6CD9A-3172-493C-AB40-6D5FAE597258}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7A5D141A-011D-4E41-B0CE-F76C5FEBA09C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{7B0988E3-E402-450B-B444-4E996D66AE46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7C20506C-7A73-452F-9880-1A9B19C81C9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7DDC15D9-927F-4582-A895-FA1677F1864B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7EAD9E89-625F-40A3-BEA5-E4A4C187B7CB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{836DE0DE-F505-45C2-B777-4CD4BDEA8061}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{85352D01-C8EB-4E51-9762-E2D67D358707}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{85D8FCA9-1B95-4736-95A6-388D532FA9F7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{87B53806-46A2-4780-922E-C5667112B5E8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{87BF2D87-56AE-4957-939D-AC8EE52F2D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{8CF8B9F6-E6D7-4432-947A-3B9C1740CFF7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{8FB08B5E-0EF8-46B2-9C7F-51DB553223C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{9E58D4F7-EDDA-4401-84DD-4C382BCD0257}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{9F69704C-3150-4B7D-AAC1-162572229869}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{A95B063C-149F-4BAA-A831-08499262DD41}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A9C5BAA8-1155-41D6-A5CD-F9ED0BCC3E2C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{ACD18395-D930-4BA4-8D83-A78C3EEE0426}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{AF362A85-4A49-4660-8065-1E1C5799FC62}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B806D263-45E2-4604-969F-7EDBF31F4EB3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B9FEBF8A-B573-4625-BDF8-838BD57AB5E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{BFA89F29-0510-425A-9F99-7F5CC3452369}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{C6089F0E-1C26-4F1C-AE30-5E60D39582A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C7AF4FE9-9374-4EB0-841A-9C7A8A3EA1A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C819C97F-7EED-4D70-9C47-391712BDB5D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C84BE8B8-D5F3-4E3B-B0E4-BC3F38B61605}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CA27CFD2-5416-47AD-B019-CB52ABD3789A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{CFF8FE96-8004-48CA-95A5-25CD3EDAF231}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{D92B0DFC-EDE2-4DC9-87C3-489860C19AAD}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{DC04695E-E0E3-42D5-B937-21E67D6ADF16}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E219DC92-3E75-4432-BC6A-B62D818BD9F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E30CA022-1E93-4171-898E-C9EF17E2D396}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{E33026B8-8B24-4146-BF69-78309EF04094}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{ED40B40B-9B5E-4A52-8AAF-E9554F3C7856}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"TCP Query User{00548D5D-A624-4225-8424-63DB22322BB7}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{07CDED4B-AD87-40F7-9C04-4CA7D58718A0}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"TCP Query User{0852AC21-4C19-46BC-9A59-2F93DCE9DF5D}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{0995BFBD-357F-4AF2-B95E-E31F9A001970}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
"TCP Query User{0BCEBDC2-D310-4AC0-BD88-D203B97D3834}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"TCP Query User{10694044-61A6-4D36-985A-EAB465ED08F3}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe |
"TCP Query User{14422F3F-3701-45DD-9355-E3994BDB285F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"TCP Query User{146E16A3-D256-4630-BC89-23F26003009D}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"TCP Query User{18D6E447-C6BB-4839-A835-67CCECF58697}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"TCP Query User{1988BD6D-ED36-4F7B-9705-BB2C00294E3A}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"TCP Query User{1A35859B-8B4E-47D3-A52B-F77D6189940C}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{251587BC-C93E-4F41-A6BC-430632C3BFD9}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{299CC269-A608-4D59-B5A6-980F3BC71CC0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2B183796-BCE7-468A-BB8D-A754FCEB01C9}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{2D8E5CCD-A3D3-4C3D-8805-7BE68C0FF042}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{39195783-2217-4438-95B6-811630CD9696}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"TCP Query User{3BB4A8E9-6AC4-47F9-B3C4-EEECE138BD2B}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{447EE480-6616-40A4-A606-A6A2E7B89E50}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4D77DD47-3092-486B-BF9D-26359DCC0849}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
"TCP Query User{5437AD72-B13D-4AC7-8D24-6B28CD1B8956}C:\program files\metin2_germany\metin2.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.exe |
"TCP Query User{588EA4B6-FF03-4D05-9351-48A9B9D09C62}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{58A83585-4A1D-444C-9E00-19CF05643C8E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{74E98653-1C96-4145-9D48-35F8E38AA74B}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"TCP Query User{75550ABD-F21D-4189-B8ED-46C9881782D8}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{83FAEEA6-22F3-4738-A90B-1214E3BC2D7D}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe |
"TCP Query User{8D4E4618-AAC2-4A12-99DC-5F0AE784396B}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"TCP Query User{8F234526-4F13-4E46-9313-B7F595D4EC6E}L:\mh\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\mh\metin2_germany\metin2.bin |
"TCP Query User{9120E071-628E-44F3-B3B6-153AFB14D314}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"TCP Query User{B8443C0F-BA33-4994-9639-8947AAE670C7}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{C0B98893-7AFD-463F-A985-BB6D9BA4BE6A}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"TCP Query User{C954EB8C-7061-42F1-B49B-8A383A2894B2}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe |
"TCP Query User{D35877DB-698E-4055-A14A-FBAE70796DA3}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin |
"TCP Query User{D5E429BE-48ED-4A23-BC07-485A397D7CB3}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{D8E51C89-764D-42A8-9637-02ABDFC951B5}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"TCP Query User{E6970AD5-9EC4-4016-BDFC-9F18EE914CBE}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe |
"TCP Query User{F9D35BB9-3096-48B8-A4F9-947D23F58A4D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"TCP Query User{FE8C2221-4E72-4DCF-A051-452FBB5AA03A}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe |
"TCP Query User{FF6E8328-8316-4767-8786-10A9E343FD3F}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{030E5AE0-5AF8-439A-850B-C4E33E8C2273}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"UDP Query User{0B87C1E5-2BA8-405F-8AE1-54CF0A331C54}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{1CFB478F-1B62-451A-8ACC-91C34F6B27FF}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"UDP Query User{1E6129E5-9EF0-4DA9-9F9C-1CB6F670B1F5}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"UDP Query User{29D1CFD1-79FF-47D2-8403-CDEE3785574B}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{2DA8C29F-0DE6-4C2F-911A-A00F84CA115A}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"UDP Query User{2FDFDE65-3D97-4227-A078-08E1CE3DBAFF}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"UDP Query User{31E316F8-AF62-4EFF-80B1-D50421DCEB4F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"UDP Query User{380C8834-B107-41D5-8A30-9D5688E8EBCE}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"UDP Query User{3CBF2878-641F-4ED9-B0F5-BD5D1C00909A}C:\program files\metin2_germany\metin2.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.exe |
"UDP Query User{413A58BE-956E-45A2-9949-0F04FC9F1F90}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"UDP Query User{45170A0C-15E4-431A-A3C7-48138C0874B6}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe |
"UDP Query User{4D839AF7-4CF3-45FA-B895-290D827C0E30}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{4D8ECD20-81D4-4253-AA5D-1DC07A9B8E6F}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin |
"UDP Query User{4F49D2F3-1D4E-440D-8387-07F82F99B1FA}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe |
"UDP Query User{509B7D0E-5652-4A40-A9D7-FDF1A869E777}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{56278F68-2AA4-47D3-A99C-A6D5C804A6A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{594CD0CB-5510-49A5-B659-2CD8D1AF2BDC}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe |
"UDP Query User{6D4CC943-4CEA-4BA3-8270-2B5ED64293E2}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{6F52EC1B-DFC0-4FD5-960D-F65254698424}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6F9F7F64-140C-40C8-AACB-81EE0ACC6CE7}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"UDP Query User{73839211-8BB1-4D5A-BB42-909B80F3F489}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{768FE0FF-DB0F-44FC-B5F6-C9533BAACF33}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{793CE7BE-2943-4B68-A3F1-E235378B9F6D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"UDP Query User{7FFEEE04-E4CC-4717-B794-C251258EABAB}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{8BDA34E8-733A-4BFD-894B-36F5FD3D7019}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{8DF8C2AE-42F2-4790-9DE5-FC95C8E40D6E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9055E64A-DC14-4C0A-9F91-5AC9718B632B}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"UDP Query User{A6F871A5-E37D-4ACF-8B3A-0FB50430A58F}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{AE259E7D-8EA9-4F55-A207-567FD13B4D8F}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe |
"UDP Query User{AEA78220-1D4D-4402-80BC-94B85121AEBC}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{BE7C24C2-945D-4CD1-8A32-03F28EA8204E}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"UDP Query User{C30EE879-B6EA-4E73-BD8D-624C60C1CAF9}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
"UDP Query User{CE215832-CF2C-4C85-8C5D-4EAE7C360821}L:\mh\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\mh\metin2_germany\metin2.bin |
"UDP Query User{D60CB3CB-4B28-4346-A594-1BC8638A8BFB}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"UDP Query User{DE8C7509-9298-44AD-8A5A-66C7693A0518}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe |
"UDP Query User{F01D6A35-3FDD-4F4B-A7A3-1F5D68F97E28}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{FE2903F4-39CB-475D-A372-6ADAD2FFFF5F}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0A2D1DFE-5362-6CCF-46D7-07006D726383}" = CCC Help Russian
"{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All
"{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation
"{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{246DB002-665C-CD60-390A-DE2BE952C7CC}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{427E8045-62BF-DD85-079C-21AE345BA815}" = CCC Help Finnish
"{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing
"{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek
"{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85EC876D-27B4-D811-1419-BB021AEA351C}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{94894501-EC12-432B-B8E2-AA8470CC6266}" = UEFA EURO 2008™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1C4983E-7720-3970-5F21-5AFF18AEF5BD}" = CCC Help Swedish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98898CD-9097-6D0E-C5B8-418433A00717}" = CCC Help Turkish
"{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean
"{C388FB07-1679-E1EF-7DE4-172E3FDB595E}" = CCC Help Norwegian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6900D91-35A7-5DC4-07D4-AF3123BB3422}" = ATI Problem Report Wizard
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French
"{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common
"{EFBF0779-93EE-4261-9CF3-EA68FA7E1152}" = CCC Help Czech
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BFD15D-9EEC-4072-942D-240BA0B99467}" = COMPUTERBILD-Abzockschutz
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7D3AFB4-94A0-4720-AFC6-5B6283DD7606}_is1" = Borderlands v.1.2 and DLCs
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New
"{FD1E62F4-33DC-87C5-8C4A-77D2D8D5ACB8}" = ATI Catalyst Install Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BattlEye" = BattlEye Uninstall
"Counter-Strike 1.6 v28 - DigitalZone" = Counter-Strike 1.6 v28 - DigitalZone
"Cross Fire_is1" = Cross Fire En
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileMenu Tools_is1" = FileMenu Tools
"Free Studio_is1" = Free Studio version 4.1
"Game Cam" = Game Cam 2.54.0.47
"ICQToolbar" = ICQ Toolbar
"JAP" = JAP
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NoIPDUC" = No-IP DUC
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"Tor" = Tor 0.2.1.23
"TVISTA Express Tuner_is1" = DATA BECKER TVISTA Express Tuner
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 12:06:45 | Computer Name = Senad-PC | Source = ESENT | ID = 215
Description = WinMail (3072) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 01.11.2009 10:39:12 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 03.11.2009 06:29:39 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 04.11.2009 10:15:09 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 21.10.2010 10:27:37 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:25:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:59 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:28:33 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:48 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:47 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:58 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:29:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:33:30 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.10.2010 11:49:35 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 11:51:19 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.10.2010 13:55:43 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 13:57:27 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description =
 
[ TuneUp Events ]
Error - 16.07.2010 07:36:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:38:02 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:38:22 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:38:42 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:40:12 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 17.07.2010 12:07:11 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 18.07.2010 12:56:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 18.07.2010 16:38:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 19.07.2010 05:45:28 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 19.07.2010 07:00:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
 
< End of report >
--- --- ---

OTL) 2log.OTL Logfile:
Code:
OTL logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe (ActiveState Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) --  File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File not found
SRV - (CLTNetCnService) --  File not found
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found
DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (netr73) -- C:\Windows\System32\DRIVERS\netr73.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "184.73.187.184"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "184.73.187.184"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "184.73.187.184"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
 
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.10.21 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions
[2010.04.27 16:14:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.09 12:05:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.11 00:08:25 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.04.21 12:30:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.10.21 14:30:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.30 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\FirefoxAddon@similarWeb.com
[2010.09.24 22:16:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\isgdcreator@postspectacular.com
[2008.12.23 11:35:24 | 000,001,579 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\aol-search.xml
[2010.10.17 12:30:14 | 000,000,950 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin-1.xml
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin.xml
[2010.08.08 23:07:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.19 18:59:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.04 19:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.04 19:30:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.13 22:29:59 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O24 - Desktop WallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.21 20:01:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Senad\AppData\Roaming\Malwarebytes
[2010.10.21 16:51:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.21 16:51:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.21 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\Senad\Documents\Square Enix
[2010.10.21 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.10.21 14:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.10.15 00:23:25 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.15 00:23:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.15 00:23:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.15 00:23:00 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.15 00:23:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.15 00:23:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.15 00:22:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.15 00:22:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.15 00:22:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.15 00:22:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.15 00:22:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.15 00:22:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.15 00:22:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.15 00:22:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.15 00:22:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.15 00:22:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.15 00:22:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.15 00:22:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.15 00:22:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.15 00:22:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.15 00:22:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.15 00:22:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.15 00:22:54 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.15 00:22:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.15 00:22:52 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.09.29 13:55:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 20:13:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CFCB5B28-9326-4B32-85AB-75602B755434}.job
[2010.10.21 20:01:21 | 000,694,324 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.21 20:01:21 | 000,611,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.21 20:01:21 | 000,148,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.21 20:01:21 | 000,120,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.21 20:01:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.21 19:55:51 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.21 16:31:55 | 284,109,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.18 21:28:12 | 000,002,253 | ---- | M] () -- C:\Users\Senad\Desktop\Steam.lnk
[2010.10.18 12:27:57 | 000,001,053 | ---- | M] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.15 16:37:42 | 000,614,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.09 14:14:14 | 000,073,216 | -HS- | M] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.10.08 14:28:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.08 14:28:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 16:13:05 | 284,109,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.18 12:27:57 | 000,001,053 | ---- | C] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.09 14:13:48 | 000,073,216 | -HS- | C] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.07.19 19:02:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.01 21:49:01 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.31 01:09:20 | 000,001,648 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d8caps.dat
[2009.09.24 20:40:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.13 14:47:15 | 000,322,036 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_nav.dat
[2009.06.13 14:47:15 | 000,003,617 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga.dat
[2009.06.13 14:47:15 | 000,000,422 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_navps.dat
[2009.03.15 17:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Senad\AppData\Roaming\PnkBstrK.sys
[2009.02.25 22:52:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2009.02.25 22:52:51 | 000,016,896 | ---- | C] () -- C:\Windows\System32\WinFl32.sys
[2009.02.25 22:52:51 | 000,000,990 | -HS- | C] () -- C:\Users\Senad\AppData\Roaming\systemfl.$dk
[2009.02.14 10:48:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.13 23:42:05 | 000,002,750 | ---- | C] () -- C:\Users\Senad\AppData\Local\edsinstaller.txt-20090213.log
[2009.02.02 01:11:23 | 000,000,839 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_sta
[2009.02.02 01:11:17 | 000,000,792 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_prof
[2009.02.02 00:57:44 | 000,290,918 | ---- | C] () -- C:\Windows\System32\Install7x.dll
[2008.11.09 14:18:56 | 000,000,173 | ---- | C] () -- C:\Windows\wininit.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.26 09:19:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.07.26 09:18:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.07.26 09:17:44 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.07.24 18:41:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.28 15:16:07 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.06.28 15:16:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.06.19 21:10:01 | 000,000,088 | ---- | C] () -- C:\Users\Senad\AppData\Local\uuttacz.bat
[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.24 12:59:25 | 000,008,836 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d9caps.dat
[2008.05.23 15:39:46 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.05.16 15:09:05 | 000,011,264 | ---- | C] () -- C:\Users\Senad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.14 17:49:49 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.05.14 17:49:48 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007.07.26 21:28:01 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini
[2007.07.26 19:31:59 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---
Anti-Malware)

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4904

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

21.10.2010 20:54:58
mbam-log-2010-10-21 (20-54-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 0
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

wambo99 21.10.2010 20:48
OTL) 1log.OTL Logfile:
Code:
OTL Extras logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32C71912-532C-46DC-A9F1-3117924AA21D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B165C69-9D26-44BE-B2DC-FE5DC002E9AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F32B2E4-3A82-4D0C-AEEA-B61B0BF5DE3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5654AE0E-1EA0-4A0B-9026-64107BA0CC44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{74AF2B35-6ACC-4C2E-9543-DB5C8DBD03DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95A09728-FDDE-4E18-972E-04308AFF4960}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A18B548C-C0EB-475A-91FA-E24C8DB91FD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C8251346-EC22-45DA-9B32-B94290017165}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0139E08A-8E94-4ED1-9E82-2DB322639286}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{0891B45B-7E90-44EB-82A1-B96B7DB8EA58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{09952AAE-AEBA-4F7A-A719-134C30B93ABB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{0BA447DD-343A-41CE-B86D-947C05D113AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0F983182-B487-4736-B8C9-055E11127822}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{24C52D48-F42D-44B2-8812-4B5F0843BE4E}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{2A289B65-5989-4788-B72E-C35D4D041368}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{33DE3C5E-D188-4B86-A8FE-9EB4AB7D4F41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{34D54E44-4DF4-4CC1-935D-B103A95CA4BB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{3A1A66CF-89C4-4140-9E1D-6FB83769E7DD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3A95E764-3B67-451D-A8E0-E115E0F79DD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{408C8A0E-A038-4D33-ACBE-547831CF647B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{44093CD2-EE1A-4C19-9A39-46E79324D40E}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{45506B92-F2E4-499D-9A0B-709D4E191D81}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4CA9F8D5-4A71-4316-9CFA-90255A760E5F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{516A3F30-B982-4C68-98A1-815BDA9C09B7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5E82F0F2-D36B-48B8-BF86-9BB56965768B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{613FF0EB-27CE-4C3F-8072-675C6F878E0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{666CB7ED-EB3B-429A-8A1A-25EBB902169A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{66DE233B-098B-49CE-AB71-E3376098B3DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{68C57A13-1250-4B1F-B3E6-5BE041E3B096}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{68CCBCF6-EDD7-44BA-B530-6F25B2275430}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{715F4E3F-E61B-49DA-A0A4-C8838EB5C7FE}" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{718E1F3D-3478-4706-93DA-80FDB93F5C91}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{73CFC126-588B-4B8D-BFF8-5EA031414D52}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{77465F61-30D9-4856-BB04-D9E3343DEEAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{782EA5B2-9570-4588-9B03-BCC048235648}" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{7956A954-3D7A-47FF-B2AB-0637C1B38963}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{79B6CD9A-3172-493C-AB40-6D5FAE597258}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7A5D141A-011D-4E41-B0CE-F76C5FEBA09C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{7B0988E3-E402-450B-B444-4E996D66AE46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7C20506C-7A73-452F-9880-1A9B19C81C9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7DDC15D9-927F-4582-A895-FA1677F1864B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7EAD9E89-625F-40A3-BEA5-E4A4C187B7CB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{836DE0DE-F505-45C2-B777-4CD4BDEA8061}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{85352D01-C8EB-4E51-9762-E2D67D358707}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{85D8FCA9-1B95-4736-95A6-388D532FA9F7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{87B53806-46A2-4780-922E-C5667112B5E8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{87BF2D87-56AE-4957-939D-AC8EE52F2D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{8CF8B9F6-E6D7-4432-947A-3B9C1740CFF7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{8FB08B5E-0EF8-46B2-9C7F-51DB553223C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{9E58D4F7-EDDA-4401-84DD-4C382BCD0257}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{9F69704C-3150-4B7D-AAC1-162572229869}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{A95B063C-149F-4BAA-A831-08499262DD41}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A9C5BAA8-1155-41D6-A5CD-F9ED0BCC3E2C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{ACD18395-D930-4BA4-8D83-A78C3EEE0426}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{AF362A85-4A49-4660-8065-1E1C5799FC62}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B806D263-45E2-4604-969F-7EDBF31F4EB3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B9FEBF8A-B573-4625-BDF8-838BD57AB5E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{BFA89F29-0510-425A-9F99-7F5CC3452369}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{C6089F0E-1C26-4F1C-AE30-5E60D39582A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C7AF4FE9-9374-4EB0-841A-9C7A8A3EA1A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C819C97F-7EED-4D70-9C47-391712BDB5D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C84BE8B8-D5F3-4E3B-B0E4-BC3F38B61605}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CA27CFD2-5416-47AD-B019-CB52ABD3789A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{CFF8FE96-8004-48CA-95A5-25CD3EDAF231}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{D92B0DFC-EDE2-4DC9-87C3-489860C19AAD}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{DC04695E-E0E3-42D5-B937-21E67D6ADF16}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E219DC92-3E75-4432-BC6A-B62D818BD9F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E30CA022-1E93-4171-898E-C9EF17E2D396}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{E33026B8-8B24-4146-BF69-78309EF04094}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{ED40B40B-9B5E-4A52-8AAF-E9554F3C7856}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"TCP Query User{00548D5D-A624-4225-8424-63DB22322BB7}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{07CDED4B-AD87-40F7-9C04-4CA7D58718A0}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"TCP Query User{0852AC21-4C19-46BC-9A59-2F93DCE9DF5D}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{0995BFBD-357F-4AF2-B95E-E31F9A001970}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
"TCP Query User{0BCEBDC2-D310-4AC0-BD88-D203B97D3834}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"TCP Query User{10694044-61A6-4D36-985A-EAB465ED08F3}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe |
"TCP Query User{14422F3F-3701-45DD-9355-E3994BDB285F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"TCP Query User{146E16A3-D256-4630-BC89-23F26003009D}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"TCP Query User{18D6E447-C6BB-4839-A835-67CCECF58697}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"TCP Query User{1988BD6D-ED36-4F7B-9705-BB2C00294E3A}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"TCP Query User{1A35859B-8B4E-47D3-A52B-F77D6189940C}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{251587BC-C93E-4F41-A6BC-430632C3BFD9}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{299CC269-A608-4D59-B5A6-980F3BC71CC0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2B183796-BCE7-468A-BB8D-A754FCEB01C9}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{2D8E5CCD-A3D3-4C3D-8805-7BE68C0FF042}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{39195783-2217-4438-95B6-811630CD9696}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"TCP Query User{3BB4A8E9-6AC4-47F9-B3C4-EEECE138BD2B}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{447EE480-6616-40A4-A606-A6A2E7B89E50}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4D77DD47-3092-486B-BF9D-26359DCC0849}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
"TCP Query User{5437AD72-B13D-4AC7-8D24-6B28CD1B8956}C:\program files\metin2_germany\metin2.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.exe |
"TCP Query User{588EA4B6-FF03-4D05-9351-48A9B9D09C62}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{58A83585-4A1D-444C-9E00-19CF05643C8E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{74E98653-1C96-4145-9D48-35F8E38AA74B}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"TCP Query User{75550ABD-F21D-4189-B8ED-46C9881782D8}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{83FAEEA6-22F3-4738-A90B-1214E3BC2D7D}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe |
"TCP Query User{8D4E4618-AAC2-4A12-99DC-5F0AE784396B}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"TCP Query User{8F234526-4F13-4E46-9313-B7F595D4EC6E}L:\mh\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\mh\metin2_germany\metin2.bin |
"TCP Query User{9120E071-628E-44F3-B3B6-153AFB14D314}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"TCP Query User{B8443C0F-BA33-4994-9639-8947AAE670C7}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{C0B98893-7AFD-463F-A985-BB6D9BA4BE6A}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"TCP Query User{C954EB8C-7061-42F1-B49B-8A383A2894B2}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe |
"TCP Query User{D35877DB-698E-4055-A14A-FBAE70796DA3}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin |
"TCP Query User{D5E429BE-48ED-4A23-BC07-485A397D7CB3}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{D8E51C89-764D-42A8-9637-02ABDFC951B5}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"TCP Query User{E6970AD5-9EC4-4016-BDFC-9F18EE914CBE}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe |
"TCP Query User{F9D35BB9-3096-48B8-A4F9-947D23F58A4D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"TCP Query User{FE8C2221-4E72-4DCF-A051-452FBB5AA03A}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe |
"TCP Query User{FF6E8328-8316-4767-8786-10A9E343FD3F}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{030E5AE0-5AF8-439A-850B-C4E33E8C2273}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"UDP Query User{0B87C1E5-2BA8-405F-8AE1-54CF0A331C54}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{1CFB478F-1B62-451A-8ACC-91C34F6B27FF}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"UDP Query User{1E6129E5-9EF0-4DA9-9F9C-1CB6F670B1F5}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"UDP Query User{29D1CFD1-79FF-47D2-8403-CDEE3785574B}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{2DA8C29F-0DE6-4C2F-911A-A00F84CA115A}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"UDP Query User{2FDFDE65-3D97-4227-A078-08E1CE3DBAFF}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"UDP Query User{31E316F8-AF62-4EFF-80B1-D50421DCEB4F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"UDP Query User{380C8834-B107-41D5-8A30-9D5688E8EBCE}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"UDP Query User{3CBF2878-641F-4ED9-B0F5-BD5D1C00909A}C:\program files\metin2_germany\metin2.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.exe |
"UDP Query User{413A58BE-956E-45A2-9949-0F04FC9F1F90}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe |
"UDP Query User{45170A0C-15E4-431A-A3C7-48138C0874B6}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe |
"UDP Query User{4D839AF7-4CF3-45FA-B895-290D827C0E30}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{4D8ECD20-81D4-4253-AA5D-1DC07A9B8E6F}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin |
"UDP Query User{4F49D2F3-1D4E-440D-8387-07F82F99B1FA}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe |
"UDP Query User{509B7D0E-5652-4A40-A9D7-FDF1A869E777}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{56278F68-2AA4-47D3-A99C-A6D5C804A6A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{594CD0CB-5510-49A5-B659-2CD8D1AF2BDC}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe |
"UDP Query User{6D4CC943-4CEA-4BA3-8270-2B5ED64293E2}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{6F52EC1B-DFC0-4FD5-960D-F65254698424}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6F9F7F64-140C-40C8-AACB-81EE0ACC6CE7}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"UDP Query User{73839211-8BB1-4D5A-BB42-909B80F3F489}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{768FE0FF-DB0F-44FC-B5F6-C9533BAACF33}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{793CE7BE-2943-4B68-A3F1-E235378B9F6D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"UDP Query User{7FFEEE04-E4CC-4717-B794-C251258EABAB}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{8BDA34E8-733A-4BFD-894B-36F5FD3D7019}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{8DF8C2AE-42F2-4790-9DE5-FC95C8E40D6E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9055E64A-DC14-4C0A-9F91-5AC9718B632B}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe |
"UDP Query User{A6F871A5-E37D-4ACF-8B3A-0FB50430A58F}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{AE259E7D-8EA9-4F55-A207-567FD13B4D8F}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe |
"UDP Query User{AEA78220-1D4D-4402-80BC-94B85121AEBC}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{BE7C24C2-945D-4CD1-8A32-03F28EA8204E}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe |
"UDP Query User{C30EE879-B6EA-4E73-BD8D-624C60C1CAF9}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
"UDP Query User{CE215832-CF2C-4C85-8C5D-4EAE7C360821}L:\mh\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\mh\metin2_germany\metin2.bin |
"UDP Query User{D60CB3CB-4B28-4346-A594-1BC8638A8BFB}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe |
"UDP Query User{DE8C7509-9298-44AD-8A5A-66C7693A0518}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe |
"UDP Query User{F01D6A35-3FDD-4F4B-A7A3-1F5D68F97E28}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{FE2903F4-39CB-475D-A372-6ADAD2FFFF5F}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0A2D1DFE-5362-6CCF-46D7-07006D726383}" = CCC Help Russian
"{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All
"{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation
"{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{246DB002-665C-CD60-390A-DE2BE952C7CC}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{427E8045-62BF-DD85-079C-21AE345BA815}" = CCC Help Finnish
"{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing
"{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek
"{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85EC876D-27B4-D811-1419-BB021AEA351C}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{94894501-EC12-432B-B8E2-AA8470CC6266}" = UEFA EURO 2008™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1C4983E-7720-3970-5F21-5AFF18AEF5BD}" = CCC Help Swedish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98898CD-9097-6D0E-C5B8-418433A00717}" = CCC Help Turkish
"{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean
"{C388FB07-1679-E1EF-7DE4-172E3FDB595E}" = CCC Help Norwegian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6900D91-35A7-5DC4-07D4-AF3123BB3422}" = ATI Problem Report Wizard
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French
"{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common
"{EFBF0779-93EE-4261-9CF3-EA68FA7E1152}" = CCC Help Czech
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BFD15D-9EEC-4072-942D-240BA0B99467}" = COMPUTERBILD-Abzockschutz
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7D3AFB4-94A0-4720-AFC6-5B6283DD7606}_is1" = Borderlands v.1.2 and DLCs
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New
"{FD1E62F4-33DC-87C5-8C4A-77D2D8D5ACB8}" = ATI Catalyst Install Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BattlEye" = BattlEye Uninstall
"Counter-Strike 1.6 v28 - DigitalZone" = Counter-Strike 1.6 v28 - DigitalZone
"Cross Fire_is1" = Cross Fire En
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileMenu Tools_is1" = FileMenu Tools
"Free Studio_is1" = Free Studio version 4.1
"Game Cam" = Game Cam 2.54.0.47
"ICQToolbar" = ICQ Toolbar
"JAP" = JAP
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NoIPDUC" = No-IP DUC
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"Tor" = Tor 0.2.1.23
"TVISTA Express Tuner_is1" = DATA BECKER TVISTA Express Tuner
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 31.10.2009 12:06:45 | Computer Name = Senad-PC | Source = ESENT | ID = 215
Description = WinMail (3072) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 01.11.2009 10:39:12 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 03.11.2009 06:29:39 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 04.11.2009 10:15:09 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 21.10.2010 10:27:37 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:25:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:59 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:28:33 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:48 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:47 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:58 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:29:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:33:30 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.10.2010 11:49:35 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 11:51:19 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.10.2010 13:55:43 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 13:57:27 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description =
 
[ TuneUp Events ]
Error - 16.07.2010 07:36:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:38:02 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:38:22 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:38:42 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 16.07.2010 07:40:12 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 17.07.2010 12:07:11 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 18.07.2010 12:56:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 18.07.2010 16:38:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 19.07.2010 05:45:28 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 19.07.2010 07:00:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
 
< End of report >
--- --- ---


OTL) 2log.OTL Logfile:
Code:
OTL logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0    Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe (ActiveState Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) --  File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File not found
SRV - (CLTNetCnService) --  File not found
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found
DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (netr73) -- C:\Windows\System32\DRIVERS\netr73.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "184.73.187.184"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "184.73.187.184"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "184.73.187.184"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
 
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.10.21 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions
[2010.04.27 16:14:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.09 12:05:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.11 00:08:25 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.04.21 12:30:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.10.21 14:30:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.30 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\FirefoxAddon@similarWeb.com
[2010.09.24 22:16:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\isgdcreator@postspectacular.com
[2008.12.23 11:35:24 | 000,001,579 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\aol-search.xml
[2010.10.17 12:30:14 | 000,000,950 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin-1.xml
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin.xml
[2010.08.08 23:07:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.19 18:59:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.04 19:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.04 19:30:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.13 22:29:59 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O24 - Desktop WallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.21 20:01:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Senad\AppData\Roaming\Malwarebytes
[2010.10.21 16:51:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.21 16:51:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.21 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\Senad\Documents\Square Enix
[2010.10.21 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.10.21 14:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.10.15 00:23:25 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.15 00:23:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.15 00:23:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.15 00:23:00 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.15 00:23:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.15 00:23:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.15 00:22:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.15 00:22:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.15 00:22:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.15 00:22:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.15 00:22:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.15 00:22:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.15 00:22:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.15 00:22:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.15 00:22:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.15 00:22:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.15 00:22:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.15 00:22:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.15 00:22:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.15 00:22:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.15 00:22:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.15 00:22:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.15 00:22:54 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.15 00:22:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.15 00:22:52 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.09.29 13:55:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 20:13:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CFCB5B28-9326-4B32-85AB-75602B755434}.job
[2010.10.21 20:01:21 | 000,694,324 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.21 20:01:21 | 000,611,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.21 20:01:21 | 000,148,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.21 20:01:21 | 000,120,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.21 20:01:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.21 19:55:51 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.21 16:31:55 | 284,109,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.18 21:28:12 | 000,002,253 | ---- | M] () -- C:\Users\Senad\Desktop\Steam.lnk
[2010.10.18 12:27:57 | 000,001,053 | ---- | M] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.15 16:37:42 | 000,614,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.09 14:14:14 | 000,073,216 | -HS- | M] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.10.08 14:28:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.08 14:28:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 16:13:05 | 284,109,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.18 12:27:57 | 000,001,053 | ---- | C] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.09 14:13:48 | 000,073,216 | -HS- | C] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.07.19 19:02:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.01 21:49:01 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.31 01:09:20 | 000,001,648 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d8caps.dat
[2009.09.24 20:40:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.13 14:47:15 | 000,322,036 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_nav.dat
[2009.06.13 14:47:15 | 000,003,617 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga.dat
[2009.06.13 14:47:15 | 000,000,422 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_navps.dat
[2009.03.15 17:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Senad\AppData\Roaming\PnkBstrK.sys
[2009.02.25 22:52:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2009.02.25 22:52:51 | 000,016,896 | ---- | C] () -- C:\Windows\System32\WinFl32.sys
[2009.02.25 22:52:51 | 000,000,990 | -HS- | C] () -- C:\Users\Senad\AppData\Roaming\systemfl.$dk
[2009.02.14 10:48:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.13 23:42:05 | 000,002,750 | ---- | C] () -- C:\Users\Senad\AppData\Local\edsinstaller.txt-20090213.log
[2009.02.02 01:11:23 | 000,000,839 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_sta
[2009.02.02 01:11:17 | 000,000,792 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_prof
[2009.02.02 00:57:44 | 000,290,918 | ---- | C] () -- C:\Windows\System32\Install7x.dll
[2008.11.09 14:18:56 | 000,000,173 | ---- | C] () -- C:\Windows\wininit.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.26 09:19:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.07.26 09:18:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.07.26 09:17:44 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.07.24 18:41:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.28 15:16:07 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.06.28 15:16:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.06.19 21:10:01 | 000,000,088 | ---- | C] () -- C:\Users\Senad\AppData\Local\uuttacz.bat
[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.24 12:59:25 | 000,008,836 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d9caps.dat
[2008.05.23 15:39:46 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.05.16 15:09:05 | 000,011,264 | ---- | C] () -- C:\Users\Senad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.14 17:49:49 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.05.14 17:49:48 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007.07.26 21:28:01 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini
[2007.07.26 19:31:59 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---

Anti-Malware)

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4904

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

21.10.2010 20:54:58
mbam-log-2010-10-21 (20-54-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 0
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 23.10.2010 16:38
Zitat:
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 0
Laufzeit: 2 Sekunde(n)
Hier stimmt was nicht. Ein vollständiger Lauf kan keine 2 Sekunden dauern!
Was war da passiert? Wieso wurden keine Objekte durchsucht?

wambo99 24.10.2010 13:46
Also...

1)Malwarebytes schließt nach einem vollständigen Scan ohne eine Log , vllt weil ich schon alle infizierten Objeckte gelöscht habe und somit keine mehr da sind.

2)Hijackthis log:
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:50:07, on 24.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Senad\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Deutschland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - (no file)
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - (no file)
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7688 bytes
--- --- ---
3)OTL , sind beide log's schon oben.

hoff du hast jetzt alles nötige um sagen zu können ob ich ein trojaner auf dem pc habe.
mfg wambo

cosinus 24.10.2010 14:19
Zitat:
1)Malwarebytes schließt nach einem vollständigen Scan ohne eine Log , vllt weil ich schon alle infizierten Objeckte gelöscht habe und somit keine mehr da sind.
Nein das stimmt so nicht. Malwarebytes macht auf Befehl immer einen vollständigen Lauf und schließt sich nicht automatisch, das wäre völlig absurd. Der Quickscan lief doch bei Dir durch?



Zitat:
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Wieso hast Du denn jetzt schon den IE9 drauf, der ist doch noch in der Testphase! Solche Beta-Geschichten und v.a. beim IE sollte man vorsichtig sein. Das ist ein no go auf Produktivsystemen...

wambo99 24.10.2010 19:15
1)Ja quickscan geht einwandfrei , hab grade einen gemacht hier der log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4937

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

24.10.2010 20:11:39
mbam-log-2010-10-24 (20-11-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146801
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

2)Hab den IE9 deinstalliert , nach dem neu start ist der weg.

Was soll ich jetzt machen ohne voll scan?
otl und hijackthis ist soweit fertig.
mfg wambo

cosinus 24.10.2010 20:23
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found
DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "184.73.187.184"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "184.73.187.184"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "184.73.187.184"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
[8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

wambo99 25.10.2010 13:59
All processes killed
========== OTL ==========
Service XDva370 stopped successfully!
Service XDva370 deleted successfully!
File C:\Windows\System32\XDva370.sys File not found not found.
Service XDva352 stopped successfully!
Service XDva352 deleted successfully!
File C:\Windows\System32\XDva352.sys File not found not found.
Service XDva349 stopped successfully!
Service XDva349 deleted successfully!
File C:\Windows\System32\XDva349.sys File not found not found.
Service WinVd32 stopped successfully!
Service WinVd32 deleted successfully!
C:\Windows\System32\WinVd32.sys moved successfully.
Service WinFl32 stopped successfully!
Service WinFl32 deleted successfully!
C:\Windows\System32\WinFl32.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "AOL Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" removed from keyword.URL
Prefs.js: "184.73.187.184" removed from network.proxy.backup.ftp
Prefs.js: 80 removed from network.proxy.backup.ftp_port
Prefs.js: "184.73.187.184" removed from network.proxy.backup.gopher
Prefs.js: 80 removed from network.proxy.backup.gopher_port
Prefs.js: "184.73.187.184" removed from network.proxy.backup.socks
Prefs.js: 80 removed from network.proxy.backup.socks_port
Prefs.js: "184.73.187.184" removed from network.proxy.backup.ssl
Prefs.js: 80 removed from network.proxy.backup.ssl_port
Prefs.js: "184.73.187.184" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: "184.73.187.184" removed from network.proxy.gopher
Prefs.js: 80 removed from network.proxy.gopher_port
Prefs.js: "184.73.187.184" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "184.73.187.184" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "184.73.187.184" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found.
File 0 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Autorun.exe not found.
C:\Users\Senad\Documents\Locker01.flk moved successfully.
ADS C:\ProgramData\TEMP:671329E4 deleted successfully.
ADS C:\ProgramData\TEMP:B203B914 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 49660 bytes
->Temporary Internet Files folder emptied: 687400 bytes
->Flash cache emptied: 75 bytes

User: Public

User: Senad
->Temp folder emptied: 6503783906 bytes
->Temporary Internet Files folder emptied: 11123217 bytes
->Java cache emptied: 30664865 bytes
->FireFox cache emptied: 97237343 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 6445185 bytes
->Flash cache emptied: 1090 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 331776 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25256913 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.367,00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10252010_145459

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


mfg wambo

cosinus 25.10.2010 14:56
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

wambo99 25.10.2010 16:00
Combofix Logfile:
Code:
ComboFix 10-10-24.05 - Senad 25.10.2010  16:51:16.1.3 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3071.2039 [GMT 2:00]
ausgeführt von:: c:\users\Senad\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Senad\AppData\Local\aaoga.dat
c:\users\Senad\AppData\Local\aaoga_nav.dat
c:\users\Senad\AppData\Local\aaoga_navps.dat
c:\users\Senad\AppData\Roaming\.#
D:\install.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-09-25 bis 2010-10-25  ))))))))))))))))))))))))))))))
.

2010-10-25 14:15 . 2010-10-25 14:15        --------        dc----w-        c:\program files\CCleaner
2010-10-25 12:54 . 2010-10-25 12:54        --------        dc----w-        C:\_OTL
2010-10-22 13:44 . 2010-08-17 23:54        280064        -c--a-w-        c:\windows\system32\XpsGdiConverter.dll
2010-10-22 13:44 . 2010-08-17 23:54        135680        -c--a-w-        c:\windows\system32\XpsRasterService.dll
2010-10-22 13:44 . 2010-08-17 23:52        979456        -c--a-w-        c:\windows\system32\MFH264Dec.dll
2010-10-22 13:44 . 2010-08-17 23:51        357376        -c--a-w-        c:\windows\system32\MFHEAACdec.dll
2010-10-22 13:44 . 2010-08-17 23:51        261632        -c--a-w-        c:\windows\system32\mfreadwrite.dll
2010-10-22 13:44 . 2010-08-17 23:51        302592        -c--a-w-        c:\windows\system32\mfmp4src.dll
2010-10-22 13:44 . 2010-08-17 23:50        680960        -c--a-w-        c:\windows\system32\d2d1.dll
2010-10-22 13:44 . 2010-08-17 23:49        1174528        -c--a-w-        c:\windows\system32\d3d10warp.dll
2010-10-22 13:44 . 2010-08-17 23:49        1068032        -c--a-w-        c:\windows\system32\DWrite.dll
2010-10-22 13:44 . 2010-08-17 23:49        797184        -c--a-w-        c:\windows\system32\FntCache.dll
2010-10-22 13:44 . 2010-08-17 23:48        161280        -c--a-w-        c:\windows\system32\d3d10_1.dll
2010-10-22 13:44 . 2010-08-17 23:48        219648        -c--a-w-        c:\windows\system32\d3d10_1core.dll
2010-10-22 13:40 . 2010-10-22 13:40        --------        dc----w-        c:\users\Senad\AppData\Local\Google
2010-10-22 11:38 . 2010-10-07 23:21        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6514632-BC9C-452A-990A-594EB7CF2F2A}\mpengine.dll
2010-10-21 14:52 . 2010-10-21 14:52        --------        dc----w-        c:\users\Senad\AppData\Roaming\Malwarebytes
2010-10-21 14:51 . 2010-04-29 10:19        38224        -c--a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-21 14:51 . 2010-10-21 14:51        --------        dc----w-        c:\program files\Malwarebytes' Anti-Malware
2010-10-21 14:51 . 2010-10-21 14:51        --------        dc----w-        c:\programdata\Malwarebytes
2010-10-21 14:51 . 2010-04-29 10:19        20952        -c--a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-21 12:31 . 2010-10-21 12:31        --------        dc----w-        c:\programdata\McAfee
2010-10-21 12:30 . 2010-10-21 12:34        --------        dc----w-        c:\programdata\NOS
2010-10-09 23:30 . 2010-10-09 23:30        1079048        -c--a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-29 11:55 . 2010-06-22 13:30        2048        -c--a-w-        c:\windows\system32\tzres.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 09:49        222080        -c----w-        c:\windows\system32\MpSigStub.exe
2010-10-08 12:28 . 2010-03-01 19:49        139128        -c--a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-10-08 12:28 . 2010-08-11 18:23        215128        -c--a-w-        c:\windows\system32\PnkBstrB.xtr
2010-10-08 12:28 . 2010-03-01 19:48        215128        -c--a-w-        c:\windows\system32\PnkBstrB.exe
2010-08-17 14:11 . 2010-09-15 11:53        128000        -c--a-w-        c:\windows\system32\spoolsv.exe
2010-08-17 11:27 . 2010-08-17 11:27        418480        -c--a-w-        c:\windows\system32\wrap_oal.dll
2010-08-17 11:27 . 2010-08-17 11:27        115432        -c--a-w-        c:\windows\system32\OpenAL32.dll
2010-08-11 18:17 . 2009-03-15 15:07        138056        -c--a-w-        c:\users\Senad\AppData\Roaming\PnkBstrK.sys
2010-08-11 18:17 . 2010-08-11 18:17        2434856        -c--a-w-        c:\windows\system32\pbsvc_bc2.exe
2010-08-11 18:17 . 2010-03-01 19:48        75064        -c--a-w-        c:\windows\system32\PnkBstrA.exe
2010-08-11 13:50 . 2008-07-24 16:41        691696        -c--a-w-        c:\windows\system32\drivers\sptd.sys
2009-09-25 16:41 . 2009-09-25 16:41        1044480        -c--a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41        200704        -c--a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amsn"="c:\users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe" [2006-11-24 16896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\CCleaner.exe]
path=CCleaner.exe
backup=c:\windows\pss\CCleaner.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\CCleaner.lnk]
path=CCleaner.lnk
backup=c:\windows\pss\CCleaner.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\ccsetup2-14-763.exe]
path=ccsetup2-14-763.exe
backup=c:\windows\pss\ccsetup2-14-763.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-06-15 14:48        326440        -c--a-w-        c:\acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49        151552        -c--a-w-        c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 10:19        1090952        -c--a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16        421888        -c--a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 08:45        1826816        -c--a-w-        c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48        57344        -c--a-w-        c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-11 691696]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 13560]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://go.web.de/home
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} -
FF - ProfilePath - c:\users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 72.44.50.58
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 72.44.50.58
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 72.44.50.58
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 72.44.50.58
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 72.44.50.58
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
FF - plugin: c:\users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-Xpadder - c:\users\Senad\Desktop\Xpadder53\Xpadder.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-25 16:56
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-815123407-3361847440-313347045-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:e5,87,9b,17,e6,53,00,fe,20,6b,2f,d0,9c,53,0c,6b,a1,1a,bd,a4,16,c4,2c,
  e4,d7,0e,cf,92,9d,38,7d,08,2e,9f,c4,94,ce,51,1c,c1,7c,3f,e9,a9,e9,6f,c0,f9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
Zeit der Fertigstellung: 2010-10-25  16:58:24
ComboFix-quarantined-files.txt  2010-10-25 14:58

Vor Suchlauf: 19 Verzeichnis(se), 157.493.424.128 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 157.433.098.240 Bytes frei

- - End Of File - - 1E5870731F1E2FA007B7E0C4BF474D3C
--- --- ---
warte auf anweisungen , mfg wambo

cosinus 25.10.2010 18:31
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

wambo99 26.10.2010 15:37
Gmer log...
GMER Logfile:
Code:
GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-26 16:31:02
Windows 6.0.6002 Service Pack 2
Running: eskuyi7p.exe; Driver: C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\atipmdag.sys                                                                            section is writeable [0x8F805000, 0x2E6316, 0xE8000020]
PAGE    spsys.sys!?SPVersion@@3PADA + 1ABF                                                                                  8AF9B03F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                                  8AF9B0AF 1 Byte  [16]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                                  8AF9B0AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB0                                                                                  8AF9B130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB7                                                                                  8AF9B137 234 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE    ...                                                                                                               
.reloc  C:\Windows\system32\drivers\acedrv11.sys                                                                            section is executable [0x81E11300, 0x25D4C, 0xE0000060]

---- User IAT/EAT - GMER 1.0.15 ----

IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [73FEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [73FC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x8E 0x60 0xB7 0x3C ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                1
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x06 0xB7 0x44 0xB6 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x42 0xFC 0x10 0xA4 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xF7 0x81 0xB7 0xC7 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x57 0x9E 0x9F 0xAF ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                0x49 0x9D 0x98 0xB9 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                    0
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x8E 0x60 0xB7 0x3C ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    1
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x06 0xB7 0x44 0xB6 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x42 0xFC 0x10 0xA4 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF7 0x81 0xB7 0xC7 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x57 0x9E 0x9F 0xAF ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                    0x49 0x9D 0x98 0xB9 ...

---- EOF - GMER 1.0.15 ----
--- --- ---

Osam log..
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 16:33:20 on 26.10.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.11

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"WebSpeech" - ? - C:\PROGRA~1\COMMON~1\WEBSPE~1.0\LgxIEControl.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"AEGIS Protocol (IEEE 802.1x) v3.4.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\Windows\System32\DRIVERS\AegisP.sys
"ASPI32" (ASPI32) - "Adaptec" - C:\Windows\system32\drivers\ASPI32.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Senad\AppData\Local\Temp\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pwrcypow" (pwrcypow) - ? - C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys  (Hidden registry entry, rootkit activity | File not found)
"RT73 USB Wireless LAN Card Driver for Vista" (netr73) - ? - C:\Windows\System32\DRIVERS\netr73.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} "FileMenuTools" - "LopeSoft - Software desarrollado por Rubén López Hernández" - C:\Program Files\LopeSoft\FileMenu Tools\FileMenuTools.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{03B54A4E-A635-418E-81FC-CF60CBB141AA} "SimpleShlExt extension" - ? -  (File not found | COM-object registry key not found)
{7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" - ? -  (File not found | COM-object registry key not found)
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{2D9700CB-A777-4DB0-96E1-1EBEBB7D1510} "{2D9700CB-A777-4DB0-96E1-1EBEBB7D1510}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} "WebSpeech" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" - ? -  (File not found | COM-object registry key not found)
{83A30C59-3A50-49E6-9DAF-4923C4EA3C23} "{83A30C59-3A50-49E6-9DAF-4923C4EA3C23}" - ? -  (File not found | COM-object registry key not found)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"amsn" - ? - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - ? - "C:\Program Files\Bonjour\mDNSResponder.exe"  (File not found)
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe  (File not found)
"getPlus(R) Helper 3004" (nosGetPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll  (File not found)
"Google Updater Service" (gusvc) - ? - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"  (File not found)
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Steam Client Service" (Steam Client Service) - ? - C:\Windows\system32\drivers\Steam Client Service.sys  (File not found)
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - C:\Windows\system32\drivers\CLTNetCnService.sys  (File not found)

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - ? - igfxdev.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - ? - C:\Program Files\Bonjour\mdnsNSP.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index


MBRCheck log...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M5630
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 151):
0x82C34000 \SystemRoot\system32\ntoskrnl.exe
0x82C01000 \SystemRoot\system32\hal.dll
0x80C00000 \SystemRoot\system32\kdcom.dll
0x80C07000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80C77000 \SystemRoot\system32\PSHED.dll
0x80C88000 \SystemRoot\system32\BOOTVID.dll
0x80C90000 \SystemRoot\system32\CLFS.SYS
0x80CD1000 \SystemRoot\system32\CI.dll
0x80DB1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80E2D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80E3A000 \SystemRoot\system32\drivers\acpi.sys
0x80E80000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80E89000 \SystemRoot\system32\drivers\msisadrv.sys
0x80E91000 \SystemRoot\system32\drivers\pci.sys
0x80EB8000 \SystemRoot\System32\drivers\partmgr.sys
0x80EC7000 \SystemRoot\system32\drivers\volmgr.sys
0x80ED6000 \SystemRoot\System32\drivers\volmgrx.sys
0x80F20000 \SystemRoot\system32\drivers\intelide.sys
0x80F27000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80F35000 \SystemRoot\System32\drivers\mountmgr.sys
0x80F45000 \SystemRoot\system32\drivers\atapi.sys
0x80F4D000 \SystemRoot\system32\drivers\ataport.SYS
0x80F6B000 \SystemRoot\system32\drivers\fltmgr.sys
0x80F9D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A803000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A874000 \SystemRoot\system32\drivers\ndis.sys
0x8A97F000 \SystemRoot\system32\drivers\msrpc.sys
0x8A9AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A9E5000 \SystemRoot\System32\drivers\tcpip.sys
0x8AACF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AAEA000 \SystemRoot\System32\Drivers\Ntfs.sys
0x80FAD000 \SystemRoot\system32\drivers\volsnap.sys
0x80FE6000 \SystemRoot\System32\Drivers\spldr.sys
0x80FEE000 \SystemRoot\System32\Drivers\mup.sys
0x8AC0D000 \SystemRoot\System32\drivers\ecache.sys
0x8AC34000 \SystemRoot\system32\drivers\disk.sys
0x8AC45000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC66000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AC8F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC9A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ACA3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ACB2000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8F804000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x8FD65000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FE06000 \SystemRoot\System32\drivers\watchdog.sys
0x8FE12000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE9F000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FEB7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FEC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FF00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FF0F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FF1F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FF2D000 \SystemRoot\system32\DRIVERS\parport.sys
0x8FF58000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FF63000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FF7D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FF87000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FF9F000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FFA1000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0x8FFB2000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8FFC9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ACDC000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AD1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AD28000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AD3F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AD4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD6D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD7C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AD90000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ADA5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ADB5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FFF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADC0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADEA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADF4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AE01000 \SystemRoot\System32\drivers\vga.sys
0x8AE0D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE2E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8AE3D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AE72000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x8AE90000 \SystemRoot\system32\drivers\portcls.sys
0x8AEBD000 \SystemRoot\system32\drivers\drmk.sys
0x91C04000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91DB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91DC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91DD2000 \SystemRoot\System32\Drivers\Null.SYS
0x91DD9000 \SystemRoot\System32\Drivers\Beep.SYS
0x91DE0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91DFC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91E03000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91E0B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91E13000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91E1E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91E2C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91E35000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91E4B000 \SystemRoot\system32\DRIVERS\smb.sys
0x91E5F000 \SystemRoot\system32\drivers\afd.sys
0x91EA7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91ED9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91EEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91EFD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91F10000 \??\C:\Windows\system32\Drivers\vmm.sys
0x91F4B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91F51000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91F8D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91F97000 \SystemRoot\System32\Drivers\dfsc.sys
0x91FAE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91FD0000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x91FD5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91FE2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91FED000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8AEE2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91FF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x99C40000 \SystemRoot\System32\win32k.sys
0x8FF45000 \SystemRoot\System32\drivers\Dxapi.sys
0x91FF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8AEF7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AF07000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91DF3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FF4F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x99E60000 \SystemRoot\System32\TSDDD.dll
0x99E80000 \SystemRoot\System32\cdd.dll
0x8AF1E000 \SystemRoot\system32\drivers\luafv.sys
0x8AF39000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8AF4E000 \SystemRoot\system32\drivers\spsys.sys
0x8FFC2000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x8AC6F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81C09000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81C33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81C3D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81C50000 \SystemRoot\system32\drivers\HTTP.sys
0x81CBD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81CDA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81CF3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81D08000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81D27000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81D60000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81D78000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81DA0000 \SystemRoot\System32\DRIVERS\srv.sys
0x81DEE000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x81DF5000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x81E38000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x81E3F000 \SystemRoot\system32\drivers\peauth.sys
0x81F1D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x81F27000 \SystemRoot\System32\drivers\tcpipreg.sys
0x81F33000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0x81F35000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x81F4A000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x81F5C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x81F72000 \??\C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys
0x771D0000 \Windows\System32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
540 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\atiesrxx.exe
1044 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\SLsvc.exe
1276 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\atieclxx.exe
1480 C:\Windows\System32\svchost.exe
1864 C:\Windows\System32\spoolsv.exe
1908 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1956 C:\Windows\System32\svchost.exe
1972 C:\Windows\System32\taskeng.exe
192 C:\Windows\System32\dwm.exe
508 C:\Windows\explorer.exe
2052 C:\Windows\RtHDVCpl.exe
2064 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2376 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2396 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2480 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2504 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2520 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
2564 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2600 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2724 C:\Windows\System32\PnkBstrA.exe
2736 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2764 C:\Windows\System32\svchost.exe
2932 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2956 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3140 WUDFHost.exe
3252 WmiPrvSE.exe
3488 C:\Program Files\Windows Media Player\wmpnscfg.exe
3556 C:\Windows\System32\mobsync.exe
3756 C:\Program Files\Windows Media Player\wmpnetwk.exe
3932 C:\Windows\System32\taskeng.exe
3176 C:\Users\Senad\Desktop\MBRCheck.exe
1544 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000058`94f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD7500AAKS-00RBA0, Rev: 30.04G30

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


warte auf anweisung , mfg wambo

cosinus 27.10.2010 11:55
Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 3 (für Vista)
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

wambo99 27.10.2010 13:08
hay
wollte noch befor ich dir die 2 logs poste fragen wie viele schritte noch ca nötig sind
bis du mir sagen kannst ob ich ein troyaner auf meinem pc habe.

hier log 1 was ich nach deinen anweisung erstellt habe..

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M5630
Logical Drives Mask: 0x000023fc

Kernel Drivers (total 151):
0x82C44000 \SystemRoot\system32\ntoskrnl.exe
0x82C11000 \SystemRoot\system32\hal.dll
0x80C01000 \SystemRoot\system32\kdcom.dll
0x80C08000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80C78000 \SystemRoot\system32\PSHED.dll
0x80C89000 \SystemRoot\system32\BOOTVID.dll
0x80C91000 \SystemRoot\system32\CLFS.SYS
0x80CD2000 \SystemRoot\system32\CI.dll
0x80DB2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80E2E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80E3B000 \SystemRoot\system32\drivers\acpi.sys
0x80E81000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80E8A000 \SystemRoot\system32\drivers\msisadrv.sys
0x80E92000 \SystemRoot\system32\drivers\pci.sys
0x80EB9000 \SystemRoot\System32\drivers\partmgr.sys
0x80EC8000 \SystemRoot\system32\drivers\volmgr.sys
0x80ED7000 \SystemRoot\System32\drivers\volmgrx.sys
0x80F21000 \SystemRoot\system32\drivers\intelide.sys
0x80F28000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80F36000 \SystemRoot\System32\drivers\mountmgr.sys
0x80F46000 \SystemRoot\system32\drivers\atapi.sys
0x80F4E000 \SystemRoot\system32\drivers\ataport.SYS
0x80F6C000 \SystemRoot\system32\drivers\fltmgr.sys
0x80F9E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A804000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A875000 \SystemRoot\system32\drivers\ndis.sys
0x8A980000 \SystemRoot\system32\drivers\msrpc.sys
0x8A9AB000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A9E6000 \SystemRoot\System32\drivers\tcpip.sys
0x8AAD0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AAEB000 \SystemRoot\System32\Drivers\Ntfs.sys
0x80FAE000 \SystemRoot\system32\drivers\volsnap.sys
0x80FE7000 \SystemRoot\System32\Drivers\spldr.sys
0x80FEF000 \SystemRoot\System32\Drivers\mup.sys
0x8AC05000 \SystemRoot\System32\drivers\ecache.sys
0x8AC2C000 \SystemRoot\system32\drivers\disk.sys
0x8AC3D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC5E000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AC87000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC92000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AC9B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ACAA000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8F405000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x8F966000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FA07000 \SystemRoot\System32\drivers\watchdog.sys
0x8FA13000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FAA0000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FAB8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FAC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FB01000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB10000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FB20000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FB2E000 \SystemRoot\system32\DRIVERS\parport.sys
0x8FB59000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FB64000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FB7E000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FB88000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBA0000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FBA2000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8FBCA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ACD4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AD15000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AD20000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AD37000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AD42000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD65000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD74000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AD88000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AD9D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ADAD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FBF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADB8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADE2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADEC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ADF9000 \SystemRoot\System32\drivers\vga.sys
0x8AE05000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE26000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8AE35000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AE6A000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x8AE88000 \SystemRoot\system32\drivers\portcls.sys
0x8AEB5000 \SystemRoot\system32\drivers\drmk.sys
0x91809000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x919BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x919CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x919D7000 \SystemRoot\System32\Drivers\Null.SYS
0x919DE000 \SystemRoot\System32\Drivers\Beep.SYS
0x919E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91A01000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91A08000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91A10000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91A18000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91A23000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91A31000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91A3A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91A50000 \SystemRoot\system32\DRIVERS\smb.sys
0x91A64000 \SystemRoot\system32\drivers\afd.sys
0x91AAC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91ADE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91AF4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91B02000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91B15000 \??\C:\Windows\system32\Drivers\vmm.sys
0x91B50000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91B56000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91B92000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91B9C000 \SystemRoot\System32\Drivers\dfsc.sys
0x91BB3000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91BD5000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x91BDA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91BE7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91BF2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x91800000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FB46000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x919F8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FBBB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8AEDA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x994B0000 \SystemRoot\System32\win32k.sys
0x8AEF1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8AEFB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8AF04000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x996D0000 \SystemRoot\System32\TSDDD.dll
0x996F0000 \SystemRoot\System32\cdd.dll
0x8AF19000 \SystemRoot\system32\drivers\luafv.sys
0x8AF34000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8140D000 \SystemRoot\system32\drivers\spsys.sys
0x814BD000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x814C2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x814D2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x814FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81506000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81519000 \SystemRoot\system32\drivers\HTTP.sys
0x81586000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x815A3000 \SystemRoot\System32\Drivers\fastfat.SYS
0x815CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x815E4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x815F9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81618000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81651000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81669000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81691000 \SystemRoot\System32\DRIVERS\srv.sys
0x816DF000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x816E6000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x81729000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA5004000 \SystemRoot\system32\drivers\peauth.sys
0xA50E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA50EC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA50F8000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0xA50FA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA510F000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA5121000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76EF0000 \Windows\System32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
540 C:\Windows\System32\smss.exe
612 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\winlogon.exe
1000 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\atiesrxx.exe
1112 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\atieclxx.exe
1916 C:\Windows\System32\spoolsv.exe
1940 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1960 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\dwm.exe
564 C:\Windows\System32\taskeng.exe
600 C:\Windows\explorer.exe
2184 C:\Windows\RtHDVCpl.exe
2192 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2304 C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe
2504 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2520 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2604 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2644 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
2692 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2804 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2820 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2864 C:\Windows\System32\PnkBstrA.exe
2884 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2924 C:\Windows\System32\svchost.exe
3012 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3284 WUDFHost.exe
3352 WmiPrvSE.exe
3644 C:\Program Files\Windows Media Player\wmpnscfg.exe
3720 C:\Windows\System32\mobsync.exe
3960 C:\Program Files\Windows Media Player\wmpnetwk.exe
124 C:\Windows\System32\taskeng.exe
2276 C:\Program Files\Mozilla Firefox\firefox.exe
2252 C:\Program Files\Mozilla Firefox\plugin-container.exe
3952 C:\Users\Senad\Desktop\MBRCheck.exe
3492 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000058`94f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD7500AAKS-00RBA0, Rev: 30.04G30

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!


hier log 2.. was ich mit "n" beendet habe..

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M5630
Logical Drives Mask: 0x000023fc

Kernel Drivers (total 151):
0x82C51000 \SystemRoot\system32\ntoskrnl.exe
0x82C1E000 \SystemRoot\system32\hal.dll
0x80C0D000 \SystemRoot\system32\kdcom.dll
0x80C14000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80C84000 \SystemRoot\system32\PSHED.dll
0x80C95000 \SystemRoot\system32\BOOTVID.dll
0x80C9D000 \SystemRoot\system32\CLFS.SYS
0x80CDE000 \SystemRoot\system32\CI.dll
0x80DBE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80E3A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80E47000 \SystemRoot\system32\drivers\acpi.sys
0x80E8D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80E96000 \SystemRoot\system32\drivers\msisadrv.sys
0x80E9E000 \SystemRoot\system32\drivers\pci.sys
0x80EC5000 \SystemRoot\System32\drivers\partmgr.sys
0x80ED4000 \SystemRoot\system32\drivers\volmgr.sys
0x80EE3000 \SystemRoot\System32\drivers\volmgrx.sys
0x80F2D000 \SystemRoot\system32\drivers\intelide.sys
0x80F34000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80F42000 \SystemRoot\System32\drivers\mountmgr.sys
0x80F52000 \SystemRoot\system32\drivers\atapi.sys
0x80F5A000 \SystemRoot\system32\drivers\ataport.SYS
0x80F78000 \SystemRoot\system32\drivers\fltmgr.sys
0x80FAA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A808000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A879000 \SystemRoot\system32\drivers\ndis.sys
0x8A984000 \SystemRoot\system32\drivers\msrpc.sys
0x8A9AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A9EA000 \SystemRoot\System32\drivers\tcpip.sys
0x8AAD4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AAEF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x80FBA000 \SystemRoot\system32\drivers\volsnap.sys
0x8A800000 \SystemRoot\System32\Drivers\spldr.sys
0x8AC0C000 \SystemRoot\System32\Drivers\mup.sys
0x8AC1B000 \SystemRoot\System32\drivers\ecache.sys
0x8AC42000 \SystemRoot\system32\drivers\disk.sys
0x8AC53000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC74000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AC9D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ACA8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ACB1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ACC0000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8F40D000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x8F96E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FA0F000 \SystemRoot\System32\drivers\watchdog.sys
0x8FA1B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FAA8000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FAC0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FACB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FB09000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB18000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FB28000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FB36000 \SystemRoot\system32\DRIVERS\parport.sys
0x8FB61000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FB6C000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FB86000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FB90000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBA8000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FBAA000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0x8FBBB000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8ACEA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AD19000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FBD2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FBDD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FBF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AD5A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD7D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD8C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ADA0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ADB5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F40B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADC5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADEF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADF9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AE06000 \SystemRoot\System32\drivers\vga.sys
0x8AE12000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE33000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8AE42000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AE77000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x8AE95000 \SystemRoot\system32\drivers\portcls.sys
0x8AEC2000 \SystemRoot\system32\drivers\drmk.sys
0x91806000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x919BA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x919CB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x919D4000 \SystemRoot\System32\Drivers\Null.SYS
0x919DB000 \SystemRoot\System32\Drivers\Beep.SYS
0x919E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x919FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91A05000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91A0D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91A15000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91A20000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91A2E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91A37000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91A4D000 \SystemRoot\system32\DRIVERS\smb.sys
0x91A61000 \SystemRoot\system32\drivers\afd.sys
0x91AA9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91ADB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91AF1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91AFF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91B12000 \??\C:\Windows\system32\Drivers\vmm.sys
0x91B4D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91B53000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91B8F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91B99000 \SystemRoot\System32\Drivers\dfsc.sys
0x91BB0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91BD2000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x91BD7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91BE4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91BEF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x91BF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FB4E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91800000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x919F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8AEE7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x994D0000 \SystemRoot\System32\win32k.sys
0x8FBC3000 \SystemRoot\System32\drivers\Dxapi.sys
0x8AEFE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8AF07000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x996F0000 \SystemRoot\System32\TSDDD.dll
0x99710000 \SystemRoot\System32\cdd.dll
0x8AF1C000 \SystemRoot\system32\drivers\luafv.sys
0x8AF37000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9D007000 \SystemRoot\system32\drivers\spsys.sys
0x9D0B7000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9D0BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D0CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D0F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D100000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D113000 \SystemRoot\system32\drivers\HTTP.sys
0x9D180000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D19D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D1B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D1CB000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9D1F3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D212000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D24B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D263000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D28B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D2D9000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9D2E0000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x9D323000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA6006000 \SystemRoot\system32\drivers\peauth.sys
0xA60E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA60EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA60FA000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0xA60FC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA6111000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6123000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77BB0000 \Windows\System32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
576 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\winlogon.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\atiesrxx.exe
1080 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\SLsvc.exe
1284 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\atieclxx.exe
1844 C:\Windows\System32\spoolsv.exe
1900 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1920 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\dwm.exe
336 C:\Windows\explorer.exe
464 C:\Windows\System32\taskeng.exe
2072 C:\Windows\RtHDVCpl.exe
2080 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2116 C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe
2396 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2412 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2472 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2520 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2536 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
2572 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2716 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2724 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2792 C:\Windows\System32\PnkBstrA.exe
2804 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2832 C:\Windows\System32\svchost.exe
2980 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3144 WUDFHost.exe
3264 WmiPrvSE.exe
3508 C:\Program Files\Windows Media Player\wmpnscfg.exe
3560 C:\Windows\System32\mobsync.exe
3792 C:\Program Files\Windows Media Player\wmpnetwk.exe
3936 C:\Windows\System32\taskeng.exe
1472 C:\Users\Senad\Desktop\MBRCheck.exe
1588 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000058`94f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD7500AAKS-00RBA0, Rev: 30.04G30

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


mfg wambo

cosinus 27.10.2010 17:05
Außer Vista hast Du keine anderen Betriebssysteme drauf?

wambo99 27.10.2010 17:46
nein habe nur vista

mfg wambo

cosinus 27.10.2010 18:01
Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).
Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

wambo99 27.10.2010 18:48
nach dem ich bootrec.exe/fixmbr
standt da ca "es wurde erfolgreich abgeschlossen"...

mfg wambo

cosinus 27.10.2010 21:10
Gut. Dann starte Windows wieder normal und mach ein neues Log mit mbrcheck - poste es.

wambo99 28.10.2010 14:00
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M5630
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 150):
0x82C3D000 \SystemRoot\system32\ntoskrnl.exe
0x82C0A000 \SystemRoot\system32\hal.dll
0x80C06000 \SystemRoot\system32\kdcom.dll
0x80C0D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80C7D000 \SystemRoot\system32\PSHED.dll
0x80C8E000 \SystemRoot\system32\BOOTVID.dll
0x80C96000 \SystemRoot\system32\CLFS.SYS
0x80CD7000 \SystemRoot\system32\CI.dll
0x80DB7000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80E33000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80E40000 \SystemRoot\system32\drivers\acpi.sys
0x80E86000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80E8F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80E97000 \SystemRoot\system32\drivers\pci.sys
0x80EBE000 \SystemRoot\System32\drivers\partmgr.sys
0x80ECD000 \SystemRoot\system32\drivers\volmgr.sys
0x80EDC000 \SystemRoot\System32\drivers\volmgrx.sys
0x80F26000 \SystemRoot\system32\drivers\intelide.sys
0x80F2D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80F3B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80F4B000 \SystemRoot\system32\drivers\atapi.sys
0x80F53000 \SystemRoot\system32\drivers\ataport.SYS
0x80F71000 \SystemRoot\system32\drivers\fltmgr.sys
0x80FA3000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A809000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A87A000 \SystemRoot\system32\drivers\ndis.sys
0x8A985000 \SystemRoot\system32\drivers\msrpc.sys
0x8A9B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A9EB000 \SystemRoot\System32\drivers\tcpip.sys
0x8AAD5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AAF0000 \SystemRoot\System32\Drivers\Ntfs.sys
0x80FB3000 \SystemRoot\system32\drivers\volsnap.sys
0x8A800000 \SystemRoot\System32\Drivers\spldr.sys
0x80FEC000 \SystemRoot\System32\Drivers\mup.sys
0x8AC0F000 \SystemRoot\System32\drivers\ecache.sys
0x8AC36000 \SystemRoot\system32\drivers\disk.sys
0x8AC47000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC68000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AC91000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC9C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ACA5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ACB4000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8F00D000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x8F56E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F60F000 \SystemRoot\System32\drivers\watchdog.sys
0x8F61B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F6A8000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F6C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F6CB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F709000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F718000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F728000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F736000 \SystemRoot\system32\DRIVERS\parport.sys
0x8F761000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F76C000 \SystemRoot\system32\DRIVERS\serial.sys
0x8F786000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8F790000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F7A8000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F7AA000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0x8F7BB000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8ACDE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AD0D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F7D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F7DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F7F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AD4E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD80000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AD94000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ADA9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F00B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADB9000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADE3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ADFA000 \SystemRoot\System32\drivers\vga.sys
0x8AE06000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE27000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8AE36000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AE6B000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x8AE89000 \SystemRoot\system32\drivers\portcls.sys
0x8AEB6000 \SystemRoot\system32\drivers\drmk.sys
0x91805000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x919B9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x919CA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x919D3000 \SystemRoot\System32\Drivers\Null.SYS
0x919DA000 \SystemRoot\System32\Drivers\Beep.SYS
0x919E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x919FD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91A04000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91A0C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91A14000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91A1F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91A2D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91A36000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91A4C000 \SystemRoot\system32\DRIVERS\smb.sys
0x91A60000 \SystemRoot\system32\drivers\afd.sys
0x91AA8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91ADA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91AF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91AFE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91B11000 \??\C:\Windows\system32\Drivers\vmm.sys
0x91B4C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91B52000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91B8E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91B98000 \SystemRoot\System32\Drivers\dfsc.sys
0x91BAF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91BD1000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x91BD6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91BE3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91BEE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8AEDB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91BF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x994B0000 \SystemRoot\System32\win32k.sys
0x8F74E000 \SystemRoot\System32\drivers\Dxapi.sys
0x919F4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8AEF0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AF00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91BF8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F758000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x996D0000 \SystemRoot\System32\TSDDD.dll
0x996F0000 \SystemRoot\System32\cdd.dll
0x8AF17000 \SystemRoot\system32\drivers\luafv.sys
0x8AF32000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8AF47000 \SystemRoot\system32\drivers\spsys.sys
0x91800000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x8AC71000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81801000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8182B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81835000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81848000 \SystemRoot\system32\drivers\HTTP.sys
0x818B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x818D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x818EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81900000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8191F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81958000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81970000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81998000 \SystemRoot\System32\DRIVERS\srv.sys
0x819E6000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x819ED000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x81A30000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x81A37000 \SystemRoot\system32\drivers\peauth.sys
0x81B15000 \SystemRoot\System32\Drivers\secdrv.SYS
0x81B1F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x81B2B000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0x81B2D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x81B42000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x81B54000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77080000 \Windows\System32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
604 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\winlogon.exe
992 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\atiesrxx.exe
1128 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\audiodg.exe
1348 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\SLsvc.exe
1420 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\atieclxx.exe
1588 C:\Windows\System32\svchost.exe
1972 C:\Windows\System32\spoolsv.exe
1996 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2008 C:\Windows\System32\svchost.exe
608 C:\Windows\System32\taskeng.exe
740 C:\Windows\System32\dwm.exe
1476 C:\Windows\explorer.exe
2184 C:\Windows\RtHDVCpl.exe
2236 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2356 C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe
2476 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2492 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2576 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2592 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2616 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
2668 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2704 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2808 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2848 C:\Windows\System32\PnkBstrA.exe
2860 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2904 C:\Windows\System32\svchost.exe
3016 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3264 WUDFHost.exe
3320 WmiPrvSE.exe
3552 C:\Program Files\Windows Media Player\wmpnscfg.exe
3640 C:\Windows\System32\mobsync.exe
3840 C:\Program Files\Windows Media Player\wmpnetwk.exe
1868 C:\Windows\System32\taskeng.exe
1384 C:\Users\Senad\Desktop\MBRCheck.exe
2392 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000058`94f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD7500AAKS-00RBA0, Rev: 30.04G30

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

mfg wambo

cosinus 28.10.2010 18:34
Code:
698 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

wambo99 28.10.2010 20:58
hier erstmal superantispywarte (ziemlich viele cookies =/ )

sas:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 10/28/2010 at 09:48 PM

Application Version : 4.45.1000

Core Rules Database Version : 5767
Trace Rules Database Version: 3579

Scan type : Complete Scan
Total Scan Time : 01:56:46

Memory items scanned : 587
Memory threats detected : 0
Registry items scanned : 7962
Registry threats detected : 0
File items scanned : 184968
File threats detected : 452

Adware.Tracking Cookie
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\senad@atdmt[2].txt
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@atdmt[2].txt
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@doubleclick[1].txt
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@msnportal.112.2o7[1].txt
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@mywebsearch[1].txt
.bs.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ww251.smartadserver.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
Free web counter generator [ C:\Users\Senad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R7D2FKV9 ]
www.naiadsystems.com [ C:\Users\Senad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R7D2FKV9 ]
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@ad.adc-serv[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@ad.adserver01[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@ad.yieldmanager[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@ad.zanox[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@ad2.adfarm1.adition[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@adfarm1.adition[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@apmebf[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@atdmt[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@content.yieldmanager[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@doubleclick[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@elitepvpers[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@fastclick[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@invitemedia[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@tradedoubler[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@traffictrack[1].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@webmasterplan[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@www.elitepvpers[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@zanox-affiliate[2].txt
C:\Users\Senad\AppData\Roaming\Microsoft\Windows\Cookies\Low\senad@zanox[2].txt
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
newsstat.webtoolsonline.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webstats4u.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webstats4u.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Fuckshow.org - www.fuckshow.org - Livecams mit Sound Dildocontrol und viel mehr Jetzt Testen [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
elitepvpers - play less, get more [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
elitepvpers - play less, get more [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
elitepvpers - play less, get more [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
elitepvpers - play less, get more [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
elitepvpers - play less, get more [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads.filmde.global-media.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.zanox.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
media.gan-online.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads8.hermoment.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.adserver01.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.bwincom.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.komtrack.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.komtrack.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads1.adultadvertising.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.advertisingbox.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
www.cdmediaworld.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adx.chip.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webpower.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
UseNeXT | In vollem DSL-Speed aus dem Usenet downloaden! [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
rgadvert.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.hansenet.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
advertiser.contextmatters.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.parship.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.sevenoneintermedia.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.xm.xtendmedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
trafficperformance-de.servertraffic.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
zbox.zanox.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
servertraffic.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.guj.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.skydeutschland.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads7.hermoment.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.bluestreak.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.elitepvpers.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.elitepvpers.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.elitepvpers.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.elitepvpers.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.count.xhit.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adviva.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserv.chirurgie-portal.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads3.exp.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
stats.exp.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
sega.missioncontrol.global-media.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.stats.betradar.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.stats.betradar.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
flagcounter.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.sevenloadgmbh.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Ad-Track.de - Gnstige Online Werbung direkt beim Erzeuger buchen [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.zedo.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.zedo.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adecn.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
www.zanox-affiliate.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
track.adform.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.nacamar.adbureau.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.edge.download.newmedia.nacamar.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.edge.download.newmedia.nacamar.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.opodo.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.secure-hotel-tracker.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.xiti.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.lfstmedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.lfstmedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.himedia.individuad.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
track.webtrekk.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.euros4click.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.game-advertising-online.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.mediamarkt.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
track.webtrekk.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.zedo.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ru4.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ru4.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.cunda.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.clickbank.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.amerigomedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.amerigomedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.stepstone.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.a.revenuemax.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.klicktel.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.klicktel.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
LayerMedia - AdServer 2.8.7 [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
stat.dealtime.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.shopping.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.dealtime.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
www7.addfreestats.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
s07.flagcounter.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
gamer-elite.forenking.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.gamer-elite.forenking.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.gamer-elite.forenking.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad4.adfarm1.adition.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webstats4u.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ero-advertising.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.sexkontakt.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.sexkontakt.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.www.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.eaeacom.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad3.adfarm1.adition.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads2.ontecnia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.paypal.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.kontera.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.clickaider.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
s03.flagcounter.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
openx.blomedia.pl [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
openx.blomedia.pl [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.chitika.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.frontlinegmbh.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.oktoberfest.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.e-2dj6wdkyqjcpedq.stats.esomniture.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads2.werder.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.hannoversche.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.clipscale.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.clipscale.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.clipscale.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.plus.ag [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.atracker.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.interclick.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.interclick.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.interclick.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
stat.leipziger-messe.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.media.photobucket.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adtech.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.advertising.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.i-worx.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.i-worx.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver2.clipkit.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.track.webgains.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver5.bannerwerbung.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver3.bannerwerbung.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads3.net2day.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ads2.net2day.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.3gnet.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.adviva.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.dragerwerk.122.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Google [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
s06.flagcounter.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.spylog.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.openstat.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
Ad-Track.de - Gnstige Online Werbung direkt beim Erzeuger buchen [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.snapfish.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.harrenmedianetwork.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
adserver.itsfogo.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad1.adfarm1.adition.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.revsci.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
ad2.adfarm1.adition.com [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.unitymedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]
.unitymedia.de [ C:\Users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\cookies.sqlite ]

wambo99 28.10.2010 21:02
malware geht der vollscan immernoch nicht ( stürtzt bei ca 50min einfach ab)
hab hier den quickscan gemacht..

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4978

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

28.10.2010 22:02:43
mbam-log-2010-10-28 (22-02-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148401
Laufzeit: 5 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


mfg wambo

cosinus 28.10.2010 21:22
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

wambo99 29.10.2010 12:57
nein alles sauber

cosinus 30.10.2010 17:58
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131