Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: anti-malware log zur auswertung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.10.2010, 16:26   #1
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



hay alle
das ist mein erster post , hoffe hab möglichst wenig fehler.

Ich weiß nicht ob ich ein Trojaner auf dem pc habe oder nicht.
Soll ich mein Computer jetzt formatieren?!
Also hier die log-datei.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4903

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

21.10.2010 17:09:29
mbam-log-2010-10-21 (17-09-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146253
Laufzeit: 11 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

Alt 21.10.2010, 18:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 21.10.2010, 20:48   #3
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



OTL) 1log.OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32C71912-532C-46DC-A9F1-3117924AA21D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3B165C69-9D26-44BE-B2DC-FE5DC002E9AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3F32B2E4-3A82-4D0C-AEEA-B61B0BF5DE3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5654AE0E-1EA0-4A0B-9026-64107BA0CC44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{74AF2B35-6ACC-4C2E-9543-DB5C8DBD03DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{95A09728-FDDE-4E18-972E-04308AFF4960}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A18B548C-C0EB-475A-91FA-E24C8DB91FD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C8251346-EC22-45DA-9B32-B94290017165}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0139E08A-8E94-4ED1-9E82-2DB322639286}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | 
"{0891B45B-7E90-44EB-82A1-B96B7DB8EA58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{09952AAE-AEBA-4F7A-A719-134C30B93ABB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{0BA447DD-343A-41CE-B86D-947C05D113AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0F983182-B487-4736-B8C9-055E11127822}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{24C52D48-F42D-44B2-8812-4B5F0843BE4E}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | 
"{2A289B65-5989-4788-B72E-C35D4D041368}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{33DE3C5E-D188-4B86-A8FE-9EB4AB7D4F41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{34D54E44-4DF4-4CC1-935D-B103A95CA4BB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{3A1A66CF-89C4-4140-9E1D-6FB83769E7DD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3A95E764-3B67-451D-A8E0-E115E0F79DD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{408C8A0E-A038-4D33-ACBE-547831CF647B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{44093CD2-EE1A-4C19-9A39-46E79324D40E}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{45506B92-F2E4-499D-9A0B-709D4E191D81}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4CA9F8D5-4A71-4316-9CFA-90255A760E5F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{516A3F30-B982-4C68-98A1-815BDA9C09B7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5E82F0F2-D36B-48B8-BF86-9BB56965768B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{613FF0EB-27CE-4C3F-8072-675C6F878E0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{666CB7ED-EB3B-429A-8A1A-25EBB902169A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{66DE233B-098B-49CE-AB71-E3376098B3DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{68C57A13-1250-4B1F-B3E6-5BE041E3B096}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{68CCBCF6-EDD7-44BA-B530-6F25B2275430}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe | 
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{715F4E3F-E61B-49DA-A0A4-C8838EB5C7FE}" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{718E1F3D-3478-4706-93DA-80FDB93F5C91}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{73CFC126-588B-4B8D-BFF8-5EA031414D52}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{77465F61-30D9-4856-BB04-D9E3343DEEAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{782EA5B2-9570-4588-9B03-BCC048235648}" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{7956A954-3D7A-47FF-B2AB-0637C1B38963}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{79B6CD9A-3172-493C-AB40-6D5FAE597258}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{7A5D141A-011D-4E41-B0CE-F76C5FEBA09C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{7B0988E3-E402-450B-B444-4E996D66AE46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{7C20506C-7A73-452F-9880-1A9B19C81C9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{7DDC15D9-927F-4582-A895-FA1677F1864B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7EAD9E89-625F-40A3-BEA5-E4A4C187B7CB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{836DE0DE-F505-45C2-B777-4CD4BDEA8061}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{85352D01-C8EB-4E51-9762-E2D67D358707}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{85D8FCA9-1B95-4736-95A6-388D532FA9F7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{87B53806-46A2-4780-922E-C5667112B5E8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{87BF2D87-56AE-4957-939D-AC8EE52F2D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8CF8B9F6-E6D7-4432-947A-3B9C1740CFF7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{8FB08B5E-0EF8-46B2-9C7F-51DB553223C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{9E58D4F7-EDDA-4401-84DD-4C382BCD0257}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{9F69704C-3150-4B7D-AAC1-162572229869}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{A95B063C-149F-4BAA-A831-08499262DD41}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{A9C5BAA8-1155-41D6-A5CD-F9ED0BCC3E2C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{ACD18395-D930-4BA4-8D83-A78C3EEE0426}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{AF362A85-4A49-4660-8065-1E1C5799FC62}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{B806D263-45E2-4604-969F-7EDBF31F4EB3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{B9FEBF8A-B573-4625-BDF8-838BD57AB5E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{BFA89F29-0510-425A-9F99-7F5CC3452369}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{C6089F0E-1C26-4F1C-AE30-5E60D39582A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C7AF4FE9-9374-4EB0-841A-9C7A8A3EA1A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C819C97F-7EED-4D70-9C47-391712BDB5D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C84BE8B8-D5F3-4E3B-B0E4-BC3F38B61605}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{CA27CFD2-5416-47AD-B019-CB52ABD3789A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{CFF8FE96-8004-48CA-95A5-25CD3EDAF231}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{D92B0DFC-EDE2-4DC9-87C3-489860C19AAD}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{DC04695E-E0E3-42D5-B937-21E67D6ADF16}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{E219DC92-3E75-4432-BC6A-B62D818BD9F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E30CA022-1E93-4171-898E-C9EF17E2D396}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{E33026B8-8B24-4146-BF69-78309EF04094}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{ED40B40B-9B5E-4A52-8AAF-E9554F3C7856}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe | 
"TCP Query User{00548D5D-A624-4225-8424-63DB22322BB7}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{07CDED4B-AD87-40F7-9C04-4CA7D58718A0}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | 
"TCP Query User{0852AC21-4C19-46BC-9A59-2F93DCE9DF5D}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"TCP Query User{0995BFBD-357F-4AF2-B95E-E31F9A001970}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
"TCP Query User{0BCEBDC2-D310-4AC0-BD88-D203B97D3834}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"TCP Query User{10694044-61A6-4D36-985A-EAB465ED08F3}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | 
"TCP Query User{14422F3F-3701-45DD-9355-E3994BDB285F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"TCP Query User{146E16A3-D256-4630-BC89-23F26003009D}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"TCP Query User{18D6E447-C6BB-4839-A835-67CCECF58697}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"TCP Query User{1988BD6D-ED36-4F7B-9705-BB2C00294E3A}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"TCP Query User{1A35859B-8B4E-47D3-A52B-F77D6189940C}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{251587BC-C93E-4F41-A6BC-430632C3BFD9}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"TCP Query User{299CC269-A608-4D59-B5A6-980F3BC71CC0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{2B183796-BCE7-468A-BB8D-A754FCEB01C9}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{2D8E5CCD-A3D3-4C3D-8805-7BE68C0FF042}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{39195783-2217-4438-95B6-811630CD9696}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"TCP Query User{3BB4A8E9-6AC4-47F9-B3C4-EEECE138BD2B}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{447EE480-6616-40A4-A606-A6A2E7B89E50}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4D77DD47-3092-486B-BF9D-26359DCC0849}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
"TCP Query User{5437AD72-B13D-4AC7-8D24-6B28CD1B8956}C:\program files\metin2_germany\metin2.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.exe | 
"TCP Query User{588EA4B6-FF03-4D05-9351-48A9B9D09C62}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{58A83585-4A1D-444C-9E00-19CF05643C8E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{74E98653-1C96-4145-9D48-35F8E38AA74B}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"TCP Query User{75550ABD-F21D-4189-B8ED-46C9881782D8}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{83FAEEA6-22F3-4738-A90B-1214E3BC2D7D}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | 
"TCP Query User{8D4E4618-AAC2-4A12-99DC-5F0AE784396B}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"TCP Query User{8F234526-4F13-4E46-9313-B7F595D4EC6E}L:\mh\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\mh\metin2_germany\metin2.bin | 
"TCP Query User{9120E071-628E-44F3-B3B6-153AFB14D314}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"TCP Query User{B8443C0F-BA33-4994-9639-8947AAE670C7}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{C0B98893-7AFD-463F-A985-BB6D9BA4BE6A}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"TCP Query User{C954EB8C-7061-42F1-B49B-8A383A2894B2}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | 
"TCP Query User{D35877DB-698E-4055-A14A-FBAE70796DA3}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | 
"TCP Query User{D5E429BE-48ED-4A23-BC07-485A397D7CB3}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | 
"TCP Query User{D8E51C89-764D-42A8-9637-02ABDFC951B5}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"TCP Query User{E6970AD5-9EC4-4016-BDFC-9F18EE914CBE}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | 
"TCP Query User{F9D35BB9-3096-48B8-A4F9-947D23F58A4D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"TCP Query User{FE8C2221-4E72-4DCF-A051-452FBB5AA03A}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | 
"TCP Query User{FF6E8328-8316-4767-8786-10A9E343FD3F}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{030E5AE0-5AF8-439A-850B-C4E33E8C2273}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"UDP Query User{0B87C1E5-2BA8-405F-8AE1-54CF0A331C54}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{1CFB478F-1B62-451A-8ACC-91C34F6B27FF}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"UDP Query User{1E6129E5-9EF0-4DA9-9F9C-1CB6F670B1F5}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | 
"UDP Query User{29D1CFD1-79FF-47D2-8403-CDEE3785574B}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{2DA8C29F-0DE6-4C2F-911A-A00F84CA115A}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"UDP Query User{2FDFDE65-3D97-4227-A078-08E1CE3DBAFF}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"UDP Query User{31E316F8-AF62-4EFF-80B1-D50421DCEB4F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"UDP Query User{380C8834-B107-41D5-8A30-9D5688E8EBCE}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"UDP Query User{3CBF2878-641F-4ED9-B0F5-BD5D1C00909A}C:\program files\metin2_germany\metin2.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.exe | 
"UDP Query User{413A58BE-956E-45A2-9949-0F04FC9F1F90}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"UDP Query User{45170A0C-15E4-431A-A3C7-48138C0874B6}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | 
"UDP Query User{4D839AF7-4CF3-45FA-B895-290D827C0E30}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{4D8ECD20-81D4-4253-AA5D-1DC07A9B8E6F}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | 
"UDP Query User{4F49D2F3-1D4E-440D-8387-07F82F99B1FA}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | 
"UDP Query User{509B7D0E-5652-4A40-A9D7-FDF1A869E777}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{56278F68-2AA4-47D3-A99C-A6D5C804A6A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{594CD0CB-5510-49A5-B659-2CD8D1AF2BDC}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | 
"UDP Query User{6D4CC943-4CEA-4BA3-8270-2B5ED64293E2}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{6F52EC1B-DFC0-4FD5-960D-F65254698424}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6F9F7F64-140C-40C8-AACB-81EE0ACC6CE7}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"UDP Query User{73839211-8BB1-4D5A-BB42-909B80F3F489}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
"UDP Query User{768FE0FF-DB0F-44FC-B5F6-C9533BAACF33}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{793CE7BE-2943-4B68-A3F1-E235378B9F6D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"UDP Query User{7FFEEE04-E4CC-4717-B794-C251258EABAB}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{8BDA34E8-733A-4BFD-894B-36F5FD3D7019}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"UDP Query User{8DF8C2AE-42F2-4790-9DE5-FC95C8E40D6E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{9055E64A-DC14-4C0A-9F91-5AC9718B632B}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"UDP Query User{A6F871A5-E37D-4ACF-8B3A-0FB50430A58F}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | 
"UDP Query User{AE259E7D-8EA9-4F55-A207-567FD13B4D8F}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | 
"UDP Query User{AEA78220-1D4D-4402-80BC-94B85121AEBC}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{BE7C24C2-945D-4CD1-8A32-03F28EA8204E}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"UDP Query User{C30EE879-B6EA-4E73-BD8D-624C60C1CAF9}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
"UDP Query User{CE215832-CF2C-4C85-8C5D-4EAE7C360821}L:\mh\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\mh\metin2_germany\metin2.bin | 
"UDP Query User{D60CB3CB-4B28-4346-A594-1BC8638A8BFB}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"UDP Query User{DE8C7509-9298-44AD-8A5A-66C7693A0518}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | 
"UDP Query User{F01D6A35-3FDD-4F4B-A7A3-1F5D68F97E28}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"UDP Query User{FE2903F4-39CB-475D-A372-6ADAD2FFFF5F}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0A2D1DFE-5362-6CCF-46D7-07006D726383}" = CCC Help Russian
"{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All
"{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation
"{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{246DB002-665C-CD60-390A-DE2BE952C7CC}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{427E8045-62BF-DD85-079C-21AE345BA815}" = CCC Help Finnish
"{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing
"{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek
"{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85EC876D-27B4-D811-1419-BB021AEA351C}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{94894501-EC12-432B-B8E2-AA8470CC6266}" = UEFA EURO 2008™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1C4983E-7720-3970-5F21-5AFF18AEF5BD}" = CCC Help Swedish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98898CD-9097-6D0E-C5B8-418433A00717}" = CCC Help Turkish
"{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean
"{C388FB07-1679-E1EF-7DE4-172E3FDB595E}" = CCC Help Norwegian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6900D91-35A7-5DC4-07D4-AF3123BB3422}" = ATI Problem Report Wizard
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French
"{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common
"{EFBF0779-93EE-4261-9CF3-EA68FA7E1152}" = CCC Help Czech
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BFD15D-9EEC-4072-942D-240BA0B99467}" = COMPUTERBILD-Abzockschutz
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7D3AFB4-94A0-4720-AFC6-5B6283DD7606}_is1" = Borderlands v.1.2 and DLCs
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New
"{FD1E62F4-33DC-87C5-8C4A-77D2D8D5ACB8}" = ATI Catalyst Install Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BattlEye" = BattlEye Uninstall
"Counter-Strike 1.6 v28 - DigitalZone" = Counter-Strike 1.6 v28 - DigitalZone
"Cross Fire_is1" = Cross Fire En
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileMenu Tools_is1" = FileMenu Tools
"Free Studio_is1" = Free Studio version 4.1
"Game Cam" = Game Cam 2.54.0.47
"ICQToolbar" = ICQ Toolbar
"JAP" = JAP
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NoIPDUC" = No-IP DUC
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"Tor" = Tor 0.2.1.23
"TVISTA Express Tuner_is1" = DATA BECKER TVISTA Express Tuner
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 12:06:45 | Computer Name = Senad-PC | Source = ESENT | ID = 215
Description = WinMail (3072) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 01.11.2009 10:39:12 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.11.2009 06:29:39 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.11.2009 10:15:09 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 21.10.2010 10:27:37 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:25:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:59 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:28:33 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:48 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:47 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:58 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:29:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:33:30 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.10.2010 11:49:35 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 11:51:19 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.10.2010 13:55:43 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 13:57:27 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 16.07.2010 07:36:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:38:02 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:38:22 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:38:42 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:40:12 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 17.07.2010 12:07:11 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 18.07.2010 12:56:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 18.07.2010 16:38:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 19.07.2010 05:45:28 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 19.07.2010 07:00:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
--- --- ---

OTL) 2log.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe (ActiveState Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) --  File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File not found
SRV - (CLTNetCnService) --  File not found
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found
DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (netr73) -- C:\Windows\System32\DRIVERS\netr73.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "184.73.187.184"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "184.73.187.184"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "184.73.187.184"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
 
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.10.21 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions
[2010.04.27 16:14:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.09 12:05:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.11 00:08:25 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.04.21 12:30:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.10.21 14:30:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.30 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\FirefoxAddon@similarWeb.com
[2010.09.24 22:16:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\isgdcreator@postspectacular.com
[2008.12.23 11:35:24 | 000,001,579 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\aol-search.xml
[2010.10.17 12:30:14 | 000,000,950 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin-1.xml
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin.xml
[2010.08.08 23:07:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.19 18:59:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.04 19:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.04 19:30:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.13 22:29:59 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O24 - Desktop WallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.21 20:01:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Senad\AppData\Roaming\Malwarebytes
[2010.10.21 16:51:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.21 16:51:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.21 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\Senad\Documents\Square Enix
[2010.10.21 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.10.21 14:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.10.15 00:23:25 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.15 00:23:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.15 00:23:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.15 00:23:00 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.15 00:23:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.15 00:23:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.15 00:22:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.15 00:22:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.15 00:22:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.15 00:22:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.15 00:22:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.15 00:22:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.15 00:22:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.15 00:22:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.15 00:22:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.15 00:22:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.15 00:22:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.15 00:22:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.15 00:22:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.15 00:22:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.15 00:22:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.15 00:22:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.15 00:22:54 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.15 00:22:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.15 00:22:52 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.09.29 13:55:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 20:13:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CFCB5B28-9326-4B32-85AB-75602B755434}.job
[2010.10.21 20:01:21 | 000,694,324 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.21 20:01:21 | 000,611,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.21 20:01:21 | 000,148,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.21 20:01:21 | 000,120,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.21 20:01:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.21 19:55:51 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.21 16:31:55 | 284,109,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.18 21:28:12 | 000,002,253 | ---- | M] () -- C:\Users\Senad\Desktop\Steam.lnk
[2010.10.18 12:27:57 | 000,001,053 | ---- | M] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.15 16:37:42 | 000,614,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.09 14:14:14 | 000,073,216 | -HS- | M] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.10.08 14:28:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.08 14:28:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 16:13:05 | 284,109,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.18 12:27:57 | 000,001,053 | ---- | C] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.09 14:13:48 | 000,073,216 | -HS- | C] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.07.19 19:02:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.01 21:49:01 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.31 01:09:20 | 000,001,648 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d8caps.dat
[2009.09.24 20:40:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.13 14:47:15 | 000,322,036 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_nav.dat
[2009.06.13 14:47:15 | 000,003,617 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga.dat
[2009.06.13 14:47:15 | 000,000,422 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_navps.dat
[2009.03.15 17:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Senad\AppData\Roaming\PnkBstrK.sys
[2009.02.25 22:52:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2009.02.25 22:52:51 | 000,016,896 | ---- | C] () -- C:\Windows\System32\WinFl32.sys
[2009.02.25 22:52:51 | 000,000,990 | -HS- | C] () -- C:\Users\Senad\AppData\Roaming\systemfl.$dk
[2009.02.14 10:48:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.13 23:42:05 | 000,002,750 | ---- | C] () -- C:\Users\Senad\AppData\Local\edsinstaller.txt-20090213.log
[2009.02.02 01:11:23 | 000,000,839 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_sta
[2009.02.02 01:11:17 | 000,000,792 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_prof
[2009.02.02 00:57:44 | 000,290,918 | ---- | C] () -- C:\Windows\System32\Install7x.dll
[2008.11.09 14:18:56 | 000,000,173 | ---- | C] () -- C:\Windows\wininit.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.26 09:19:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.07.26 09:18:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.07.26 09:17:44 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.07.24 18:41:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.28 15:16:07 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.06.28 15:16:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.06.19 21:10:01 | 000,000,088 | ---- | C] () -- C:\Users\Senad\AppData\Local\uuttacz.bat
[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.24 12:59:25 | 000,008,836 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d9caps.dat
[2008.05.23 15:39:46 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.05.16 15:09:05 | 000,011,264 | ---- | C] () -- C:\Users\Senad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.14 17:49:49 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.05.14 17:49:48 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007.07.26 21:28:01 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini
[2007.07.26 19:31:59 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---
Anti-Malware)

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4904

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

21.10.2010 20:54:58
mbam-log-2010-10-21 (20-54-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 0
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 21.10.2010, 20:48   #4
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



OTL) 1log.OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32C71912-532C-46DC-A9F1-3117924AA21D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3B165C69-9D26-44BE-B2DC-FE5DC002E9AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3F32B2E4-3A82-4D0C-AEEA-B61B0BF5DE3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5654AE0E-1EA0-4A0B-9026-64107BA0CC44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{74AF2B35-6ACC-4C2E-9543-DB5C8DBD03DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{95A09728-FDDE-4E18-972E-04308AFF4960}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A18B548C-C0EB-475A-91FA-E24C8DB91FD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C8251346-EC22-45DA-9B32-B94290017165}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0139E08A-8E94-4ED1-9E82-2DB322639286}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | 
"{0891B45B-7E90-44EB-82A1-B96B7DB8EA58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{09952AAE-AEBA-4F7A-A719-134C30B93ABB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{0BA447DD-343A-41CE-B86D-947C05D113AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0F983182-B487-4736-B8C9-055E11127822}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{24C52D48-F42D-44B2-8812-4B5F0843BE4E}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe | 
"{2A289B65-5989-4788-B72E-C35D4D041368}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{33DE3C5E-D188-4B86-A8FE-9EB4AB7D4F41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{34D54E44-4DF4-4CC1-935D-B103A95CA4BB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{3A1A66CF-89C4-4140-9E1D-6FB83769E7DD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3A95E764-3B67-451D-A8E0-E115E0F79DD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{408C8A0E-A038-4D33-ACBE-547831CF647B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{44093CD2-EE1A-4C19-9A39-46E79324D40E}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{45506B92-F2E4-499D-9A0B-709D4E191D81}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4CA9F8D5-4A71-4316-9CFA-90255A760E5F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{516A3F30-B982-4C68-98A1-815BDA9C09B7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5E82F0F2-D36B-48B8-BF86-9BB56965768B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{613FF0EB-27CE-4C3F-8072-675C6F878E0C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{666CB7ED-EB3B-429A-8A1A-25EBB902169A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{66DE233B-098B-49CE-AB71-E3376098B3DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{68C57A13-1250-4B1F-B3E6-5BE041E3B096}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{68CCBCF6-EDD7-44BA-B530-6F25B2275430}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe | 
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{715F4E3F-E61B-49DA-A0A4-C8838EB5C7FE}" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{718E1F3D-3478-4706-93DA-80FDB93F5C91}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{73CFC126-588B-4B8D-BFF8-5EA031414D52}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{77465F61-30D9-4856-BB04-D9E3343DEEAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{782EA5B2-9570-4588-9B03-BCC048235648}" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{7956A954-3D7A-47FF-B2AB-0637C1B38963}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{79B6CD9A-3172-493C-AB40-6D5FAE597258}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{7A5D141A-011D-4E41-B0CE-F76C5FEBA09C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{7B0988E3-E402-450B-B444-4E996D66AE46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{7C20506C-7A73-452F-9880-1A9B19C81C9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{7DDC15D9-927F-4582-A895-FA1677F1864B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7EAD9E89-625F-40A3-BEA5-E4A4C187B7CB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{836DE0DE-F505-45C2-B777-4CD4BDEA8061}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{85352D01-C8EB-4E51-9762-E2D67D358707}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{85D8FCA9-1B95-4736-95A6-388D532FA9F7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{87B53806-46A2-4780-922E-C5667112B5E8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{87BF2D87-56AE-4957-939D-AC8EE52F2D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8CF8B9F6-E6D7-4432-947A-3B9C1740CFF7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{8FB08B5E-0EF8-46B2-9C7F-51DB553223C3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{9E58D4F7-EDDA-4401-84DD-4C382BCD0257}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{9F69704C-3150-4B7D-AAC1-162572229869}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{A95B063C-149F-4BAA-A831-08499262DD41}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{A9C5BAA8-1155-41D6-A5CD-F9ED0BCC3E2C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{ACD18395-D930-4BA4-8D83-A78C3EEE0426}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{AF362A85-4A49-4660-8065-1E1C5799FC62}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{B806D263-45E2-4604-969F-7EDBF31F4EB3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{B9FEBF8A-B573-4625-BDF8-838BD57AB5E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{BFA89F29-0510-425A-9F99-7F5CC3452369}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{C6089F0E-1C26-4F1C-AE30-5E60D39582A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C7AF4FE9-9374-4EB0-841A-9C7A8A3EA1A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C819C97F-7EED-4D70-9C47-391712BDB5D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C84BE8B8-D5F3-4E3B-B0E4-BC3F38B61605}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{CA27CFD2-5416-47AD-B019-CB52ABD3789A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{CFF8FE96-8004-48CA-95A5-25CD3EDAF231}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{D92B0DFC-EDE2-4DC9-87C3-489860C19AAD}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{DC04695E-E0E3-42D5-B937-21E67D6ADF16}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{E219DC92-3E75-4432-BC6A-B62D818BD9F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E30CA022-1E93-4171-898E-C9EF17E2D396}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{E33026B8-8B24-4146-BF69-78309EF04094}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{ED40B40B-9B5E-4A52-8AAF-E9554F3C7856}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe | 
"TCP Query User{00548D5D-A624-4225-8424-63DB22322BB7}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{07CDED4B-AD87-40F7-9C04-4CA7D58718A0}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | 
"TCP Query User{0852AC21-4C19-46BC-9A59-2F93DCE9DF5D}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"TCP Query User{0995BFBD-357F-4AF2-B95E-E31F9A001970}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
"TCP Query User{0BCEBDC2-D310-4AC0-BD88-D203B97D3834}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"TCP Query User{10694044-61A6-4D36-985A-EAB465ED08F3}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | 
"TCP Query User{14422F3F-3701-45DD-9355-E3994BDB285F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"TCP Query User{146E16A3-D256-4630-BC89-23F26003009D}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"TCP Query User{18D6E447-C6BB-4839-A835-67CCECF58697}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"TCP Query User{1988BD6D-ED36-4F7B-9705-BB2C00294E3A}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"TCP Query User{1A35859B-8B4E-47D3-A52B-F77D6189940C}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{251587BC-C93E-4F41-A6BC-430632C3BFD9}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"TCP Query User{299CC269-A608-4D59-B5A6-980F3BC71CC0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{2B183796-BCE7-468A-BB8D-A754FCEB01C9}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{2D8E5CCD-A3D3-4C3D-8805-7BE68C0FF042}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{39195783-2217-4438-95B6-811630CD9696}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"TCP Query User{3BB4A8E9-6AC4-47F9-B3C4-EEECE138BD2B}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{447EE480-6616-40A4-A606-A6A2E7B89E50}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4D77DD47-3092-486B-BF9D-26359DCC0849}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
"TCP Query User{5437AD72-B13D-4AC7-8D24-6B28CD1B8956}C:\program files\metin2_germany\metin2.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.exe | 
"TCP Query User{588EA4B6-FF03-4D05-9351-48A9B9D09C62}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{58A83585-4A1D-444C-9E00-19CF05643C8E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{74E98653-1C96-4145-9D48-35F8E38AA74B}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"TCP Query User{75550ABD-F21D-4189-B8ED-46C9881782D8}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{83FAEEA6-22F3-4738-A90B-1214E3BC2D7D}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | 
"TCP Query User{8D4E4618-AAC2-4A12-99DC-5F0AE784396B}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"TCP Query User{8F234526-4F13-4E46-9313-B7F595D4EC6E}L:\mh\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\mh\metin2_germany\metin2.bin | 
"TCP Query User{9120E071-628E-44F3-B3B6-153AFB14D314}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"TCP Query User{B8443C0F-BA33-4994-9639-8947AAE670C7}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 
"TCP Query User{C0B98893-7AFD-463F-A985-BB6D9BA4BE6A}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"TCP Query User{C954EB8C-7061-42F1-B49B-8A383A2894B2}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | 
"TCP Query User{D35877DB-698E-4055-A14A-FBAE70796DA3}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | 
"TCP Query User{D5E429BE-48ED-4A23-BC07-485A397D7CB3}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | 
"TCP Query User{D8E51C89-764D-42A8-9637-02ABDFC951B5}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"TCP Query User{E6970AD5-9EC4-4016-BDFC-9F18EE914CBE}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | 
"TCP Query User{F9D35BB9-3096-48B8-A4F9-947D23F58A4D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"TCP Query User{FE8C2221-4E72-4DCF-A051-452FBB5AA03A}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | 
"TCP Query User{FF6E8328-8316-4767-8786-10A9E343FD3F}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{030E5AE0-5AF8-439A-850B-C4E33E8C2273}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"UDP Query User{0B87C1E5-2BA8-405F-8AE1-54CF0A331C54}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{1CFB478F-1B62-451A-8ACC-91C34F6B27FF}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"UDP Query User{1E6129E5-9EF0-4DA9-9F9C-1CB6F670B1F5}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | 
"UDP Query User{29D1CFD1-79FF-47D2-8403-CDEE3785574B}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{2DA8C29F-0DE6-4C2F-911A-A00F84CA115A}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"UDP Query User{2FDFDE65-3D97-4227-A078-08E1CE3DBAFF}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"UDP Query User{31E316F8-AF62-4EFF-80B1-D50421DCEB4F}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"UDP Query User{380C8834-B107-41D5-8A30-9D5688E8EBCE}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"UDP Query User{3CBF2878-641F-4ED9-B0F5-BD5D1C00909A}C:\program files\metin2_germany\metin2.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.exe | 
"UDP Query User{413A58BE-956E-45A2-9949-0F04FC9F1F90}C:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\launcher.exe | 
"UDP Query User{45170A0C-15E4-431A-A3C7-48138C0874B6}C:\programdata\kaspersky lab setup files\kav 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kav 2009\setup.exe | 
"UDP Query User{4D839AF7-4CF3-45FA-B895-290D827C0E30}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{4D8ECD20-81D4-4253-AA5D-1DC07A9B8E6F}L:\neuer ordner\neu\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\neuer ordner\neu\metin2_germany\metin2.bin | 
"UDP Query User{4F49D2F3-1D4E-440D-8387-07F82F99B1FA}C:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\operator\opera\opera.exe | 
"UDP Query User{509B7D0E-5652-4A40-A9D7-FDF1A869E777}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{56278F68-2AA4-47D3-A99C-A6D5C804A6A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{594CD0CB-5510-49A5-B659-2CD8D1AF2BDC}E:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\shadowrun\shadowrun.exe | 
"UDP Query User{6D4CC943-4CEA-4BA3-8270-2B5ED64293E2}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{6F52EC1B-DFC0-4FD5-960D-F65254698424}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6F9F7F64-140C-40C8-AACB-81EE0ACC6CE7}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin | 
"UDP Query User{73839211-8BB1-4D5A-BB42-909B80F3F489}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 
"UDP Query User{768FE0FF-DB0F-44FC-B5F6-C9533BAACF33}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{793CE7BE-2943-4B68-A3F1-E235378B9F6D}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"UDP Query User{7FFEEE04-E4CC-4717-B794-C251258EABAB}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{8BDA34E8-733A-4BFD-894B-36F5FD3D7019}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"UDP Query User{8DF8C2AE-42F2-4790-9DE5-FC95C8E40D6E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{9055E64A-DC14-4C0A-9F91-5AC9718B632B}C:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\counter-strike source\hl2.exe | 
"UDP Query User{A6F871A5-E37D-4ACF-8B3A-0FB50430A58F}C:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\fogdownloader-rom_3_0_1_2153.exe | 
"UDP Query User{AE259E7D-8EA9-4F55-A207-567FD13B4D8F}C:\users\senad\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\senad\temp\teamviewer\version5\teamviewer.exe | 
"UDP Query User{AEA78220-1D4D-4402-80BC-94B85121AEBC}C:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{BE7C24C2-945D-4CD1-8A32-03F28EA8204E}C:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\world of warcraft\repair.exe | 
"UDP Query User{C30EE879-B6EA-4E73-BD8D-624C60C1CAF9}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
"UDP Query User{CE215832-CF2C-4C85-8C5D-4EAE7C360821}L:\mh\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=l:\mh\metin2_germany\metin2.bin | 
"UDP Query User{D60CB3CB-4B28-4346-A594-1BC8638A8BFB}C:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\b&a\benny\programms\amsnportable\app\amsn\bin\wish.exe | 
"UDP Query User{DE8C7509-9298-44AD-8A5A-66C7693A0518}C:\users\senad\desktop\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\senad\desktop\operator\opera\opera.exe | 
"UDP Query User{F01D6A35-3FDD-4F4B-A7A3-1F5D68F97E28}C:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"UDP Query User{FE2903F4-39CB-475D-A372-6ADAD2FFFF5F}C:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derpatesource\day of defeat source\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0746324A-74A1-DD6E-3DC7-89FF5432D29D}" = CCC Help Thai
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0A2D1DFE-5362-6CCF-46D7-07006D726383}" = CCC Help Russian
"{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All
"{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation
"{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{246DB002-665C-CD60-390A-DE2BE952C7CC}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{427E8045-62BF-DD85-079C-21AE345BA815}" = CCC Help Finnish
"{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing
"{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek
"{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BECB8AC-C406-0434-509F-351A17000E8F}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85EC876D-27B4-D811-1419-BB021AEA351C}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A211E60-DD55-FF66-1C10-FFA05BB32CDA}" = CCC Help Chinese Traditional
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9312191B-30A5-44E1-8D8D-6936FE06CDE8}" = Wanted: Weapons of Fate
"{94894501-EC12-432B-B8E2-AA8470CC6266}" = UEFA EURO 2008™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1C4983E-7720-3970-5F21-5AFF18AEF5BD}" = CCC Help Swedish
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6E14B01-0C5F-6509-0F27-C92F44DBF34C}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98898CD-9097-6D0E-C5B8-418433A00717}" = CCC Help Turkish
"{C07B4B1F-0BD1-7C1A-5765-FAC354EB9AD7}" = CCC Help Korean
"{C388FB07-1679-E1EF-7DE4-172E3FDB595E}" = CCC Help Norwegian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6900D91-35A7-5DC4-07D4-AF3123BB3422}" = ATI Problem Report Wizard
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French
"{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common
"{EFBF0779-93EE-4261-9CF3-EA68FA7E1152}" = CCC Help Czech
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BFD15D-9EEC-4072-942D-240BA0B99467}" = COMPUTERBILD-Abzockschutz
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7D3AFB4-94A0-4720-AFC6-5B6283DD7606}_is1" = Borderlands v.1.2 and DLCs
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New
"{FD1E62F4-33DC-87C5-8C4A-77D2D8D5ACB8}" = ATI Catalyst Install Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BattlEye" = BattlEye Uninstall
"Counter-Strike 1.6 v28 - DigitalZone" = Counter-Strike 1.6 v28 - DigitalZone
"Cross Fire_is1" = Cross Fire En
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileMenu Tools_is1" = FileMenu Tools
"Free Studio_is1" = Free Studio version 4.1
"Game Cam" = Game Cam 2.54.0.47
"ICQToolbar" = ICQ Toolbar
"JAP" = JAP
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NoIPDUC" = No-IP DUC
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"Tor" = Tor 0.2.1.23
"TVISTA Express Tuner_is1" = DATA BECKER TVISTA Express Tuner
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 30.10.2009 06:33:19 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:46:58 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 11:48:56 | Computer Name = Senad-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 31.10.2009 12:06:45 | Computer Name = Senad-PC | Source = ESENT | ID = 215
Description = WinMail (3072) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 01.11.2009 10:39:12 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.11.2009 06:29:39 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.11.2009 10:15:09 | Computer Name = Senad-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 21.10.2010 10:27:37 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:25:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:59 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:28:33 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:29:48 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:47 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 10:31:58 | Computer Name = Senad-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.10.2010 um 16:29:59 unerwartet heruntergefahren.
 
Error - 21.10.2010 10:33:30 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.10.2010 11:49:35 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 11:51:19 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.10.2010 13:55:43 | Computer Name = Senad-PC | Source = amdkmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 21.10.2010 13:57:27 | Computer Name = Senad-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 16.07.2010 07:36:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:38:02 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:38:22 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:38:42 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 16.07.2010 07:40:12 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 17.07.2010 12:07:11 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 18.07.2010 12:56:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 18.07.2010 16:38:32 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 19.07.2010 05:45:28 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 19.07.2010 07:00:38 | Computer Name = Senad-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
--- --- ---


OTL) 2log.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2010 20:15:48 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\Senad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 344,57 Gb Total Space | 148,18 Gb Free Space | 43,01% Space Free | Partition Type: NTFS
Drive D: | 294,73 Gb Total Space | 293,62 Gb Free Space | 99,62% Space Free | Partition Type: NTFS
 
Computer Name: SENAD-PC | User Name: Senad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe (ActiveState Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Senad\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) --  File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File not found
SRV - (CLTNetCnService) --  File not found
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found
DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (netr73) -- C:\Windows\System32\DRIVERS\netr73.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "184.73.187.184"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "184.73.187.184"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "184.73.187.184"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 14:29:26 | 000,000,000 | ---D | M]
 
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions
[2009.03.21 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.10.21 14:30:44 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions
[2010.04.27 16:14:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.09 12:05:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.11 00:08:25 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.04.21 12:30:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.10.21 14:30:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.30 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\FirefoxAddon@similarWeb.com
[2010.09.24 22:16:38 | 000,000,000 | ---D | M] -- C:\Users\Senad\AppData\Roaming\mozilla\Firefox\Profiles\icn6lvqq.default\extensions\isgdcreator@postspectacular.com
[2008.12.23 11:35:24 | 000,001,579 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\aol-search.xml
[2010.10.17 12:30:14 | 000,000,950 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin-1.xml
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Senad\AppData\Roaming\Mozilla\FireFox\Profiles\icn6lvqq.default\searchplugins\icqplugin.xml
[2010.08.08 23:07:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.19 18:59:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.04 19:30:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.04 19:30:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.13 22:29:59 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O24 - Desktop WallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Senad\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.21 20:01:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Senad\AppData\Roaming\Malwarebytes
[2010.10.21 16:51:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.21 16:51:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.21 16:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.21 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\Senad\Documents\Square Enix
[2010.10.21 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.10.21 14:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.10.15 00:23:25 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.15 00:23:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.15 00:23:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.15 00:23:00 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.15 00:23:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.15 00:23:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.15 00:22:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.15 00:22:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.15 00:22:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.15 00:22:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.15 00:22:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.15 00:22:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.15 00:22:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.15 00:22:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.15 00:22:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.15 00:22:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.15 00:22:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.15 00:22:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.15 00:22:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.15 00:22:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.15 00:22:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.15 00:22:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.15 00:22:54 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.15 00:22:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.15 00:22:52 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.09.29 13:55:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 20:13:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CFCB5B28-9326-4B32-85AB-75602B755434}.job
[2010.10.21 20:01:21 | 000,694,324 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.21 20:01:21 | 000,611,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.21 20:01:21 | 000,148,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.21 20:01:21 | 000,120,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.21 20:01:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Senad\Desktop\OTL.exe
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.21 19:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.21 19:55:51 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.21 16:31:55 | 284,109,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.18 21:28:12 | 000,002,253 | ---- | M] () -- C:\Users\Senad\Desktop\Steam.lnk
[2010.10.18 12:27:57 | 000,001,053 | ---- | M] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.15 16:37:42 | 000,614,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.09 14:14:14 | 000,073,216 | -HS- | M] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.10.08 14:28:24 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.08 14:28:15 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[8248.11.22 10:04:21 | 000,000,000 | ---- | C] () -- C:\Users\Senad\Documents\Locker01.flk
[2010.10.21 16:13:05 | 284,109,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.18 12:27:57 | 000,001,053 | ---- | C] () -- C:\Users\Senad\Desktop\pes2010plus.exe.lnk
[2010.10.09 14:13:48 | 000,073,216 | -HS- | C] () -- C:\Users\Senad\Desktop\ehthumbs_vista.db
[2010.07.19 19:02:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.01 21:49:01 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.31 01:09:20 | 000,001,648 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d8caps.dat
[2009.09.24 20:40:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.13 14:47:15 | 000,322,036 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_nav.dat
[2009.06.13 14:47:15 | 000,003,617 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga.dat
[2009.06.13 14:47:15 | 000,000,422 | ---- | C] () -- C:\Users\Senad\AppData\Local\aaoga_navps.dat
[2009.03.15 17:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Senad\AppData\Roaming\PnkBstrK.sys
[2009.02.25 22:52:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2009.02.25 22:52:51 | 000,016,896 | ---- | C] () -- C:\Windows\System32\WinFl32.sys
[2009.02.25 22:52:51 | 000,000,990 | -HS- | C] () -- C:\Users\Senad\AppData\Roaming\systemfl.$dk
[2009.02.14 10:48:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.13 23:42:05 | 000,002,750 | ---- | C] () -- C:\Users\Senad\AppData\Local\edsinstaller.txt-20090213.log
[2009.02.02 01:11:23 | 000,000,839 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_sta
[2009.02.02 01:11:17 | 000,000,792 | ---- | C] () -- C:\Users\Senad\AppData\Local\RT73_{CDF782BB-490E-454D-A521-D7E82879D4EB}_prof
[2009.02.02 00:57:44 | 000,290,918 | ---- | C] () -- C:\Windows\System32\Install7x.dll
[2008.11.09 14:18:56 | 000,000,173 | ---- | C] () -- C:\Windows\wininit.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.26 09:19:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.07.26 09:18:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.07.26 09:17:44 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.07.24 18:41:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.06.28 15:16:07 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.06.28 15:16:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.06.19 21:10:01 | 000,000,088 | ---- | C] () -- C:\Users\Senad\AppData\Local\uuttacz.bat
[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.24 12:59:25 | 000,008,836 | ---- | C] () -- C:\Users\Senad\AppData\Local\d3d9caps.dat
[2008.05.23 15:39:46 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.05.16 15:09:05 | 000,011,264 | ---- | C] () -- C:\Users\Senad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.14 17:49:49 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.05.14 17:49:48 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007.07.26 21:28:01 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini
[2007.07.26 19:31:59 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---

Anti-Malware)

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4904

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

21.10.2010 20:54:58
mbam-log-2010-10-21 (20-54-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 0
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 23.10.2010, 16:38   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Zitat:
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 0
Laufzeit: 2 Sekunde(n)
Hier stimmt was nicht. Ein vollständiger Lauf kan keine 2 Sekunden dauern!
Was war da passiert? Wieso wurden keine Objekte durchsucht?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2010, 13:46   #6
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Also...

1)Malwarebytes schließt nach einem vollständigen Scan ohne eine Log , vllt weil ich schon alle infizierten Objeckte gelöscht habe und somit keine mehr da sind.

2)Hijackthis log:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:50:07, on 24.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\bin\wish.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Senad\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Deutschland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [amsn] C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - (no file)
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - (no file)
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7688 bytes
         
--- --- ---
3)OTL , sind beide log's schon oben.

hoff du hast jetzt alles nötige um sagen zu können ob ich ein trojaner auf dem pc habe.
mfg wambo

Alt 24.10.2010, 14:19   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Zitat:
1)Malwarebytes schließt nach einem vollständigen Scan ohne eine Log , vllt weil ich schon alle infizierten Objeckte gelöscht habe und somit keine mehr da sind.
Nein das stimmt so nicht. Malwarebytes macht auf Befehl immer einen vollständigen Lauf und schließt sich nicht automatisch, das wäre völlig absurd. Der Quickscan lief doch bei Dir durch?



Zitat:
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Wieso hast Du denn jetzt schon den IE9 drauf, der ist doch noch in der Testphase! Solche Beta-Geschichten und v.a. beim IE sollte man vorsichtig sein. Das ist ein no go auf Produktivsystemen...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2010, 19:15   #8
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



1)Ja quickscan geht einwandfrei , hab grade einen gemacht hier der log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4937

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

24.10.2010 20:11:39
mbam-log-2010-10-24 (20-11-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146801
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

2)Hab den IE9 deinstalliert , nach dem neu start ist der weg.

Was soll ich jetzt machen ohne voll scan?
otl und HijackThis ist soweit fertig.
mfg wambo

Alt 24.10.2010, 20:23   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found
DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (WinVd32) -- C:\Windows\System32\WinVd32.sys ()
DRV - (WinFl32) -- C:\Windows\System32\WinFl32.sys ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.178.162:3128
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..network.proxy.backup.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "184.73.187.184"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "184.73.187.184"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "184.73.187.184"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "184.73.187.184"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "184.73.187.184"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "184.73.187.184"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell - "" = AutoRun
O33 - MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
[8248.11.22 10:04:21 | 000,000,000 | ---- | M] () -- C:\Users\Senad\Documents\Locker01.flk
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2010, 13:59   #10
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



All processes killed
========== OTL ==========
Service XDva370 stopped successfully!
Service XDva370 deleted successfully!
File C:\Windows\System32\XDva370.sys File not found not found.
Service XDva352 stopped successfully!
Service XDva352 deleted successfully!
File C:\Windows\System32\XDva352.sys File not found not found.
Service XDva349 stopped successfully!
Service XDva349 deleted successfully!
File C:\Windows\System32\XDva349.sys File not found not found.
Service WinVd32 stopped successfully!
Service WinVd32 deleted successfully!
C:\Windows\System32\WinVd32.sys moved successfully.
Service WinFl32 stopped successfully!
Service WinFl32 deleted successfully!
C:\Windows\System32\WinFl32.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "AOL Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" removed from keyword.URL
Prefs.js: "184.73.187.184" removed from network.proxy.backup.ftp
Prefs.js: 80 removed from network.proxy.backup.ftp_port
Prefs.js: "184.73.187.184" removed from network.proxy.backup.gopher
Prefs.js: 80 removed from network.proxy.backup.gopher_port
Prefs.js: "184.73.187.184" removed from network.proxy.backup.socks
Prefs.js: 80 removed from network.proxy.backup.socks_port
Prefs.js: "184.73.187.184" removed from network.proxy.backup.ssl
Prefs.js: 80 removed from network.proxy.backup.ssl_port
Prefs.js: "184.73.187.184" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: "184.73.187.184" removed from network.proxy.gopher
Prefs.js: 80 removed from network.proxy.gopher_port
Prefs.js: "184.73.187.184" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "184.73.187.184" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "184.73.187.184" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24792eba-a56c-11df-82e1-0019214b84c6}\ not found.
File 0 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Autorun.exe not found.
C:\Users\Senad\Documents\Locker01.flk moved successfully.
ADS C:\ProgramData\TEMP:671329E4 deleted successfully.
ADS C:\ProgramData\TEMP:B203B914 deleted successfully.
ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 49660 bytes
->Temporary Internet Files folder emptied: 687400 bytes
->Flash cache emptied: 75 bytes

User: Public

User: Senad
->Temp folder emptied: 6503783906 bytes
->Temporary Internet Files folder emptied: 11123217 bytes
->Java cache emptied: 30664865 bytes
->FireFox cache emptied: 97237343 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 6445185 bytes
->Flash cache emptied: 1090 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 331776 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25256913 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.367,00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10252010_145459

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


mfg wambo

Alt 25.10.2010, 14:56   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2010, 16:00   #12
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Combofix Logfile:
Code:
ATTFilter
ComboFix 10-10-24.05 - Senad 25.10.2010  16:51:16.1.3 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.2039 [GMT 2:00]
ausgeführt von:: c:\users\Senad\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Senad\AppData\Local\aaoga.dat
c:\users\Senad\AppData\Local\aaoga_nav.dat
c:\users\Senad\AppData\Local\aaoga_navps.dat
c:\users\Senad\AppData\Roaming\.#
D:\install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-25 bis 2010-10-25  ))))))))))))))))))))))))))))))
.

2010-10-25 14:15 . 2010-10-25 14:15	--------	dc----w-	c:\program files\CCleaner
2010-10-25 12:54 . 2010-10-25 12:54	--------	dc----w-	C:\_OTL
2010-10-22 13:44 . 2010-08-17 23:54	280064	-c--a-w-	c:\windows\system32\XpsGdiConverter.dll
2010-10-22 13:44 . 2010-08-17 23:54	135680	-c--a-w-	c:\windows\system32\XpsRasterService.dll
2010-10-22 13:44 . 2010-08-17 23:52	979456	-c--a-w-	c:\windows\system32\MFH264Dec.dll
2010-10-22 13:44 . 2010-08-17 23:51	357376	-c--a-w-	c:\windows\system32\MFHEAACdec.dll
2010-10-22 13:44 . 2010-08-17 23:51	261632	-c--a-w-	c:\windows\system32\mfreadwrite.dll
2010-10-22 13:44 . 2010-08-17 23:51	302592	-c--a-w-	c:\windows\system32\mfmp4src.dll
2010-10-22 13:44 . 2010-08-17 23:50	680960	-c--a-w-	c:\windows\system32\d2d1.dll
2010-10-22 13:44 . 2010-08-17 23:49	1174528	-c--a-w-	c:\windows\system32\d3d10warp.dll
2010-10-22 13:44 . 2010-08-17 23:49	1068032	-c--a-w-	c:\windows\system32\DWrite.dll
2010-10-22 13:44 . 2010-08-17 23:49	797184	-c--a-w-	c:\windows\system32\FntCache.dll
2010-10-22 13:44 . 2010-08-17 23:48	161280	-c--a-w-	c:\windows\system32\d3d10_1.dll
2010-10-22 13:44 . 2010-08-17 23:48	219648	-c--a-w-	c:\windows\system32\d3d10_1core.dll
2010-10-22 13:40 . 2010-10-22 13:40	--------	dc----w-	c:\users\Senad\AppData\Local\Google
2010-10-22 11:38 . 2010-10-07 23:21	6146896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6514632-BC9C-452A-990A-594EB7CF2F2A}\mpengine.dll
2010-10-21 14:52 . 2010-10-21 14:52	--------	dc----w-	c:\users\Senad\AppData\Roaming\Malwarebytes
2010-10-21 14:51 . 2010-04-29 10:19	38224	-c--a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-21 14:51 . 2010-10-21 14:51	--------	dc----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-21 14:51 . 2010-10-21 14:51	--------	dc----w-	c:\programdata\Malwarebytes
2010-10-21 14:51 . 2010-04-29 10:19	20952	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-21 12:31 . 2010-10-21 12:31	--------	dc----w-	c:\programdata\McAfee
2010-10-21 12:30 . 2010-10-21 12:34	--------	dc----w-	c:\programdata\NOS
2010-10-09 23:30 . 2010-10-09 23:30	1079048	-c--a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-29 11:55 . 2010-06-22 13:30	2048	-c--a-w-	c:\windows\system32\tzres.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 09:49	222080	-c----w-	c:\windows\system32\MpSigStub.exe
2010-10-08 12:28 . 2010-03-01 19:49	139128	-c--a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-10-08 12:28 . 2010-08-11 18:23	215128	-c--a-w-	c:\windows\system32\PnkBstrB.xtr
2010-10-08 12:28 . 2010-03-01 19:48	215128	-c--a-w-	c:\windows\system32\PnkBstrB.exe
2010-08-17 14:11 . 2010-09-15 11:53	128000	-c--a-w-	c:\windows\system32\spoolsv.exe
2010-08-17 11:27 . 2010-08-17 11:27	418480	-c--a-w-	c:\windows\system32\wrap_oal.dll
2010-08-17 11:27 . 2010-08-17 11:27	115432	-c--a-w-	c:\windows\system32\OpenAL32.dll
2010-08-11 18:17 . 2009-03-15 15:07	138056	-c--a-w-	c:\users\Senad\AppData\Roaming\PnkBstrK.sys
2010-08-11 18:17 . 2010-08-11 18:17	2434856	-c--a-w-	c:\windows\system32\pbsvc_bc2.exe
2010-08-11 18:17 . 2010-03-01 19:48	75064	-c--a-w-	c:\windows\system32\PnkBstrA.exe
2010-08-11 13:50 . 2008-07-24 16:41	691696	-c--a-w-	c:\windows\system32\drivers\sptd.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	-c--a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	-c--a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amsn"="c:\users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe" [2006-11-24 16896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\CCleaner.exe]
path=CCleaner.exe
backup=c:\windows\pss\CCleaner.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\CCleaner.lnk]
path=CCleaner.lnk
backup=c:\windows\pss\CCleaner.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\ccsetup2-14-763.exe]
path=ccsetup2-14-763.exe
backup=c:\windows\pss\ccsetup2-14-763.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-06-15 14:48	326440	-c--a-w-	c:\acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49	151552	-c--a-w-	c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 10:19	1090952	-c--a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	-c--a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 08:45	1826816	-c--a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48	57344	-c--a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-11 691696]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 13560]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://go.web.de/home
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} -
FF - ProfilePath - c:\users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 72.44.50.58
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 72.44.50.58
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 72.44.50.58
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 72.44.50.58
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 72.44.50.58
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
FF - plugin: c:\users\Senad\AppData\Roaming\Mozilla\Firefox\Profiles\icn6lvqq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-Xpadder - c:\users\Senad\Desktop\Xpadder53\Xpadder.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-25 16:56
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-815123407-3361847440-313347045-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:e5,87,9b,17,e6,53,00,fe,20,6b,2f,d0,9c,53,0c,6b,a1,1a,bd,a4,16,c4,2c,
   e4,d7,0e,cf,92,9d,38,7d,08,2e,9f,c4,94,ce,51,1c,c1,7c,3f,e9,a9,e9,6f,c0,f9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
Zeit der Fertigstellung: 2010-10-25  16:58:24
ComboFix-quarantined-files.txt  2010-10-25 14:58

Vor Suchlauf: 19 Verzeichnis(se), 157.493.424.128 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 157.433.098.240 Bytes frei

- - End Of File - - 1E5870731F1E2FA007B7E0C4BF474D3C
         
--- --- ---
warte auf anweisungen , mfg wambo

Alt 25.10.2010, 18:31   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.10.2010, 15:37   #14
wambo99
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Gmer log...
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-26 16:31:02
Windows 6.0.6002 Service Pack 2
Running: eskuyi7p.exe; Driver: C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text   C:\Windows\system32\DRIVERS\atipmdag.sys                                                                            section is writeable [0x8F805000, 0x2E6316, 0xE8000020]
PAGE    spsys.sys!?SPVersion@@3PADA + 1ABF                                                                                  8AF9B03F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                                  8AF9B0AF 1 Byte  [16]
PAGE    spsys.sys!?SPVersion@@3PADA + 1B2F                                                                                  8AF9B0AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB0                                                                                  8AF9B130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE    spsys.sys!?SPVersion@@3PADA + 1BB7                                                                                  8AF9B137 234 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE    ...                                                                                                                 
.reloc  C:\Windows\system32\drivers\acedrv11.sys                                                                            section is executable [0x81E11300, 0x25D4C, 0xE0000060]

---- User IAT/EAT - GMER 1.0.15 ----

IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                 [73FEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                             [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                       [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                 [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [73FC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                     [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                             [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                               [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                       [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                             [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                       [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT     C:\Windows\Explorer.EXE[508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                         [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x8E 0x60 0xB7 0x3C ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x06 0xB7 0x44 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x42 0xFC 0x10 0xA4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xF7 0x81 0xB7 0xC7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x57 0x9E 0x9F 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                0x49 0x9D 0x98 0xB9 ...
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     0
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x8E 0x60 0xB7 0x3C ...
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x06 0xB7 0x44 0xB6 ...
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x42 0xFC 0x10 0xA4 ...
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF7 0x81 0xB7 0xC7 ...
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x57 0x9E 0x9F 0xAF ...
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                    0x49 0x9D 0x98 0xB9 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Osam log..
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 16:33:20 on 26.10.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.11

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"WebSpeech" - ? - C:\PROGRA~1\COMMON~1\WEBSPE~1.0\LgxIEControl.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"AEGIS Protocol (IEEE 802.1x) v3.4.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\Windows\System32\DRIVERS\AegisP.sys
"ASPI32" (ASPI32) - "Adaptec" - C:\Windows\system32\drivers\ASPI32.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Senad\AppData\Local\Temp\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pwrcypow" (pwrcypow) - ? - C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys  (Hidden registry entry, rootkit activity | File not found)
"RT73 USB Wireless LAN Card Driver for Vista" (netr73) - ? - C:\Windows\System32\DRIVERS\netr73.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} "FileMenuTools" - "LopeSoft - Software desarrollado por Rubén López Hernández" - C:\Program Files\LopeSoft\FileMenu Tools\FileMenuTools.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{03B54A4E-A635-418E-81FC-CF60CBB141AA} "SimpleShlExt extension" - ? -   (File not found | COM-object registry key not found)
{7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" - ? -   (File not found | COM-object registry key not found)
{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{2D9700CB-A777-4DB0-96E1-1EBEBB7D1510} "{2D9700CB-A777-4DB0-96E1-1EBEBB7D1510}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} "WebSpeech" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{83A30C59-3A50-49E6-9DAF-4923C4EA3C23} "{83A30C59-3A50-49E6-9DAF-4923C4EA3C23}" - ? -   (File not found | COM-object registry key not found)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"amsn" - ? - C:\Users\Senad\Desktop\B&A\Benny\Programms\aMSNPortable\App\aMSN\amsn.exe  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - ? - "C:\Program Files\Bonjour\mDNSResponder.exe"  (File not found)
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe  (File not found)
"getPlus(R) Helper 3004" (nosGetPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll  (File not found)
"Google Updater Service" (gusvc) - ? - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"  (File not found)
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Steam Client Service" (Steam Client Service) - ? - C:\Windows\system32\drivers\Steam Client Service.sys  (File not found)
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - C:\Windows\system32\drivers\CLTNetCnService.sys  (File not found)

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - ? - igfxdev.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - ? - C:\Program Files\Bonjour\mdnsNSP.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index


MBRCheck log...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M5630
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 151):
0x82C34000 \SystemRoot\system32\ntoskrnl.exe
0x82C01000 \SystemRoot\system32\hal.dll
0x80C00000 \SystemRoot\system32\kdcom.dll
0x80C07000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80C77000 \SystemRoot\system32\PSHED.dll
0x80C88000 \SystemRoot\system32\BOOTVID.dll
0x80C90000 \SystemRoot\system32\CLFS.SYS
0x80CD1000 \SystemRoot\system32\CI.dll
0x80DB1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80E2D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80E3A000 \SystemRoot\system32\drivers\acpi.sys
0x80E80000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80E89000 \SystemRoot\system32\drivers\msisadrv.sys
0x80E91000 \SystemRoot\system32\drivers\pci.sys
0x80EB8000 \SystemRoot\System32\drivers\partmgr.sys
0x80EC7000 \SystemRoot\system32\drivers\volmgr.sys
0x80ED6000 \SystemRoot\System32\drivers\volmgrx.sys
0x80F20000 \SystemRoot\system32\drivers\intelide.sys
0x80F27000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80F35000 \SystemRoot\System32\drivers\mountmgr.sys
0x80F45000 \SystemRoot\system32\drivers\atapi.sys
0x80F4D000 \SystemRoot\system32\drivers\ataport.SYS
0x80F6B000 \SystemRoot\system32\drivers\fltmgr.sys
0x80F9D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A803000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A874000 \SystemRoot\system32\drivers\ndis.sys
0x8A97F000 \SystemRoot\system32\drivers\msrpc.sys
0x8A9AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A9E5000 \SystemRoot\System32\drivers\tcpip.sys
0x8AACF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AAEA000 \SystemRoot\System32\Drivers\Ntfs.sys
0x80FAD000 \SystemRoot\system32\drivers\volsnap.sys
0x80FE6000 \SystemRoot\System32\Drivers\spldr.sys
0x80FEE000 \SystemRoot\System32\Drivers\mup.sys
0x8AC0D000 \SystemRoot\System32\drivers\ecache.sys
0x8AC34000 \SystemRoot\system32\drivers\disk.sys
0x8AC45000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AC66000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AC8F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC9A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ACA3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ACB2000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8F804000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x8FD65000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FE06000 \SystemRoot\System32\drivers\watchdog.sys
0x8FE12000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE9F000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FEB7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FEC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FF00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FF0F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FF1F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FF2D000 \SystemRoot\system32\DRIVERS\parport.sys
0x8FF58000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FF63000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FF7D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FF87000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FF9F000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FFA1000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0x8FFB2000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8FFC9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ACDC000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AD1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AD28000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AD3F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AD4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD6D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD7C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AD90000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ADA5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ADB5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FFF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADC0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADEA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADF4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AE01000 \SystemRoot\System32\drivers\vga.sys
0x8AE0D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AE2E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8AE3D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AE72000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x8AE90000 \SystemRoot\system32\drivers\portcls.sys
0x8AEBD000 \SystemRoot\system32\drivers\drmk.sys
0x91C04000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91DB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91DC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91DD2000 \SystemRoot\System32\Drivers\Null.SYS
0x91DD9000 \SystemRoot\System32\Drivers\Beep.SYS
0x91DE0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91DFC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91E03000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91E0B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91E13000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91E1E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91E2C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91E35000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91E4B000 \SystemRoot\system32\DRIVERS\smb.sys
0x91E5F000 \SystemRoot\system32\drivers\afd.sys
0x91EA7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91ED9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91EEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91EFD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91F10000 \??\C:\Windows\system32\Drivers\vmm.sys
0x91F4B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91F51000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91F8D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91F97000 \SystemRoot\System32\Drivers\dfsc.sys
0x91FAE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91FD0000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x91FD5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91FE2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91FED000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8AEE2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91FF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x99C40000 \SystemRoot\System32\win32k.sys
0x8FF45000 \SystemRoot\System32\drivers\Dxapi.sys
0x91FF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8AEF7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AF07000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91DF3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FF4F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x99E60000 \SystemRoot\System32\TSDDD.dll
0x99E80000 \SystemRoot\System32\cdd.dll
0x8AF1E000 \SystemRoot\system32\drivers\luafv.sys
0x8AF39000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8AF4E000 \SystemRoot\system32\drivers\spsys.sys
0x8FFC2000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x8AC6F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81C09000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81C33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81C3D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81C50000 \SystemRoot\system32\drivers\HTTP.sys
0x81CBD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81CDA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81CF3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81D08000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81D27000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81D60000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81D78000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81DA0000 \SystemRoot\System32\DRIVERS\srv.sys
0x81DEE000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x81DF5000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x81E38000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x81E3F000 \SystemRoot\system32\drivers\peauth.sys
0x81F1D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x81F27000 \SystemRoot\System32\drivers\tcpipreg.sys
0x81F33000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0x81F35000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x81F4A000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x81F5C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x81F72000 \??\C:\Users\Senad\AppData\Local\Temp\pwrcypow.sys
0x771D0000 \Windows\System32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
540 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\atiesrxx.exe
1044 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\SLsvc.exe
1276 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\atieclxx.exe
1480 C:\Windows\System32\svchost.exe
1864 C:\Windows\System32\spoolsv.exe
1908 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1956 C:\Windows\System32\svchost.exe
1972 C:\Windows\System32\taskeng.exe
192 C:\Windows\System32\dwm.exe
508 C:\Windows\explorer.exe
2052 C:\Windows\RtHDVCpl.exe
2064 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2376 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
2396 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2480 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2504 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2520 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
2564 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2600 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2724 C:\Windows\System32\PnkBstrA.exe
2736 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2764 C:\Windows\System32\svchost.exe
2932 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2956 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3140 WUDFHost.exe
3252 WmiPrvSE.exe
3488 C:\Program Files\Windows Media Player\wmpnscfg.exe
3556 C:\Windows\System32\mobsync.exe
3756 C:\Program Files\Windows Media Player\wmpnetwk.exe
3932 C:\Windows\System32\taskeng.exe
3176 C:\Users\Senad\Desktop\MBRCheck.exe
1544 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000058`94f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD7500AAKS-00RBA0, Rev: 30.04G30

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


warte auf anweisung , mfg wambo

Alt 27.10.2010, 11:55   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
anti-malware log zur auswertung - Standard

anti-malware log zur auswertung



Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 3 (für Vista)
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu anti-malware log zur auswertung
.dll, adware.egdaccess, anti-malware, auswertung, browser, computer, dateien, explorer, files, formatieren, formatieren?, helper, log, microsoft, mozilla, rogue.residue, rogue.webmedia, service, software, system, system32, trojan.agent, trojan.fakealert, trojaner, updates, version, wmp



Ähnliche Themen: anti-malware log zur auswertung


  1. Verständnis Frage; Malwarebytes Anti-Malware vs. Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2014 (3)
  2. GDATA und Malware Bytes Anti Malware Premium sinnvoll
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2014 (1)
  3. Malwarebytes Anti-Malware
    Diskussionsforum - 21.05.2014 (7)
  4. Win7, firefox startet nicht, Malware laut Malwarebytes Anti-Malware, Security.Hijack
    Log-Analyse und Auswertung - 30.03.2014 (9)
  5. Malware Anti-Malware Scan meldet: pup.optional.opencandy
    Log-Analyse und Auswertung - 06.03.2014 (15)
  6. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  7. Malwarebytes Anti-Malware findet Malware.NSPack
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (13)
  8. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  9. OpenCandy [Malware] auf dem Rechner, aber Anti-Malware Programme finden keine Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  10. Auswertung Malwarebytes Anti-Malware Test
    Log-Analyse und Auswertung - 23.07.2012 (9)
  11. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  12. Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun?
    Log-Analyse und Auswertung - 18.07.2011 (32)
  13. Anti-Malware Lab entfernen
    Anleitungen, FAQs & Links - 05.07.2011 (2)
  14. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  15. Anti-Malware Report
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  16. Log-Auswertung (Malwarebytes' Anti-Malware)
    Log-Analyse und Auswertung - 11.02.2010 (1)
  17. Malwarebytes Anti-Malware
    Antiviren-, Firewall- und andere Schutzprogramme - 11.10.2009 (10)

Zum Thema anti-malware log zur auswertung - hay alle das ist mein erster post , hoffe hab möglichst wenig fehler. Ich weiß nicht ob ich ein Trojaner auf dem pc habe oder nicht. Soll ich mein Computer - anti-malware log zur auswertung...
Archiv
Du betrachtest: anti-malware log zur auswertung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.