Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Neuer Erpressungstrojaner von "Window Sicherheitscenter" (https://www.trojaner-board.de/115423-neuer-erpressungstrojaner-window-sicherheitscenter.html)

Ibai63 19.05.2012 12:53
Neuer Erpressungstrojaner von "Window Sicherheitscenter"
 
Hallöchen liebe Gemeinde,

bin neu hier und ein blutiger Anfänger was PC betrifft. Nun, auch ich bin ein leidiges Opfer von einer Erpresser Malware.
Das muss auch ein neuer Typ von Virus sein, die Tools helfen gar nicht.
Typ: TR/Skelf.A
Dateigröße: 34.477 Bytes
mit einem 256 bit AES Schlüssel

Der Virus stammt nicht von BKA sondern von einem Windows Sicherheitscenter
Der Text wurde hier ja schon einige Male gezeigt.

Ich hatte im abgesicherten Modus eine AVIRA Premium 2012 drüber laufen lassen und 3 Viren gefunden.
TR/Rogue623326.1 2x jeweils eine Quelle
EXP/12-0507.BD.2.B

Habe dann auch versucht mit Tool DeCrypthelper zu entschlüsseln. ging auch nicht, unbekannte Schlüsselgröße. Habe die AVIRA Receu- Boot CD benutzt. Die hat auch nichts gefunden. Malwarebytes auch nicht. An mein WinMail komme ich auch nicht ran. Bilder können nicht öffnen, weil Meldung kommt, Datei defekt. Einige Autostartprogramme sind auch blockiert. Ich habe aber noch eine ungeöffnete Mail mit jungfräulichem Virus bei AOL Account, gespeichert in einem neuen Ordner. Weis nicht wie ich den Euch schicken soll. Sicher ist Hilfe noch in weiter Ferne, der Virus ist ja noch neu. Vielleicht kann ja trotzdem einer helfen. Ich brauch den PC dringend. Hier eine Meldung vom VCL Media Player als ich ein Video abspielen wollte: Kein passendes Decodierungsmodul:
VLC unterstützt das Audio- oder Videoformat "undf" nicht. Leider können Sie daran nichts ändern.
Kein passendes Decodierungsmodul:
VLC unterstützt das Audio- oder Videoformat "undf" nicht. Leider können Sie daran nichts ändern.

Ach so, mein BS ist Window Vista Home Premium :dankeschoen: Viele Grüße an alle die Helfen und an alle Leidensgenossen

kira 20.05.2012 06:05
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Zitat von Ibai63 (Beitrag 830430)
Ich habe aber noch eine ungeöffnete Mail mit jungfräulichem Virus bei AOL Account, gespeichert in einem neuen Ordner. Weis nicht wie ich den Euch schicken soll.
hier klicken:-> http://www.trojaner-board.de/114115-...tml#post820318

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html
► SemperVideo hat ein Video zum Thema erstellt.
-> Trustezeb.A Decryptor
Die Entschlüsselung von daten, kannst auch noch das Tool verwenden/ausprobieren:-> *klick*

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira

Ibai63 20.05.2012 12:50
Code:
7-Zip 4.57                12.08.2010        2,86MB       
Acer Arcade Live Main Page        Acer Inc.        17.01.2008        34,3MB        1.1.0623
Acer DV Magician        Acer Inc.        17.01.2008        86,4MB        1.5.0621
Acer DVDivine        Acer Inc.        17.01.2008        106,3MB        3.2.0621
Acer eDataSecurity Management        HiTRUST Inc.        25.07.2007        41,3MB        2.5.4241
Acer Empowering Technology        Acer Inc.        25.07.2007        713,3MB        2.5.4008
Acer ePerformance Management        Acer Inc.        25.07.2007        2,71MB        2.5.4001
Acer HomeMedia        Acer Inc.        17.01.2008        40,3MB        1.4.0621
Acer HomeMedia Connect        Acer Inc.        17.01.2008        36,6MB        1.4.4221
Acer PlayMovie        Acer Inc.        17.01.2008        91,0MB        BD+HD 1.5.3133
Acer ScreenSaver        Acer Inc.        17.01.2008                4.01.20070419
Acer SlideShow DVD        Acer Inc.        17.01.2008        98,5MB        1.5.0621
Acer Tour        Acer Inc.        25.07.2007        99,7MB        2.0.1003
Acer VideoMagician        Acer Inc.        17.01.2008        183,5MB        1.4.0621
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        17.01.2008        14,0MB       
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        04.05.2012                11.2.202.235
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        04.05.2012                11.2.202.235
Adobe Reader X (10.1.0) - Deutsch        Adobe Systems Incorporated        15.06.2011        165,3MB        10.1.0
AGEIA PhysX v7.11.13        AGEIA Technologies, Inc.        03.04.2012        99,7MB        7.11.13
Apple Application Support        Apple Inc.        11.12.2010        52,8MB        1.4.1
Apple Software Update        Apple Inc.        17.05.2012        2,38MB        2.1.3.127
ATI Catalyst Install Manager        ATI Technologies, Inc.        05.03.2011        16,6MB        3.0.812.0
Avira Antivirus Premium 2012        Avira        16.05.2012        109,8MB        12.0.0.1142
BEWERBUNGSMASTER                05.01.2011        6,37MB       
BEWERBUNGSMASTER (C:\Program Files\BEWERBUNGSMASTER\)                02.01.2011        3.535,5MB       
CCleaner        Piriform        19.08.2010        2,91MB        2.34
Danger from the Deep 0.4.0.0_pre3327                22.04.2012        240,5MB        0.4.0.0_pre3327
EPSON Easy Photo Print                08.03.2011        76,5MB        1.2.3.0
EPSON Scan                08.03.2011        98,6MB       
EPSON-Drucker-Software        SEIKO EPSON Corporation        09.01.2012               
ESDX6000_CX5900 Benutzerhandb.                08.03.2011        9,19MB       
Everest Poker.net (Remove Only)                12.08.2010        18,7MB       
Firstload        Lumaris.net        30.01.2012        7,79MB       
Frontlines: Fuel of War        THQ        09.04.2012        109,3MB        1.0.1
Google Chrome        Google Inc.        10.04.2011        352,9MB        18.0.1025.168
Google Earth Plug-in        Google        16.11.2011        40,9MB        6.1.0.5001
GPL Ghostscript 8.71                22.08.2010        33,8MB       
Grewe Scanner-Interface 3.0        Grewe Computertechnik GmbH        14.04.2011        0,56MB        3.0
Java(TM) 6 Update 31        Oracle        17.02.2012        95,1MB        6.0.310
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        17.05.2012        11,7MB        1.61.0.1400
MCE Software Encoder 1.1        CyberLink Corporation        03.03.2011        0,90MB        1.1.0.1918
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        14.08.2010        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        14.08.2010        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        13.08.2010        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        13.08.2010        24,5MB        4.0.30319
Microsoft Office File Validation Add-In        Microsoft Corporation        15.09.2011        7,95MB        14.0.5130.5003
Microsoft Office Home and Student 2007        Microsoft Corporation        21.02.2012        298,7MB        12.0.6612.1000
Microsoft Office Live Add-in 1.5        Microsoft Corporation        21.04.2012        0,49MB        2.0.4024.1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        12.08.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        0,29MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        11.05.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        11.08.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,58MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        18.10.2011        16,5MB        10.0.40219
Microsoft Works        Microsoft Corporation        12.08.2010                08.05.0822
Mozilla Firefox (3.6.8)        Mozilla        11.08.2010        27,9MB        3.6.8 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.08.2010        35,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        12.08.2010        1,34MB        4.20.9876.0
NTI Backup NOW! 4.7        NewTech Infosystems        25.07.2007        7,21MB        4
NTI CD & DVD-Maker        NewTech Infosystems        25.07.2007        40,2MB        7
OpenOffice.org 3.2        OpenOffice.org        17.08.2010        363,3MB        3.2.9502
Pando Media Booster        Pando Networks Inc.        04.03.2011        7,18MB        2.3.5.2
PDF Blender                22.08.2010        1,44MB       
PE585QA-32        YUAN        03.03.2011        0,95MB        6.0.0038
Plus500                09.03.2012        0,37MB       
PokerStars.net        PokerStars.net        23.06.2011        59,3MB       
PunkBuster Services        Even Balance, Inc.        01.03.2012                0.986
QuickTime        Apple Inc.        11.12.2010        73,7MB        7.69.80.9
Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        03.03.2011        1,62MB        1.00.0000
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        03.03.2011        14,8MB        6.0.1.5436
Sony Ericsson PC Companion 2.02.002        Sony Ericsson        08.12.2011        30,3MB        2.02.002
System Requirements Lab for Intel        Husdawg, LLC        03.03.2011        0,73MB        4.4.22.0
VLC media player 1.1.5        VideoLAN        08.03.2011        75,2MB        1.1.5
Windows Media Player Firefox Plugin        Microsoft Corp        08.07.2011        0,29MB        1.0.0.8
Windows-Treiberpaket - Conexant (cxpl_mhd) Media  (11/07/2007 6.0.104.0038)        Conexant        03.03.2011        103,9MB        11/07/2007 6.0.104.0038
WinRAR 4.00 (32-Bit)        win.rar GmbH        11.04.2011        4,04MB        4.00.0

OTL Logfile:

       
Code:

       
OTL logfile created on: 20.05.2012 12:31:20 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\.....\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,07% Memory free
6,24 Gb Paging File | 4,95 Gb Available in Paging File | 79,28% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 47,35 Gb Free Space | 20,76% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 74,17 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
 
Computer Name: SUSI | User Name: Ingolf Baikow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\.....\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be701ce708835e0162cb863d3a4eeb49\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()
MOD - C:\Windows\System32\BatchCrypto.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (Acer HomeMedia Connect Service) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mp3rocket.toolbaroptions.com/?tmp=toolbar_mp3rocket_homepage&prt=mp3rockettb04ie&v=15
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AB366403-0F5F-4672-93C1-CD00DB77E57B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AB366403-0F5F-4672-93C1-CD00DB77E57B}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxxxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxxxxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.07 17:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.09 20:29:28 | 000,000,000 | ---D | M]
 
[2010.08.12 20:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2012.05.12 15:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ixxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions
[2010.08.16 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ixxxxxw\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.03 05:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.18 21:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.03 05:30:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.16 12:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.22 17:38:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 22:45:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 19:13:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.02.18 21:10:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010.09.03 05:30:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.16 12:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.22 17:38:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 22:45:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 19:13:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.02.18 21:10:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.18 21:09:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.08 00:20:29 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mp3rocket.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MSN] C:\Users\INGOLF~1\AppData\Local\Temp\svchost.bat File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45B15D75-DA08-4DA1-8796-26636E534D00}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.18 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Malwarebytes
[2012.05.18 21:16:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.18 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.18 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.18 14:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.05.18 14:10:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.17 23:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.13 03:56:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Pgevarrbsnz
[2012.05.11 01:10:59 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.11 01:10:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.11 01:10:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.11 01:10:58 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.11 01:10:58 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.11 01:10:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.11 01:10:19 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.11 01:10:19 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.23 14:33:50 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dangerdeep
[2012.04.23 14:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dangerdeep
[2012.04.23 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\dangerdeep
[2012.04.22 12:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.22 12:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.20 12:24:01 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012.05.20 12:18:45 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2348449066-1942537886-3467335035-1000UA.job
[2012.05.20 12:16:02 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2012.05.20 11:46:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.20 11:41:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.20 10:58:43 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.20 10:58:43 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.20 10:58:43 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.20 10:58:43 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.20 10:54:32 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.20 10:53:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.20 10:53:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.20 10:53:09 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\BearShareNAG.job
[2012.05.20 10:53:00 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.18 18:51:36 | 000,319,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.18 04:56:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2348449066-1942537886-3467335035-1000Core.job
[2012.05.18 01:56:23 | 000,001,356 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Local\d3d9caps.dat
[2012.05.17 23:47:56 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.17 23:44:56 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.13 04:18:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.13 04:18:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.13 01:45:15 | 000,069,120 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.08 19:47:08 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 19:47:08 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.05 05:41:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.05 05:41:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.02 09:20:24 | 000,002,086 | ---- | M] () -- C:\Users\xxxxxxxxx\Desktop\Google Chrome.lnk
[2012.04.23 22:33:41 | 000,652,686 | ---- | M] () -- C:\Users\xxxxxxxxx\Documents\cc_20120423_223322.reg
 
========== Files Created - No Company Name ==========
 
[2012.05.13 04:18:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.13 04:18:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.03.03 12:13:54 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.03.02 15:19:17 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.03.02 15:19:17 | 000,022,328 | ---- | C] () -- C:\Users\xxxxxxx\AppData\Roaming\PnkBstrK.sys
[2012.03.02 15:19:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.03.02 15:19:05 | 002,506,752 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.03.02 15:19:05 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.09 17:53:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.09 17:53:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.09 17:53:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.09 17:53:06 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.09 17:53:06 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.09 17:53:06 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.09 17:53:06 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.09 17:53:06 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.09 17:53:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.09 17:53:06 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.09 17:53:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.09 17:53:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.09 17:53:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.09 17:53:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.09 17:53:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.09 17:53:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.09 17:53:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.09 17:53:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.09 17:53:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.03.05 15:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.27 00:11:58 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.18 14:26:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2010.12.17 18:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.13 02:14:45 | 000,000,000 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\chrtmp
[2010.08.18 01:21:22 | 000,000,000 | ---- | C] () -- C:\Users\xxxxxxxxx\AppData\Roaming\wklnhst.dat
[2010.08.17 01:16:05 | 000,069,120 | ---- | C] () -- C:\Users\xxxxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.14 19:53:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.14 19:52:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.14 19:52:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.12 19:22:50 | 000,001,356 | ---- | C] () -- C:\Users\xxxxxxxxxx\AppData\Local\d3d9caps.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 916 bytes -> C:\Users\xxxxxxxw\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml:OECustomProperty
@Alternate Data Stream - 817 bytes -> C:\Users\xxxxxxxxx\Documents\HU _ AU - Online Terminierung.eml:OECustomProperty

< End of report >

--- --- ---


OTL Logfile:

       
Code:

       
OTL Extras logfile created on: 20.05.2012 12:33:49 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\xxxxxx\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,07% Memory free
6,24 Gb Paging File | 4,95 Gb Available in Paging File | 79,28% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 47,35 Gb Free Space | 20,76% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 74,17 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
 
Computer Name: SUSI | User Name: xxxxxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- ()
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- ()
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A504051-25CA-480B-913F-81BB7FECE51C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4F836D56-34C3-4770-B7FA-086781C31511}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7377AB40-EB12-4F8C-9E9D-368AC9D7B950}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CA391A5-1094-48B6-B55A-232A7AED12CF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A36FCFD1-2113-45B9-A1A5-C4406F87C143}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B88938E8-062E-44F1-89C0-7CA1A38939B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C190C9C7-F1EE-46EA-8702-FBB86DA0C0F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D64352E8-E2F3-4B1D-801D-CB6316B773A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0682F1F6-1455-464E-896E-6E0373D4725A}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{32FC9FD3-9FC7-4094-8E2D-204A69F23F89}" = protocol=6 | dir=in | app=g:\binaries\ffow.exe |
"{3EBCC959-D8EA-491E-B1A5-EB19446F50DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{443F68AA-F073-43E6-9753-842C9BE05927}" = protocol=6 | dir=in | app=g:\binaries\binaries\ffow.exe |
"{492CF017-E887-4858-995B-A1F6D46B9C56}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{626FA077-8317-40A7-BFBE-F36E9F8CA906}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{67FF0085-25DE-45EF-8AD0-168AC1A5489C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7400F3D6-46E8-4898-AAD6-7F2B85F8A318}" = protocol=6 | dir=in | app=c:\program files\bewerbungsmaster\bewerbungs-master.exe |
"{7AA22715-7F83-43FA-8E62-525582510850}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B71A95B-D954-491C-85A8-692378D7F42C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7E9272FF-9566-4648-B3CF-4E56D2FBD2D0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8C437DB7-52FB-4F14-AACC-D69EE93706E9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B496BF33-CADD-499F-A54C-3210D275F5D0}" = protocol=17 | dir=in | app=g:\binaries\binaries\ffow.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C513A111-8F44-4B1C-9E7B-85D1F3BFBA89}" = protocol=17 | dir=in | app=g:\binaries\ffow.exe |
"{C6AE5180-654E-4106-AA54-6D81E235E731}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{D8A0FD8E-D1E6-4CC8-9673-7D0AC5C2CC06}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{EA50C69F-0CE1-49FD-BF3B-60D62A206C97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F35FFAAB-B4E3-461F-880D-F1B970A88472}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FBF214C0-91F4-4AAE-80E9-01A5EAFE544E}" = protocol=17 | dir=in | app=c:\program files\bewerbungsmaster\bewerbungs-master.exe |
"{FE2071F3-8BC5-4761-B9D3-E6730CF38524}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{2F4F343E-DA49-46B0-8BC9-978484912DB5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{846ADCB7-3A8A-41C1-97CB-853BF81FDD24}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B2C3C9EA-AFEA-4736-8787-F9787BEEA1F2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B74F6519-B056-41B6-9246-D6D27B926380}C:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C6304566-5D51-4AD9-9702-91DB1024A601}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{3AA91365-FF1C-4A49-BE32-EDC176B8BB99}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8B974304-EB4D-4B99-8D8B-520A57432260}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{95943BAB-E6DD-49A3-A704-E67E29FCB8EA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B4681ED8-89B5-4B9C-8620-14D9052F29E8}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{B8AD42E1-4F2D-4648-A088-824850D9CDC2}C:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F132E-6E8A-934D-A839-C5C15889F12B}" = ATI Catalyst Install Manager
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27347834-0853-0E3A-88F0-BC6BA43D8BC1}" = CCC Help Portuguese
"{28A4F99C-F116-1AFA-513A-8D44F4070B6C}" = CCC Help Greek
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{298B2F63-B391-BFC5-4AED-660BE336DE73}" = CCC Help Hungarian
"{2F96C5A9-792A-F6ED-4679-603DED5959E1}" = ccc-utility
"{3B1D7CF8-2A1F-CBA1-06B0-2F89327B198B}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51A1EE33-49D5-5D85-4A0A-91D71C390BCF}" = CCC Help Italian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DF6A7ED-3B51-8E41-B1C9-41DAD97CC08A}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9023988C-4F2B-EB63-7861-33D8F21624C2}" = CCC Help English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A687B4D9-0047-468F-ABCC-2783FA23768A}" = PE585QA-32
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{BACEBABA-2BA2-05BC-A5DC-CF495F155A24}" = Catalyst Control Center Localization All
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E3D329F9-D32A-AB91-1DD2-92B6E5F649E2}" = CCC Help Spanish
"{E497FF62-960D-D750-D14F-C5E25C7AA14F}" = ccc-core-static
"{E7613DC8-35E4-E46A-2960-12610864318E}" = CCC Help Polish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2898333-ED2F-EC49-5617-A23F2636A05A}" = Catalyst Control Center Graphics Previews Common
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FFA48C9D-8B43-772C-BECE-EA29587D8DDB}" = CCC Help German
"7-Zip" = 7-Zip 4.57
"94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1" = Windows-Treiberpaket - Conexant (cxpl_mhd) Media  (11/07/2007 6.0.104.0038)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CCleaner" = CCleaner
"dangerdeep" = Danger from the Deep 0.4.0.0_pre3327
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"Everest Poker.net" = Everest Poker.net (Remove Only)
"Firstload" = Firstload
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PDF Blender" = PDF Blender
"Plus500" = Plus500
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files\BEWERBUNGSMASTER\)
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2012 21:35:51 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.05.2012 21:35:51 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.05.2012 21:35:52 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.05.2012 21:35:53 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.05.2012 21:35:54 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.05.2012 21:35:54 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.05.2012 21:36:54 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.05.2012 21:36:54 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12.05.2012 22:08:04 | Computer Name = SUSI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ctfmon.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549ae86, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc00000fd, Fehleroffset 0x000467de,  Prozess-ID 0x175c, Anwendungsstartzeit
 01cd30ab88c9cd80.
 
Error - 12.05.2012 22:23:08 | Computer Name = SUSI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ntvdm.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918baf, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000ffff,  Prozess-ID 0x9cc, Anwendungsstartzeit
 01cd30af4f8323d3.
 
[ System Events ]
Error - 17.05.2012 16:41:36 | Computer Name = SUSI | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.05.2012 16:41:36 | Computer Name = SUSI | Source = Service Control Manager | ID = 7026
Description =
 
Error - 17.05.2012 20:17:44 | Computer Name = SUSI | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 20:17:52 | Computer Name = SUSI | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 20:17:56 | Computer Name = SUSI | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 20:18:00 | Computer Name = SUSI | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 20:18:00 | Computer Name = SUSI | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 20:18:18 | Computer Name = SUSI | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.05.2012 20:18:18 | Computer Name = SUSI | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2012 17:25:35 | Computer Name = SUSI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.05.2012 um 23:18:25 unerwartet heruntergefahren.
 
 
< End of report >

--- --- ---










Hallo, danke für die schnelle Antwort. Freue mich wirklich! Hier nun die geforderten Angaben zu Deiner Verfügung.

Gruß Ibai63
Hallo Kira,

Habe mal ShadowExplorer-8.0.exe ausprobiert. Einige Bilder konnte ich schon wieder herstellen. Mal sehen ob das mit anderen Dateien auch geht.

Ich hoffe die geposteten Log-Files helfen weiter. Sag einfach wenn Du noch was brauchst.

Gruß Ibai63

Ach ja, ich hab mir das Video angeschaut. War interessant! Wie kann ich eigentlich meine verschlüsselten Dateien ansehen?

kira 21.05.2012 08:01
Empfohlene Anleitungen stehen Dir (mir auch) zur Verfügung. Bitte lese diese sorgfältig durch, sie enthalten wichtige Angaben!
** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei

Systemreinigung und Prüfung:

1.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> Starttyp "Deaktiviert" auswählen

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mp3rocket.toolbaroptions.com/?tmp=toolbar_mp3rocket_homepage&prt=mp3rockettb04ie&v=15
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AB366403-0F5F-4672-93C1-CD00DB77E57B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AB366403-0F5F-4672-93C1-CD00DB77E57B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxxxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxxxxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll ()
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.01.08 00:20:29 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mp3rocket.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012.05.20 12:24:01 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2012.05.20 12:18:45 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2348449066-1942537886-3467335035-1000UA.job
[2012.05.20 12:16:02 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2012.05.20 11:46:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.20 10:54:32 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.20 10:53:09 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\BearShareNAG.job
[2012.05.18 04:56:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2348449066-1942537886-3467335035-1000Core.job
@Alternate Data Stream - 916 bytes -> C:\Users\xxxxxxxw\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml:OECustomProperty
@Alternate Data Stream - 817 bytes -> C:\Users\xxxxxxxxx\Documents\HU _ AU - Online Terminierung.eml:OECustomProperty

:Files
C:\Users\xxxxxxxx\AppData\Roaming\chrtmp

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

3.
Dateiname sagt mir nichts? Um was handelt es sich dabei ?:
Code:
C:\Users\xxxxxxx\AppData\Roaming\Pgevarrbsnz
4.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:-> http://filepony.de/download-firefox/
Code:
Mozilla Firefox
aber Achtung!:
..falls nötig, vorher für dich wichtige (Benutzerdefinierte) Einstellungen zu speichern:-> Mozilla Firefox Backup erstellen

5.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

8.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

damit ich weiß, welche Änderungen Du vorgenommen hast:
Zitat:
► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Ibai63 21.05.2012 12:15
Hallo Kira,

Danke für Deine Antworten und Anleitungen. Das wird aber bei mir eine Weile dauern. Wie gesagt, bin auf diesem Sektor ein Neuling und muss diese Anleitungen genau studieren.
Die Datei "C:\Users\xxxxxxx\AppData\Roaming\Pgevarrbsnz" sagt mir auch nichts. Aber ich versuche mal es heraus zu bekommen. Ich schau mal im Quarantäneordner von AVIRA nach. Wenn ich noch Fragen haben sollte, werde ich mich zwischendurch mal melden.

Ich wünsche Dir noch einen schönen Tag!
Ein großes Danke
Gruß Ibai63

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB366403-0F5F-4672-93C1-CD00DB77E57B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB366403-0F5F-4672-93C1-CD00DB77E57B}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Ingolf Baikow\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\ngolf Baikow\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\mp3rocket.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348449066-1942537886-3467335035-1000UA.job moved successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\BearShareNAG.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348449066-1942537886-3467335035-1000Core.job moved successfully.
Unable to delete ADS C:\Users\ngolf Baikow\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml:OECustomProperty .
Unable to delete ADS C:\Users\ngolf Baikow\Documents\HU _ AU - Online Terminierung.eml:OECustomProperty .
========== FILES ==========
File\Folder C:\Users\ngolf Baikow\AppData\Roaming\chrtmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ingolf Baikow\Downloads\cmd.bat deleted successfully.
C:\Users\Ingolf Baikow\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ingolf Baikow
->Temp folder emptied: 7557023 bytes
->Temporary Internet Files folder emptied: 28676253 bytes
->Java cache emptied: 168002 bytes
->FireFox cache emptied: 123908732 bytes
->Google Chrome cache emptied: 101660537 bytes
->Flash cache emptied: 70330 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24417309 bytes
RecycleBin emptied: 95542062 bytes
 
Total Files Cleaned = 364,00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_172731

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Hallo Kira,

Freue mich, hier die Logdatei von OTL nach dem Neustart. Bis jetzt hat es funktioniert.
Arbeite jetzt weitere Punkte ab und poste dann das Ergebnis.

Bis dann Ibai63

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/21/2012 at 07:34 PM

Application Version : 5.0.1150

Core Rules Database Version : 8625
Trace Rules Database Version: 6437

Scan type      : Complete Scan
Total Scan Time : 00:35:46

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 830
Memory threats detected  : 0
Registry items scanned    : 36090
Registry threats detected : 1
File items scanned        : 57637
File threats detected    : 414

Malware.Trace
        HKU\S-1-5-21-2348449066-1942537886-3467335035-1000\Software\Microsoft\Handle

Adware.Tracking Cookie
        .112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .overture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .xiti.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .a.revenuemax.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .conrad.122.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .wlw.122.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adviva.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .questionmarket.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .paypal.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .cunda.122.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .deutschepostag.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .autoscout24.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .amazon-adsystem.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .amazon-adsystem.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ads.adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        wstat.wibiya.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .count.xhit.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        stat.dealtime.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ru4.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        accounts.google.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .vogelservices.122.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.wolterskluwer.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.adserver01.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.w3anythink.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .server.cpmstar.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .microsoftwindows.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .c1.atdmt.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .yadro.ru [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adlegend.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        nedstat.hostelbookers.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        nedstat.hostelbookers.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adultfriendfinder.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .cdate.122.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        zbox.zanox.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.sexkiste.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .sexkiste.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .sexkiste.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .count.xhit.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .count.xhit.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .lfstmedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .topspot.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .generaltracking.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .stepstone.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .urbia.wwe-media.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .urbia.wwe-media.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        server.adform.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.strategyinformer.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.bruegelmann.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.bruegelmann.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        7.rotator.wigetmedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        7.rotator.wigetmedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wflochczgep.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wfmywpdzaep.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wjk4smdpwgp.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        banner.testberichte.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.fahrrad.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.fahrrad.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .sonyeurope.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discounto.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discounto.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discounto.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discount24.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .discount24.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .secmedia.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.sim-technik.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .stats.paypal.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.republicofadvertising.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        sega.missioncontrol.global-media.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.emediate.dk [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.emediate.dk [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tribalfusion.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        clickztrax.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        delivery.atkmedia.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.mobile.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .yieldmanager.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .beiersdorf.122.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .urbia.wwe-media.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .urbia.wwe-media.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clicksor.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clicksor.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .myroitracking.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clicksor.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clicksor.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .pro-market.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wjlyckczeap.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bizrate.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bizrate.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bizrate.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .blog.p-fucking.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .blog.p-fucking.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .web-stat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .web-stat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .web-stat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .overture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        banner2.sahibinden.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .www.burstnet.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .burstnet.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.adserver01.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.mediamarkt.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wjl4kidzcco.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media6degrees.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media6degrees.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .lucidmedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ru4.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media6degrees.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .media6degrees.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .realmedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .realmedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .realmedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wclikhczihp.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.zanox-affiliate.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6aelyaldjeeo.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .hightraffic.hugoboss.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        media.gan-online.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .quartermedia.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wjlyeidjehp.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        statse.webtrendslive.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .overture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        clicks.pangora.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        clicks.pangora.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .dealtime.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .liveperson.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .de.picclick.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .de.picclick.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wfmyajdzmco.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        server.adform.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mm.chitika.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.3dstats.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        media.gan-online.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .countomat.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .e-2dj6wdk4kmcpibp.stats.esomniture.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .collective-media.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        teufel-media.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zedo.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zedo.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zedo.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zedo.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zedo.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .questionmarket.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        partners.webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clickbank.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clickbank.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad-emea.doubleclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .clickfuse.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox-affiliate.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .avgtechnologies.112.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adviva.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .kaspersky.122.2o7.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .blogads.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .blogads.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.zanox-affiliate.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad4.adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad3.adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .s.clickability.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .s.clickability.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .de.at.atwola.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .statcounter.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .advertising.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adform.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        accounts.google.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .burstnet.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adlegend.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .googleads.g.doubleclick.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ww251.smartadserver.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\INGOLF BAIKOW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Ibai63 21.05.2012 21:26
Code:
OTL logfile created on: 21.05.2012 22:09:27 - Run 3
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Ingolf Baikow\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,86% Memory free
6,24 Gb Paging File | 4,64 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 44,64 Gb Free Space | 19,57% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 74,17 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,37 Gb Free Space | 98,91% Space Free | Partition Type: FAT32
 
Computer Name: SUSI | User Name: Ingolf Baikow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.20 12:06:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ingolf Baikow\Downloads\OTL.exe
PRC - [2012.05.17 23:44:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.17 23:43:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.17 23:43:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.17 23:43:41 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.17 23:43:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.17 23:43:39 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.17 20:08:30 | 003,906,944 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.27 00:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Programme\ShadowExplorer\sesvc.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.07.02 17:01:26 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007.06.15 16:48:02 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.21 19:59:02 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.21 19:59:02 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.21 18:54:25 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.21 18:54:25 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.05.11 03:36:54 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be701ce708835e0162cb863d3a4eeb49\WindowsFormsIntegration.ni.dll
MOD - [2012.05.11 03:35:28 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012.05.11 03:34:05 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll
MOD - [2012.05.11 03:33:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 03:33:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 03:32:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 03:32:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012.05.11 03:32:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012.05.11 03:31:46 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.11 03:31:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 03:31:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll
MOD - [2012.05.11 03:31:26 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll
MOD - [2012.05.11 03:31:15 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 03:31:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 03:31:05 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.06.06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.01.27 00:11:58 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.01.26 18:48:02 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.03.29 21:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 21:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.24 18:16:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2007.06.15 16:48:02 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.05.17 23:44:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.17 23:43:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.17 23:43:41 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.17 23:43:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 05:41:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Programme\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.17 23:44:56 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.05.08 19:47:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:47:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.27 00:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.14 13:10:10 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.11.14 13:09:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.11.14 13:09:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.07.03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.09.19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.21 20:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 17:59:17 | 000,000,000 | ---D | M]
 
[2010.08.12 20:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Extensions
[2012.05.12 15:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions
[2010.08.16 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.03 05:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.21 20:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.18 21:09:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ingolf Baikow\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ingolf Baikow\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ingolf Baikow\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45B15D75-DA08-4DA1-8796-26636E534D00}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.21 21:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.21 20:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.21 20:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.21 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.21 18:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.21 18:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.21 18:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.21 17:27:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.20 14:03:30 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\www.shadowexplorer.com
[2012.05.20 14:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.20 14:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.05.18 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\Malwarebytes
[2012.05.18 21:16:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.18 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.18 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.18 14:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.05.18 14:10:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.17 23:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.13 03:56:00 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\Pgevarrbsnz
[2012.05.11 01:10:59 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.11 01:10:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.11 01:10:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.11 01:10:58 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.11 01:10:58 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.11 01:10:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.11 01:10:19 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.11 01:10:19 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.23 14:33:50 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dangerdeep
[2012.04.23 14:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dangerdeep
[2012.04.23 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\dangerdeep
[2012.04.22 12:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.22 12:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.21 21:56:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 21:56:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 21:41:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.21 20:47:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.21 20:18:37 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.21 20:18:37 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.21 20:18:37 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.21 20:18:37 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.21 19:56:39 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.21 18:53:48 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.21 18:30:27 | 000,007,040 | ---- | M] () -- C:\Users\Ingolf Baikow\Documents\cc_20120521_183020.reg
[2012.05.20 14:03:23 | 000,001,686 | ---- | M] () -- C:\Users\Ingolf Baikow\Desktop\ShadowExplorer.lnk
[2012.05.18 18:51:36 | 000,319,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.18 01:56:23 | 000,001,356 | ---- | M] () -- C:\Users\Ingolf Baikow\AppData\Local\d3d9caps.dat
[2012.05.17 23:47:56 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.17 23:44:56 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.13 04:18:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.13 04:18:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.13 01:45:15 | 000,069,120 | ---- | M] () -- C:\Users\Ingolf Baikow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.08 19:47:08 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 19:47:08 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.05 05:41:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.05 05:41:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.02 09:20:24 | 000,002,086 | ---- | M] () -- C:\Users\Ingolf Baikow\Desktop\Google Chrome.lnk
[2012.04.23 22:33:41 | 000,652,686 | ---- | M] () -- C:\Users\Ingolf Baikow\Documents\cc_20120423_223322.reg
 
========== Files Created - No Company Name ==========
 
[2012.05.21 20:47:01 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.21 20:47:01 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.21 18:53:48 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.21 18:30:23 | 000,007,040 | ---- | C] () -- C:\Users\Ingolf Baikow\Documents\cc_20120521_183020.reg
[2012.05.20 14:03:23 | 000,001,686 | ---- | C] () -- C:\Users\Ingolf Baikow\Desktop\ShadowExplorer.lnk
[2012.05.13 04:18:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.13 04:18:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.03.03 12:13:54 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.03.02 15:19:17 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.03.02 15:19:17 | 000,022,328 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Roaming\PnkBstrK.sys
[2012.03.02 15:19:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.03.02 15:19:05 | 002,506,752 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.03.02 15:19:05 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.09 17:53:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.09 17:53:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.09 17:53:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.09 17:53:06 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.09 17:53:06 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.09 17:53:06 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.09 17:53:06 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.09 17:53:06 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.09 17:53:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.09 17:53:06 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.09 17:53:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.09 17:53:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.09 17:53:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.09 17:53:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.09 17:53:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.09 17:53:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.09 17:53:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.09 17:53:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.09 17:53:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.03.05 15:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.27 00:11:58 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.18 14:26:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2010.12.17 18:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.13 02:14:45 | 000,000,000 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Roaming\chrtmp
[2010.08.18 01:21:22 | 000,000,000 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Roaming\wklnhst.dat
[2010.08.17 01:16:05 | 000,069,120 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.14 19:53:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.14 19:52:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.14 19:52:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.12 19:22:50 | 000,001,356 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.03.07 21:10:02 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\EPSON
[2011.04.15 03:59:54 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\GetRightToGo
[2011.01.08 00:45:12 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\mp3rocket
[2010.08.18 04:49:10 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\OpenOffice.org
[2011.02.25 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\PCFix
[2010.12.31 02:08:43 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\PeerNetworking
[2012.05.18 03:13:22 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Pgevarrbsnz
[2011.04.15 04:05:50 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Scendix Software
[2011.04.15 04:05:38 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Softland
[2010.08.18 01:21:22 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Template
[2011.03.11 16:55:29 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\TweakNow RegCleaner 2011
[2011.03.08 14:45:11 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Uniblue
[2010.10.06 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\update
[2010.12.12 12:34:09 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Valuga Software
[2010.08.13 12:35:30 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Verimount
[2012.05.20 14:03:30 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\www.shadowexplorer.com
[2012.05.21 19:50:27 | 000,032,658 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 916 bytes -> C:\Users\Ingolf Baikow\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml:OECustomProperty
@Alternate Data Stream - 817 bytes -> C:\Users\Ingolf Baikow\Documents\HU _ AU - Online Terminierung.eml:OECustomProperty

< End of report >
Code:
OTL Extras logfile created on: 21.05.2012 22:09:56 - Run 3
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Ingolf Baikow\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,86% Memory free
6,24 Gb Paging File | 4,64 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 44,64 Gb Free Space | 19,57% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 74,17 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,37 Gb Free Space | 98,91% Space Free | Partition Type: FAT32
 
Computer Name: SUSI | User Name: Ingolf Baikow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- ()
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- ()
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A504051-25CA-480B-913F-81BB7FECE51C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4F836D56-34C3-4770-B7FA-086781C31511}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7377AB40-EB12-4F8C-9E9D-368AC9D7B950}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CA391A5-1094-48B6-B55A-232A7AED12CF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A36FCFD1-2113-45B9-A1A5-C4406F87C143}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B88938E8-062E-44F1-89C0-7CA1A38939B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C190C9C7-F1EE-46EA-8702-FBB86DA0C0F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D64352E8-E2F3-4B1D-801D-CB6316B773A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0682F1F6-1455-464E-896E-6E0373D4725A}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{32FC9FD3-9FC7-4094-8E2D-204A69F23F89}" = protocol=6 | dir=in | app=g:\binaries\ffow.exe |
"{3EBCC959-D8EA-491E-B1A5-EB19446F50DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{443F68AA-F073-43E6-9753-842C9BE05927}" = protocol=6 | dir=in | app=g:\binaries\binaries\ffow.exe |
"{492CF017-E887-4858-995B-A1F6D46B9C56}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{626FA077-8317-40A7-BFBE-F36E9F8CA906}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{67FF0085-25DE-45EF-8AD0-168AC1A5489C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7400F3D6-46E8-4898-AAD6-7F2B85F8A318}" = protocol=6 | dir=in | app=c:\program files\bewerbungsmaster\bewerbungs-master.exe |
"{7AA22715-7F83-43FA-8E62-525582510850}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B71A95B-D954-491C-85A8-692378D7F42C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7E9272FF-9566-4648-B3CF-4E56D2FBD2D0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8C437DB7-52FB-4F14-AACC-D69EE93706E9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B496BF33-CADD-499F-A54C-3210D275F5D0}" = protocol=17 | dir=in | app=g:\binaries\binaries\ffow.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C513A111-8F44-4B1C-9E7B-85D1F3BFBA89}" = protocol=17 | dir=in | app=g:\binaries\ffow.exe |
"{C6AE5180-654E-4106-AA54-6D81E235E731}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{D8A0FD8E-D1E6-4CC8-9673-7D0AC5C2CC06}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{EA50C69F-0CE1-49FD-BF3B-60D62A206C97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F35FFAAB-B4E3-461F-880D-F1B970A88472}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FBF214C0-91F4-4AAE-80E9-01A5EAFE544E}" = protocol=17 | dir=in | app=c:\program files\bewerbungsmaster\bewerbungs-master.exe |
"{FE2071F3-8BC5-4761-B9D3-E6730CF38524}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{2F4F343E-DA49-46B0-8BC9-978484912DB5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{846ADCB7-3A8A-41C1-97CB-853BF81FDD24}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B2C3C9EA-AFEA-4736-8787-F9787BEEA1F2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B74F6519-B056-41B6-9246-D6D27B926380}C:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C6304566-5D51-4AD9-9702-91DB1024A601}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{3AA91365-FF1C-4A49-BE32-EDC176B8BB99}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8B974304-EB4D-4B99-8D8B-520A57432260}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{95943BAB-E6DD-49A3-A704-E67E29FCB8EA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B4681ED8-89B5-4B9C-8620-14D9052F29E8}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{B8AD42E1-4F2D-4648-A088-824850D9CDC2}C:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ingolf baikow\appdata\local\google\chrome\application\chrome.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F132E-6E8A-934D-A839-C5C15889F12B}" = ATI Catalyst Install Manager
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27347834-0853-0E3A-88F0-BC6BA43D8BC1}" = CCC Help Portuguese
"{28A4F99C-F116-1AFA-513A-8D44F4070B6C}" = CCC Help Greek
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{298B2F63-B391-BFC5-4AED-660BE336DE73}" = CCC Help Hungarian
"{2F96C5A9-792A-F6ED-4679-603DED5959E1}" = ccc-utility
"{3B1D7CF8-2A1F-CBA1-06B0-2F89327B198B}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51A1EE33-49D5-5D85-4A0A-91D71C390BCF}" = CCC Help Italian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DF6A7ED-3B51-8E41-B1C9-41DAD97CC08A}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9023988C-4F2B-EB63-7861-33D8F21624C2}" = CCC Help English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A687B4D9-0047-468F-ABCC-2783FA23768A}" = PE585QA-32
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{BACEBABA-2BA2-05BC-A5DC-CF495F155A24}" = Catalyst Control Center Localization All
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E3D329F9-D32A-AB91-1DD2-92B6E5F649E2}" = CCC Help Spanish
"{E497FF62-960D-D750-D14F-C5E25C7AA14F}" = ccc-core-static
"{E7613DC8-35E4-E46A-2960-12610864318E}" = CCC Help Polish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2898333-ED2F-EC49-5617-A23F2636A05A}" = Catalyst Control Center Graphics Previews Common
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FFA48C9D-8B43-772C-BECE-EA29587D8DDB}" = CCC Help German
"7-Zip" = 7-Zip 4.57
"94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1" = Windows-Treiberpaket - Conexant (cxpl_mhd) Media  (11/07/2007 6.0.104.0038)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CCleaner" = CCleaner
"dangerdeep" = Danger from the Deep 0.4.0.0_pre3327
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"Everest Poker.net" = Everest Poker.net (Remove Only)
"Firstload" = Firstload
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Blender" = PDF Blender
"Plus500" = Plus500
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"ShadowExplorer_is1" = ShadowExplorer 0.8
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files\BEWERBUNGSMASTER\)
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Hallo Kira,

Hier noch die ausstehenden Logfiles von OTL.

zu 1: ordnungsgemäß ausgeführt.

zu 2: nach Anweisung durchgeführt.

zu 3: konnte ich nichts finden

zu 4: FireFox aktuallisiert

zu 5: mit Window Explorer hab ich mich beschäftigt, hab da nur eine weise Seite und eine Webseite konnte nicht geladen werden

zu 6: nach Anweisung durchgeführt.

zu 7: durchgeführt mit SUPERAntiSpyware FREE Edition und Ergebnis schon gepostet.

zu 8: Nur Online ging irgendwie nicht, musste eine exe- Datei laden

zu 9: OTL- log ausgeführt und Ergebnis gepostet



Danke und Gruß Ibai63

Hallo Kira, habe noch was auspropiert. Den alten VCR Player habe ich gelöscht und neue Version installiert. Von der externen Festblatte wollte ich einen Film abspielen (Externe Festplatte war zum Zeitpunkt des Angriffs nicht angeschlossen). Der Player öffnet und die Zeitschiene lief ja auch, Aber kein Bild und Ton. Und das Autostartprogramme blockiert sind wird auch noch angezeigt. Wollte ich noch mitteilen.

bis dann Ibai63

kira 22.05.2012 11:00
wie gesagt, wobei man Dir helfen kann ist:
Malware vom System zu verbannen damit Du auf deinem PC Zugriff hast

was man nicht mehr 100%ig wiedergeben kann:
Durch die Ukash/Paysafe-Trojaner verschlüsselten Dateien
defekte Systemdateien/Funktionen wiederherstellen
******* wie man schön sagt:
Auf einem abgestorbenen Apfelbaum werden im Nachhinein keine gesunden Äpfel mehr wachsen!

Zitat:
Zitat von Ibai63 (Beitrag 831678)
zu 8: Nur Online ging irgendwie nicht, musste eine exe- Datei laden
Hast du alles aufmerksam gelesen?:
Zitat:
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
@Alternate Data Stream - 916 bytes -> C:\Users\Ingolf Baikow\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml:OECustomProperty
@Alternate Data Stream - 817 bytes -> C:\Users\Ingolf Baikow\Documents\HU _ AU - Online Terminierung.eml:OECustomProperty

:Files
C:\Users\Ingolf Baikow\AppData\Roaming\Pgevarrbsnz
C:\Users\Ingolf Baikow\AppData\Roaming\chrtmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Ibai63 22.05.2012 20:24
Hallo Kira,,

kann jetzt erst mal nicht weiter daran arbeiten. Muss nach Hildesheim und hoffe, dass ich am Freitag wieder da bin. Vorerst ein großes Danke an Dich. Ich melde mich dann wieder.

Gruß Ibai63

Ibai63 25.05.2012 16:54
Hallo Kira, bin wieder da und war schon fleißig. Anbei wieder Logdateien.
Den IE konnte ich nicht richtig installieren. Habe alles mit FireFox gemacht.

Gruß Ibai63

Code:
OTL logfile created on: 25.05.2012 17:36:26 - Run 4
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Ingolf Baikow\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,37% Memory free
6,23 Gb Paging File | 4,63 Gb Available in Paging File | 74,31% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 58,07 Gb Free Space | 25,46% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 74,17 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,21 Gb Free Space | 96,73% Space Free | Partition Type: FAT32
 
Computer Name: SUSI | User Name: Ingolf Baikow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.20 12:06:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ingolf Baikow\Downloads\OTL.exe
PRC - [2012.05.17 23:44:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.17 23:43:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.17 23:43:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.17 23:43:41 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.17 23:43:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.17 23:43:39 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.17 20:08:30 | 003,906,944 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.05 19:25:05 | 003,046,808 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2011.01.27 00:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Programme\ShadowExplorer\sesvc.exe
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.18 23:33:20 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
PRC - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.07.02 17:01:26 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007.06.15 16:48:02 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.25 17:29:14 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.25 17:29:14 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.21 18:54:25 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.21 18:54:25 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.05.11 03:36:54 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be701ce708835e0162cb863d3a4eeb49\WindowsFormsIntegration.ni.dll
MOD - [2012.05.11 03:35:28 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012.05.11 03:34:05 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll
MOD - [2012.05.11 03:33:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 03:33:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 03:32:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 03:32:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012.05.11 03:32:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012.05.11 03:31:46 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.11 03:31:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 03:31:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll
MOD - [2012.05.11 03:31:26 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll
MOD - [2012.05.11 03:31:15 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 03:31:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 03:31:05 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.03.05 19:25:05 | 003,046,808 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.01.27 00:11:58 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.01.26 18:48:02 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.03.29 21:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 21:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.24 18:16:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2007.06.15 16:48:02 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.05.17 23:44:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.17 23:43:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.17 23:43:41 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.17 23:43:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 05:41:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Programme\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.21 18:33:20 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.17 23:44:56 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.05.08 19:47:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:47:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.27 00:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.14 13:10:10 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.11.14 13:09:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.11.14 13:09:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.07.03 12:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.09.19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{46D417EB-454E-4B2F-A3AF-BE14E640BD60}: "URL" = hxxp://www.dreamcarisma.de/search.php?search_keywords={searchTerms}
IE - HKCU\..\SearchScopes\{F9D16431-124C-430A-868D-838751309342}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.21 20:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 17:59:17 | 000,000,000 | ---D | M]
 
[2010.08.12 20:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Extensions
[2012.05.12 15:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions
[2010.08.16 22:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.03 05:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingolf Baikow\AppData\Roaming\mozilla\Firefox\Profiles\7i723wp4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.21 20:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.18 21:09:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ingolf Baikow\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ingolf Baikow\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ingolf Baikow\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45B15D75-DA08-4DA1-8796-26636E534D00}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Ingolf Baikow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ingolf Baikow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.24 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\Ingolf Baikow
[2012.05.22 12:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.22 12:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.22 01:26:48 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\vlc
[2012.05.22 01:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.05.21 20:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.21 20:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.21 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.21 18:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.21 18:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.21 18:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.21 17:27:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.20 14:03:30 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\www.shadowexplorer.com
[2012.05.20 14:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.20 14:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.05.18 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\Ingolf Baikow\AppData\Roaming\Malwarebytes
[2012.05.18 21:16:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.18 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.18 21:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.18 14:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.05.17 23:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.11 01:10:59 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.11 01:10:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.11 01:10:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.11 01:10:58 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.11 01:10:58 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.11 01:10:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.11 01:10:19 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.11 01:10:19 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.25 17:31:23 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.25 17:31:23 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.25 17:31:23 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.25 17:31:23 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.25 17:25:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.25 17:25:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.25 17:24:48 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.05.25 17:19:37 | 000,004,511 | ---- | M] () -- C:\Users\Ingolf Baikow\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml
[2012.05.25 17:19:37 | 000,003,178 | ---- | M] () -- C:\Users\Ingolf Baikow\Documents\HU _ AU - Online Terminierung.eml
[2012.05.25 16:42:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.25 01:21:36 | 000,068,608 | ---- | M] () -- C:\Users\Ingolf Baikow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.24 17:31:57 | 000,012,850 | ---- | M] () -- C:\Users\Ingolf Baikow\Documents\cc_20120524_173152.reg
[2012.05.24 16:02:17 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.22 01:26:36 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.22 01:06:50 | 000,024,618 | ---- | M] () -- C:\Users\Ingolf Baikow\Documents\cc_20120522_010646.reg
[2012.05.21 20:47:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.21 18:53:48 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.21 18:30:27 | 000,007,040 | ---- | M] () -- C:\Users\Ingolf Baikow\Documents\cc_20120521_183020.reg
[2012.05.20 14:03:23 | 000,001,686 | ---- | M] () -- C:\Users\Ingolf Baikow\Desktop\ShadowExplorer.lnk
[2012.05.18 18:51:36 | 000,319,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.18 01:56:23 | 000,001,356 | ---- | M] () -- C:\Users\Ingolf Baikow\AppData\Local\d3d9caps.dat
[2012.05.17 23:47:56 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.17 23:44:56 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.13 04:18:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.13 04:18:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.08 19:47:08 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 19:47:08 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.05 05:41:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.05 05:41:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.02 09:20:24 | 000,002,086 | ---- | M] () -- C:\Users\Ingolf Baikow\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.24 17:31:55 | 000,012,850 | ---- | C] () -- C:\Users\Ingolf Baikow\Documents\cc_20120524_173152.reg
[2012.05.22 13:03:36 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.22 01:26:36 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.22 01:06:48 | 000,024,618 | ---- | C] () -- C:\Users\Ingolf Baikow\Documents\cc_20120522_010646.reg
[2012.05.21 20:47:01 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.21 20:47:01 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.21 18:53:48 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.21 18:30:23 | 000,007,040 | ---- | C] () -- C:\Users\Ingolf Baikow\Documents\cc_20120521_183020.reg
[2012.05.20 14:03:23 | 000,001,686 | ---- | C] () -- C:\Users\Ingolf Baikow\Desktop\ShadowExplorer.lnk
[2012.05.13 04:18:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.13 04:18:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.03.03 12:13:54 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.03.02 15:19:17 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.03.02 15:19:17 | 000,022,328 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Roaming\PnkBstrK.sys
[2012.03.02 15:19:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.03.02 15:19:05 | 002,506,752 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.03.02 15:19:05 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.09 17:53:06 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.09 17:53:06 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.09 17:53:06 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.09 17:53:06 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.09 17:53:06 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.09 17:53:06 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.09 17:53:06 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.09 17:53:06 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.09 17:53:06 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.09 17:53:06 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.09 17:53:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.09 17:53:06 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.09 17:53:06 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.09 17:53:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.09 17:53:06 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.09 17:53:06 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.09 17:53:06 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.09 17:53:06 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.09 17:53:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.03.05 15:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.27 00:11:58 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.12.18 14:26:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2010.12.17 18:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.08.18 01:21:22 | 000,000,000 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Roaming\wklnhst.dat
[2010.08.17 01:16:05 | 000,068,608 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.14 19:53:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.14 19:52:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.14 19:52:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.12 19:22:50 | 000,001,356 | ---- | C] () -- C:\Users\Ingolf Baikow\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.03.07 21:10:02 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\EPSON
[2011.04.15 03:59:54 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\GetRightToGo
[2011.01.08 00:45:12 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\mp3rocket
[2010.08.18 04:49:10 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\OpenOffice.org
[2011.02.25 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\PCFix
[2010.12.31 02:08:43 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\PeerNetworking
[2011.04.15 04:05:50 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Scendix Software
[2011.04.15 04:05:38 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Softland
[2010.08.18 01:21:22 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Template
[2011.03.11 16:55:29 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\TweakNow RegCleaner 2011
[2011.03.08 14:45:11 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Uniblue
[2010.10.06 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\update
[2010.12.12 12:34:09 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Valuga Software
[2010.08.13 12:35:30 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\Verimount
[2012.05.20 14:03:30 | 000,000,000 | ---D | M] -- C:\Users\Ingolf Baikow\AppData\Roaming\www.shadowexplorer.com
[2012.05.25 17:20:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Ingolf Baikow\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Ingolf Baikow\Documents\HU _ AU - Online Terminierung.eml:OECustomProperty

< End of report >

Code:
OTL Extras logfile created on: 25.05.2012 17:36:26 - Run 4
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Ingolf Baikow\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,37% Memory free
6,23 Gb Paging File | 4,63 Gb Available in Paging File | 74,31% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 58,07 Gb Free Space | 25,46% Space Free | Partition Type: NTFS
Drive D: | 227,87 Gb Total Space | 74,17 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,21 Gb Free Space | 96,73% Space Free | Partition Type: FAT32
 
Computer Name: SUSI | User Name: Ingolf Baikow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- ()
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- ()
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A504051-25CA-480B-913F-81BB7FECE51C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4F836D56-34C3-4770-B7FA-086781C31511}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7377AB40-EB12-4F8C-9E9D-368AC9D7B950}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CA391A5-1094-48B6-B55A-232A7AED12CF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A36FCFD1-2113-45B9-A1A5-C4406F87C143}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B88938E8-062E-44F1-89C0-7CA1A38939B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C190C9C7-F1EE-46EA-8702-FBB86DA0C0F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D64352E8-E2F3-4B1D-801D-CB6316B773A8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0682F1F6-1455-464E-896E-6E0373D4725A}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{32FC9FD3-9FC7-4094-8E2D-204A69F23F89}" = protocol=6 | dir=in | app=g:\binaries\ffow.exe |
"{3396CAEC-4A9B-4FD6-BEB1-69FC1241C0D6}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3A364E35-B7BF-474C-90C3-16831A61297B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{3EBCC959-D8EA-491E-B1A5-EB19446F50DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{443F68AA-F073-43E6-9753-842C9BE05927}" = protocol=6 | dir=in | app=g:\binaries\binaries\ffow.exe |
"{471799F4-8286-4479-AFC3-E4F38C10DCE6}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{492CF017-E887-4858-995B-A1F6D46B9C56}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{626FA077-8317-40A7-BFBE-F36E9F8CA906}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{67FF0085-25DE-45EF-8AD0-168AC1A5489C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7400F3D6-46E8-4898-AAD6-7F2B85F8A318}" = protocol=6 | dir=in | app=c:\program files\bewerbungsmaster\bewerbungs-master.exe |
"{7AA22715-7F83-43FA-8E62-525582510850}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7B71A95B-D954-491C-85A8-692378D7F42C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7E9272FF-9566-4648-B3CF-4E56D2FBD2D0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8C437DB7-52FB-4F14-AACC-D69EE93706E9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AD48DD28-25EC-4D73-8B4B-E97ECD416663}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B496BF33-CADD-499F-A54C-3210D275F5D0}" = protocol=17 | dir=in | app=g:\binaries\binaries\ffow.exe |
"{BBD2BB72-5581-495C-BE1E-4DDF37713A34}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C513A111-8F44-4B1C-9E7B-85D1F3BFBA89}" = protocol=17 | dir=in | app=g:\binaries\ffow.exe |
"{C6AE5180-654E-4106-AA54-6D81E235E731}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{D8A0FD8E-D1E6-4CC8-9673-7D0AC5C2CC06}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{EA50C69F-0CE1-49FD-BF3B-60D62A206C97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F35FFAAB-B4E3-461F-880D-F1B970A88472}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FBF214C0-91F4-4AAE-80E9-01A5EAFE544E}" = protocol=17 | dir=in | app=c:\program files\bewerbungsmaster\bewerbungs-master.exe |
"{FE2071F3-8BC5-4761-B9D3-E6730CF38524}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{2F4F343E-DA49-46B0-8BC9-978484912DB5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{846ADCB7-3A8A-41C1-97CB-853BF81FDD24}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B2C3C9EA-AFEA-4736-8787-F9787BEEA1F2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C6304566-5D51-4AD9-9702-91DB1024A601}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{3AA91365-FF1C-4A49-BE32-EDC176B8BB99}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8B974304-EB4D-4B99-8D8B-520A57432260}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{95943BAB-E6DD-49A3-A704-E67E29FCB8EA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B4681ED8-89B5-4B9C-8620-14D9052F29E8}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F132E-6E8A-934D-A839-C5C15889F12B}" = ATI Catalyst Install Manager
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27347834-0853-0E3A-88F0-BC6BA43D8BC1}" = CCC Help Portuguese
"{28A4F99C-F116-1AFA-513A-8D44F4070B6C}" = CCC Help Greek
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{298B2F63-B391-BFC5-4AED-660BE336DE73}" = CCC Help Hungarian
"{2F96C5A9-792A-F6ED-4679-603DED5959E1}" = ccc-utility
"{3B1D7CF8-2A1F-CBA1-06B0-2F89327B198B}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51A1EE33-49D5-5D85-4A0A-91D71C390BCF}" = CCC Help Italian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DF6A7ED-3B51-8E41-B1C9-41DAD97CC08A}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9023988C-4F2B-EB63-7861-33D8F21624C2}" = CCC Help English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A687B4D9-0047-468F-ABCC-2783FA23768A}" = PE585QA-32
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{BACEBABA-2BA2-05BC-A5DC-CF495F155A24}" = Catalyst Control Center Localization All
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E3D329F9-D32A-AB91-1DD2-92B6E5F649E2}" = CCC Help Spanish
"{E497FF62-960D-D750-D14F-C5E25C7AA14F}" = ccc-core-static
"{E7613DC8-35E4-E46A-2960-12610864318E}" = CCC Help Polish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2898333-ED2F-EC49-5617-A23F2636A05A}" = Catalyst Control Center Graphics Previews Common
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FFA48C9D-8B43-772C-BECE-EA29587D8DDB}" = CCC Help German
"7-Zip" = 7-Zip 4.57
"94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1" = Windows-Treiberpaket - Conexant (cxpl_mhd) Media  (11/07/2007 6.0.104.0038)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CCleaner" = CCleaner
"dangerdeep" = Danger from the Deep 0.4.0.0_pre3327
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"Everest Poker.net" = Everest Poker.net (Remove Only)
"Firstload" = Firstload
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Blender" = PDF Blender
"Plus500" = Plus500
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"ShadowExplorer_is1" = ShadowExplorer 0.8
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files\BEWERBUNGSMASTER\)
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.05.2012 13:31:32 | Computer Name = SUSI | Source = Windows Backup | ID = 4104
Description =
 
Error - 18.05.2012 13:34:02 | Computer Name = SUSI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Acer.Empowering.Framework.Supervisor.exe, Version
 2.5.4008.0, Zeitstempel 0x46725242, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.6195,
 Zeitstempel 0x4dcddbf3, Ausnahmecode 0xc000000d, Fehleroffset 0x0001b7c6,  Prozess-ID
 0x14bc, Anwendungsstartzeit 01cd351c695e86f2.
 
Error - 19.05.2012 16:48:17 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.05.2012 16:48:17 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 19.05.2012 19:04:31 | Computer Name = SUSI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc000001e, Fehleroffset 0x02880f80,  Prozess-ID 0x8b4, Anwendungsstartzeit
 01cd36006a703cfd.
 
Error - 20.05.2012 05:10:42 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 20.05.2012 05:10:42 | Computer Name = SUSI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 20.05.2012 06:15:48 | Computer Name = SUSI | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.43.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: c30  Anfangszeit: 01cd3670a07ecff9  Zeitpunkt der Beendigung:
 60000
 
Error - 20.05.2012 06:24:00 | Computer Name = SUSI | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.43.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 538  Anfangszeit: 01cd36724ed7e139  Zeitpunkt der Beendigung:
 38657
 
Error - 20.05.2012 13:00:00 | Computer Name = SUSI | Source = Windows Backup | ID = 4104
Description =
 
[ System Events ]
Error - 17.05.2012 20:18:00 | Computer Name = SUSI | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 20:18:00 | Computer Name = SUSI | Source = DCOM | ID = 10005
Description =
 
Error - 17.05.2012 20:18:18 | Computer Name = SUSI | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.05.2012 20:18:18 | Computer Name = SUSI | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2012 17:25:35 | Computer Name = SUSI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.05.2012 um 23:18:25 unerwartet heruntergefahren.
 
Error - 21.05.2012 08:39:39 | Computer Name = SUSI | Source = Service Control Manager | ID = 7009
Description =
 
Error - 21.05.2012 08:39:39 | Computer Name = SUSI | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.05.2012 11:27:32 | Computer Name = SUSI | Source = Service Control Manager | ID = 7034
Description =
 
Error - 21.05.2012 12:41:00 | Computer Name = SUSI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.05.2012 um 18:33:22 unerwartet heruntergefahren.
 
Error - 25.05.2012 11:19:31 | Computer Name = SUSI | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
Hätt ich fast vergessen!! Über WinMail komme ich nicht an die Mail, die mir das eingebrockt hat. Über den Browser gehe ich zu AOL und komme an den E-MAil Account und an die besagte Mail mit Trojaner. Kann sie aber nicht abspeichern und Euch zuschicken. Wie funktioniert das?

Gruß Ibai63

Hätt ich fast vergessen!! Über WinMail komme ich nicht an die Mail, die mir das eingebrockt hat. Über den Browser gehe ich zu AOL und komme an den E-MAil Account und an die besagte Mail mit Trojaner. Kann sie aber nicht abspeichern und Euch zuschicken. Wie funktioniert das?

Gruß Ibai63

kira 25.05.2012 17:27
Zitat:
Zitat von Ibai63 (Beitrag 834292)
Über WinMail komme ich nicht an die Mail, die mir das eingebrockt hat. Über den Browser gehe ich zu AOL und komme an den E-MAil Account und an die besagte Mail mit Trojaner. Kann sie aber nicht abspeichern und Euch zuschicken. Wie funktioniert das?
Ansprechpartner in diesem Fall ist markus, *bitte link anklicken*:-> Wiederherstellung der verschlüsselten Dateien
-> http://markusg.trojaner-board.de/

Hast Du die Aufgabe von hier erledigt?:-> http://www.trojaner-board.de/115423-...tml#post831888

Ibai63 25.05.2012 20:42
Hallo Kira, ich hab Dir die OTL- und Extra.txt Datei mit meiner letzten Antwort geschickt. Den Onlinescanner hab ich mit Firefox laufen lassen. Hatte 5 Elemente geloscht. Da hast Du dir die OTL- Dateien von Heute whl nicht angesehen?:confused:

Gruß Ibai63

kira 25.05.2012 21:48
zu Punkt 1. (OTL-Fixes):-> http://www.trojaner-board.de/115423-...tml#post831888
Zitat:
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.
C:\_OTL\Moved Files

Außerdem:

Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
Malwarebytes
(alle vorhandenen Protokolle!)

Ibai63 26.05.2012 11:54
Hallo Kira,

als 1. die letzte Moved Files und dann kommen die gesamten Protokolle nach Datum sortiert
vom Malwarebytes. Lasse dann nochmal meinen AVIRA Premium 2012 skannen.

Ein schönes Pfingsten!
Gruß Ibai63


Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
ADS C:\Users\Ingolf Baikow\Documents\Nichteinhaltung von Vertragsbedingungen und Kündigung.eml:OECustomProperty deleted successfully.
ADS C:\Users\Ingolf Baikow\Documents\HU _ AU - Online Terminierung.eml:OECustomProperty deleted successfully.
========== FILES ==========
C:\Users\Ingolf Baikow\AppData\Roaming\Pgevarrbsnz folder moved successfully.
C:\Users\Ingolf Baikow\AppData\Roaming\chrtmp moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ingolf Baikow\Downloads\cmd.bat deleted successfully.
C:\Users\Ingolf Baikow\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ingolf Baikow
->Temp folder emptied: 634036 bytes
->Temporary Internet Files folder emptied: 2432715 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70962740 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1108 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7341 bytes
RecycleBin emptied: 355453665 bytes
 
Total Files Cleaned = 410,00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05252012_171930

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.18.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ingolf Baikow :: SUSI [Administrator]

Schutz: Aktiviert

18.05.2012 21:19:05
mbam-log-2012-05-18 (21-19-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 170695
Laufzeit: 1 Stunde(n), 1 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.19.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ingolf Baikow :: SUSI [Administrator]

Schutz: Deaktiviert

22.05.2012 02:19:11
mbam-log-2012-05-22 (02-19-11).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 10
Laufzeit: 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.24.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ingolf Baikow :: SUSI [Administrator]

Schutz: Deaktiviert

24.05.2012 16:34:12
mbam-log-2012-05-24 (16-34-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188628
Laufzeit: 3 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



2012/05/18 21:17:43 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/18 21:17:45 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/18 21:17:48 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/18 21:17:49 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/18 21:17:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50692, Process: avwebgrd.exe)
2012/05/18 21:18:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50694, Process: avwebgrd.exe)
2012/05/18 21:19:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50701, Process: avwebgrd.exe)
2012/05/18 21:20:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50703, Process: avwebgrd.exe)
2012/05/18 21:21:49 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50709, Process: avwebgrd.exe)
2012/05/18 21:22:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50711, Process: avwebgrd.exe)
2012/05/18 21:23:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50717, Process: avwebgrd.exe)
2012/05/18 21:24:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50719, Process: avwebgrd.exe)
2012/05/18 21:25:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50725, Process: avwebgrd.exe)
2012/05/18 21:26:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50727, Process: avwebgrd.exe)
2012/05/18 21:26:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50729, Process: avwebgrd.exe)
2012/05/18 21:27:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50731, Process: avwebgrd.exe)
2012/05/18 21:27:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50733, Process: avwebgrd.exe)
2012/05/18 21:28:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50735, Process: avwebgrd.exe)
2012/05/18 21:29:26 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/18 21:29:27 +0200        SUSI        Ingolf Baikow        MESSAGE        Database already up-to-date
2012/05/18 21:29:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50749, Process: avwebgrd.exe)
2012/05/18 21:30:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50755, Process: avwebgrd.exe)
2012/05/18 21:31:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50759, Process: avwebgrd.exe)
2012/05/18 21:32:49 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50761, Process: avwebgrd.exe)
2012/05/18 21:33:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50765, Process: avwebgrd.exe)
2012/05/18 21:34:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50769, Process: avwebgrd.exe)
2012/05/18 21:35:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50775, Process: avwebgrd.exe)
2012/05/18 21:36:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50777, Process: avwebgrd.exe)
2012/05/18 21:37:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50781, Process: avwebgrd.exe)
2012/05/18 21:37:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50783, Process: avwebgrd.exe)
2012/05/18 21:38:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50785, Process: avwebgrd.exe)
2012/05/18 21:39:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50789, Process: avwebgrd.exe)
2012/05/18 21:39:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50791, Process: avwebgrd.exe)
2012/05/18 21:40:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50793, Process: avwebgrd.exe)
2012/05/18 21:40:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50795, Process: avwebgrd.exe)
2012/05/18 21:41:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50797, Process: avwebgrd.exe)
2012/05/18 21:41:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50799, Process: avwebgrd.exe)
2012/05/18 21:42:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50801, Process: avwebgrd.exe)
2012/05/18 21:43:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50805, Process: avwebgrd.exe)
2012/05/18 21:44:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50809, Process: avwebgrd.exe)
2012/05/18 21:45:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50813, Process: avwebgrd.exe)
2012/05/18 21:46:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50819, Process: avwebgrd.exe)
2012/05/18 21:47:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50823, Process: avwebgrd.exe)
2012/05/18 21:48:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50827, Process: avwebgrd.exe)
2012/05/18 21:48:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50829, Process: avwebgrd.exe)
2012/05/18 21:49:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50831, Process: avwebgrd.exe)
2012/05/18 21:50:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50835, Process: avwebgrd.exe)
2012/05/18 21:50:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50837, Process: avwebgrd.exe)
2012/05/18 21:51:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50839, Process: avwebgrd.exe)
2012/05/18 21:52:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50845, Process: avwebgrd.exe)
2012/05/18 21:53:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50847, Process: avwebgrd.exe)
2012/05/18 21:54:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50853, Process: avwebgrd.exe)
2012/05/18 21:55:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50855, Process: avwebgrd.exe)
2012/05/18 21:56:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50859, Process: avwebgrd.exe)
2012/05/18 21:56:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50861, Process: avwebgrd.exe)
2012/05/18 21:57:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50865, Process: avwebgrd.exe)
2012/05/18 21:58:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50869, Process: avwebgrd.exe)
2012/05/18 21:59:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50871, Process: avwebgrd.exe)
2012/05/18 22:00:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50875, Process: avwebgrd.exe)
2012/05/18 22:00:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50877, Process: avwebgrd.exe)
2012/05/18 22:01:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50879, Process: avwebgrd.exe)
2012/05/18 22:02:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50887, Process: avwebgrd.exe)
2012/05/18 22:03:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50894, Process: avwebgrd.exe)
2012/05/18 22:04:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50898, Process: avwebgrd.exe)
2012/05/18 22:05:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50904, Process: avwebgrd.exe)
2012/05/18 22:06:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50908, Process: avwebgrd.exe)
2012/05/18 22:07:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50912, Process: avwebgrd.exe)
2012/05/18 22:08:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50914, Process: avwebgrd.exe)
2012/05/18 22:09:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50920, Process: avwebgrd.exe)
2012/05/18 22:10:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50922, Process: avwebgrd.exe)
2012/05/18 22:11:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50926, Process: avwebgrd.exe)
2012/05/18 22:12:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50930, Process: avwebgrd.exe)
2012/05/18 22:13:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50934, Process: avwebgrd.exe)
2012/05/18 22:14:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50940, Process: avwebgrd.exe)
2012/05/18 22:15:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50944, Process: avwebgrd.exe)
2012/05/18 22:16:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50950, Process: avwebgrd.exe)
2012/05/18 22:17:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50954, Process: avwebgrd.exe)
2012/05/18 22:18:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50958, Process: avwebgrd.exe)
2012/05/18 22:19:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50960, Process: avwebgrd.exe)
2012/05/18 22:20:26 +0200        SUSI        Ingolf Baikow        MESSAGE        Stopping IP protection
2012/05/18 22:20:28 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection stopped
2012/05/18 22:20:28 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/18 22:20:30 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/18 22:20:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50966, Process: avwebgrd.exe)
2012/05/18 22:21:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 50999, Process: avwebgrd.exe)
2012/05/18 22:21:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51001, Process: avwebgrd.exe)
2012/05/18 22:22:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51005, Process: avwebgrd.exe)
2012/05/18 22:23:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51030, Process: avwebgrd.exe)
2012/05/18 22:24:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51036, Process: avwebgrd.exe)
2012/05/18 22:25:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51038, Process: avwebgrd.exe)
2012/05/18 22:26:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51046, Process: avwebgrd.exe)
2012/05/18 22:27:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51054, Process: avwebgrd.exe)
2012/05/18 22:28:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51056, Process: avwebgrd.exe)
2012/05/18 22:29:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51060, Process: avwebgrd.exe)
2012/05/18 22:30:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51064, Process: avwebgrd.exe)
2012/05/18 22:31:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51068, Process: avwebgrd.exe)
2012/05/18 22:31:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51070, Process: avwebgrd.exe)
2012/05/18 22:32:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51072, Process: avwebgrd.exe)
2012/05/18 22:33:29 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\AppData\Local\Temp\svchost.bat        Trojan.Downloader.Gen        QUARANTINE
2012/05/18 22:33:29 +0200        SUSI        Ingolf Baikow        ERROR        Quarantine failed:  DeleteFile failed with error code 5
2012/05/18 22:33:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51076, Process: avwebgrd.exe)
2012/05/18 22:34:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51080, Process: avwebgrd.exe)
2012/05/18 22:35:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51084, Process: avwebgrd.exe)
2012/05/18 22:35:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51086, Process: avwebgrd.exe)
2012/05/18 22:36:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51110, Process: avwebgrd.exe)
2012/05/18 22:37:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51139, Process: avwebgrd.exe)
2012/05/18 22:37:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51141, Process: avwebgrd.exe)
2012/05/18 22:38:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51143, Process: avwebgrd.exe)
2012/05/18 22:39:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51149, Process: avwebgrd.exe)
2012/05/18 22:40:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51151, Process: avwebgrd.exe)
2012/05/18 22:41:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51160, Process: avwebgrd.exe)
2012/05/18 22:42:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51164, Process: avwebgrd.exe)
2012/05/18 22:42:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51166, Process: avwebgrd.exe)
2012/05/18 22:43:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51168, Process: avwebgrd.exe)
2012/05/18 22:44:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51172, Process: avwebgrd.exe)
2012/05/18 22:44:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51174, Process: avwebgrd.exe)
2012/05/18 22:45:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51176, Process: avwebgrd.exe)
2012/05/18 22:46:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51180, Process: avwebgrd.exe)
2012/05/18 22:46:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51182, Process: avwebgrd.exe)
2012/05/18 22:47:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51186, Process: avwebgrd.exe)
2012/05/18 22:48:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51190, Process: avwebgrd.exe)
2012/05/18 22:48:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51192, Process: avwebgrd.exe)
2012/05/18 22:49:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51194, Process: avwebgrd.exe)
2012/05/18 22:50:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51211, Process: avwebgrd.exe)
2012/05/18 22:51:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51219, Process: avwebgrd.exe)
2012/05/18 22:52:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51225, Process: avwebgrd.exe)
2012/05/18 22:53:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51227, Process: avwebgrd.exe)
2012/05/18 22:54:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51231, Process: avwebgrd.exe)
2012/05/18 22:54:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51233, Process: avwebgrd.exe)
2012/05/18 22:55:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51250, Process: avwebgrd.exe)
2012/05/18 22:56:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51254, Process: avwebgrd.exe)
2012/05/18 22:56:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51256, Process: avwebgrd.exe)
2012/05/18 22:57:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51258, Process: avwebgrd.exe)
2012/05/18 22:58:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51265, Process: avwebgrd.exe)
2012/05/18 22:59:53 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51267, Process: avwebgrd.exe)
2012/05/18 23:00:58 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51273, Process: avwebgrd.exe)
2012/05/18 23:01:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51275, Process: avwebgrd.exe)
2012/05/18 23:02:58 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51281, Process: avwebgrd.exe)
2012/05/18 23:03:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51283, Process: avwebgrd.exe)
2012/05/18 23:04:58 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51289, Process: avwebgrd.exe)
2012/05/18 23:05:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51291, Process: avwebgrd.exe)
2012/05/18 23:05:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51293, Process: avwebgrd.exe)
2012/05/18 23:06:50 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51334, Process: avwebgrd.exe)
2012/05/18 23:07:54 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51340, Process: avwebgrd.exe)
2012/05/18 23:08:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51342, Process: avwebgrd.exe)
2012/05/18 23:09:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51346, Process: avwebgrd.exe)
2012/05/18 23:10:20 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\AppData\Local\Temp\svchost.bat        Trojan.Downloader.Gen        DENY
2012/05/18 23:10:23 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\AppData\Local\Temp\svchost.bat        Trojan.Downloader.Gen        DENY
2012/05/18 23:10:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51350, Process: avwebgrd.exe)
2012/05/18 23:11:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51356, Process: avwebgrd.exe)
2012/05/18 23:12:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51358, Process: avwebgrd.exe)
2012/05/18 23:13:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51362, Process: avwebgrd.exe)
2012/05/18 23:14:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51366, Process: avwebgrd.exe)
2012/05/18 23:15:55 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51370, Process: avwebgrd.exe)
2012/05/18 23:16:51 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51374, Process: avwebgrd.exe)
2012/05/18 23:17:49 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\AppData\Local\Temp\svchost.bat        Trojan.Downloader.Gen        ALLOW
2012/05/18 23:17:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51378, Process: avwebgrd.exe)
2012/05/18 23:17:56 +0200        SUSI        Ingolf Baikow        IP-BLOCK        92.241.190.233 (Type: outgoing, Port: 51380, Process: avwebgrd.exe)
2012/05/18 23:27:13 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/18 23:27:19 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/18 23:27:23 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/18 23:27:28 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/18 23:29:30 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\AppData\Local\Temp\svchost.bat        Trojan.Downloader.Gen        QUARANTINE
2012/05/18 23:29:31 +0200        SUSI        Ingolf Baikow        DETECTION        c:\users\ingolf baikow\appdata\local\temp\svchost.bat        Trojan.Downloader.Gen        DENY
2012/05/18 23:30:12 +0200        SUSI        Ingolf Baikow        DETECTION        c:\users\ingolf baikow\appdata\local\temp\svchost.bat        Trojan.Downloader.Gen        DENY



2012/05/19 01:14:29 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 01:14:32 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:19:39 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/19 12:19:41 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/19 12:19:44 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/19 12:19:46 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/19 12:23:36 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:23:37 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:30:48 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:30:51 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:30:51 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:30:51 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:31:01 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/19 12:31:09 +0200        SUSI        Ingolf Baikow        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.05.18.07 to version v2012.05.19.03
2012/05/19 12:31:09 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting database refresh
2012/05/19 12:31:09 +0200        SUSI        Ingolf Baikow        MESSAGE        Stopping IP protection
2012/05/19 12:31:11 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection stopped
2012/05/19 12:31:13 +0200        SUSI        Ingolf Baikow        MESSAGE        Database refreshed successfully
2012/05/19 12:31:13 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/19 12:31:14 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/19 12:37:24 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:37:33 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:37:33 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 12:37:33 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/19 15:25:09 +0200        SUSI        Ingolf Baikow        IP-BLOCK        193.169.40.44 (Type: outgoing, Port: 49934, Process: avwebgrd.exe)
2012/05/19 15:25:25 +0200        SUSI        Ingolf Baikow        IP-BLOCK        193.169.40.44 (Type: outgoing, Port: 50002, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50090, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50093, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50101, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50105, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50115, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50125, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50139, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50141, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50153, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50175, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50179, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50180, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50185, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50195, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50199, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50201, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50203, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50219, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50227, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50229, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50233, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50239, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50253, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50255, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50257, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50259, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50263, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50267, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50273, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50277, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50279, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50283, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50289, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50293, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50307, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50309, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50311, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50313, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50315, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50321, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50323, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50325, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50329, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50331, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50337, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50341, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50345, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50347, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50359, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50369, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50373, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50377, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50381, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50393, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50397, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50399, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50403, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50407, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50409, Process: avwebgrd.exe)
2012/05/19 15:26:22 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.65.4 (Type: outgoing, Port: 50410, Process: avwebgrd.exe)
2012/05/19 15:45:05 +0200        SUSI        Ingolf Baikow        IP-BLOCK        88.85.68.12 (Type: outgoing, Port: 51800, Process: avwebgrd.exe)
2012/05/19 16:00:28 +0200        SUSI        Ingolf Baikow        IP-BLOCK        212.95.54.201 (Type: outgoing, Port: 53013, Process: avwebgrd.exe)
2012/05/19 16:05:33 +0200        SUSI        Ingolf Baikow        IP-BLOCK        109.163.226.106 (Type: outgoing, Port: 53480, Process: avwebgrd.exe)
2012/05/19 16:09:02 +0200        SUSI        Ingolf Baikow        IP-BLOCK        109.163.231.119 (Type: outgoing, Port: 53574, Process: avwebgrd.exe)
2012/05/19 16:28:33 +0200        SUSI        Ingolf Baikow        IP-BLOCK        98.142.240.46 (Type: outgoing, Port: 55518, Process: avwebgrd.exe)
2012/05/19 19:19:48 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/19 19:19:51 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/19 19:19:54 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/19 19:19:55 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/19 22:49:17 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/19 22:49:20 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/19 22:49:23 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/19 22:49:24 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/19 22:51:45 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW



2012/05/20 00:58:52 +0200        SUSI        Ingolf Baikow        IP-BLOCK        208.87.149.250 (Type: outgoing, Port: 50013, Process: avwebgrd.exe)
2012/05/20 10:56:28 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/20 10:56:30 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/20 10:56:33 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/20 10:56:35 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/20 11:04:23 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/20 11:04:23 +0200        SUSI        Ingolf Baikow        ERROR        Scheduled update failed:  Host not found failed with error code 0
2012/05/20 23:58:25 +0200        SUSI        Ingolf Baikow        IP-BLOCK        212.100.253.5 (Type: outgoing, Port: 55094, Process: avwebgrd.exe)
2012/05/20 23:58:33 +0200        SUSI        Ingolf Baikow        IP-BLOCK        212.100.253.5 (Type: outgoing, Port: 55098, Process: avwebgrd.exe)



2012/05/21 00:23:08 +0200        SUSI        Ingolf Baikow        IP-BLOCK        173.192.194.250 (Type: outgoing, Port: 55228, Process: avwebgrd.exe)
2012/05/21 00:26:21 +0200        SUSI        Ingolf Baikow        IP-BLOCK        173.192.194.250 (Type: outgoing, Port: 55740, Process: avwebgrd.exe)
2012/05/21 00:48:08 +0200        SUSI        Ingolf Baikow        IP-BLOCK        95.163.66.195 (Type: outgoing, Port: 57076, Process: avwebgrd.exe)
2012/05/21 00:50:57 +0200        SUSI        Ingolf Baikow        IP-BLOCK        95.163.66.195 (Type: outgoing, Port: 57193, Process: avwebgrd.exe)
2012/05/21 01:06:43 +0200        SUSI        Ingolf Baikow        IP-BLOCK        85.159.232.150 (Type: outgoing, Port: 58610, Process: avwebgrd.exe)
2012/05/21 01:06:59 +0200        SUSI        Ingolf Baikow        IP-BLOCK        85.159.232.150 (Type: outgoing, Port: 58654, Process: avwebgrd.exe)
2012/05/21 01:07:31 +0200        SUSI        Ingolf Baikow        IP-BLOCK        85.159.232.150 (Type: outgoing, Port: 58740, Process: avwebgrd.exe)
2012/05/21 12:37:36 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/21 12:37:37 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/21 12:37:37 +0200        SUSI        Ingolf Baikow        ERROR        Scheduled update failed:  Host not found failed with error code 0
2012/05/21 12:37:38 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/21 12:37:41 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/21 12:37:43 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/21 13:23:41 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/21 13:23:43 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/21 13:23:43 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/21 13:23:44 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/21 13:23:44 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/21 14:41:50 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/21 14:41:52 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/21 14:41:55 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/21 14:41:56 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/21 14:43:54 +0200        SUSI        Ingolf Baikow        DETECTION        C:\Users\Ingolf Baikow\Downloads\DecryptHelper-0.5.3.exe        Trojan.FakeAlert        ALLOW
2012/05/21 17:38:02 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/21 17:38:06 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/21 17:38:09 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/21 17:38:11 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/21 18:44:44 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/21 18:44:47 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/21 18:44:50 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/21 18:44:52 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/21 20:00:12 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting protection
2012/05/21 20:00:14 +0200        SUSI        Ingolf Baikow        MESSAGE        Protection started successfully
2012/05/21 20:00:17 +0200        SUSI        Ingolf Baikow        MESSAGE        Starting IP protection
2012/05/21 20:00:18 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection started successfully
2012/05/21 20:24:18 +0200        SUSI        Ingolf Baikow        MESSAGE        Stopping IP protection
2012/05/21 20:24:20 +0200        SUSI        Ingolf Baikow        MESSAGE        IP Protection stopped



2012/05/22 12:18:39 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/22 12:18:56 +0200        SUSI        Ingolf Baikow        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.05.19.03 to version v2012.05.22.01



2012/05/23 17:27:32 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/23 17:27:42 +0200        SUSI        Ingolf Baikow        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.05.22.01 to version v2012.05.23.05


2012/05/24 10:00:55 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/24 10:01:03 +0200        SUSI        Ingolf Baikow        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.05.23.05 to version v2012.05.24.01



2012/05/25 13:29:54 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/25 13:29:54 +0200        SUSI        Ingolf Baikow        ERROR        Scheduled update failed:  Host not found failed with error code 0



2012/05/26 12:07:22 +0200        SUSI        Ingolf Baikow        MESSAGE        Executing scheduled update:  Daily
2012/05/26 12:07:33 +0200        SUSI        Ingolf Baikow        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.05.24.03 to version v2012.05.26.02

Ibai63 26.05.2012 14:35
Hier der Letzte Scann mit AVIRA



Code:

Avira Antivirus Premium 2012
Erstellungsdatum der Reportdatei: Samstag, 26. Mai 2012  13:00

Es wird nach 3750486 Virenstämmen gesucht.

Das Programm läuft als voll funktionsfähige Evaluationsversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Ingolf Baikow
Seriennummer  : 2220834118-PEPWE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : SUSI

Versionsinformationen:
BUILD.DAT      : 12.0.0.1142    42650 Bytes  15.05.2012 13:22:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  17.05.2012 21:43:48
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  17.05.2012 21:43:48
LUKE.DLL      : 12.3.0.15      68304 Bytes  17.05.2012 21:44:14
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:47:08
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 17:46:37
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 13:04:38
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 18:11:57
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 19:46:01
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 17:46:35
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 17:46:35
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 17:46:35
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 17:46:35
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 17:46:35
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 17:46:35
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 17:46:35
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 17:46:35
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 17:46:35
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 21:43:12
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 21:43:13
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 18:47:55
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 07:14:16
VBASE018.VDF  : 7.11.30.208    2048 Bytes  23.05.2012 07:14:16
VBASE019.VDF  : 7.11.30.209    2048 Bytes  23.05.2012 07:14:16
VBASE020.VDF  : 7.11.30.210    2048 Bytes  23.05.2012 07:14:16
VBASE021.VDF  : 7.11.30.211    2048 Bytes  23.05.2012 07:14:16
VBASE022.VDF  : 7.11.30.212    2048 Bytes  23.05.2012 07:14:16
VBASE023.VDF  : 7.11.30.213    2048 Bytes  23.05.2012 07:14:16
VBASE024.VDF  : 7.11.30.214    2048 Bytes  23.05.2012 07:14:16
VBASE025.VDF  : 7.11.30.215    2048 Bytes  23.05.2012 07:14:16
VBASE026.VDF  : 7.11.30.216    2048 Bytes  23.05.2012 07:14:16
VBASE027.VDF  : 7.11.30.217    2048 Bytes  23.05.2012 07:14:16
VBASE028.VDF  : 7.11.30.218    2048 Bytes  23.05.2012 07:14:16
VBASE029.VDF  : 7.11.30.219    2048 Bytes  23.05.2012 07:14:16
VBASE030.VDF  : 7.11.30.220    2048 Bytes  23.05.2012 07:14:16
VBASE031.VDF  : 7.11.31.32    118272 Bytes  26.05.2012 10:06:15
Engineversion  : 8.2.10.68
AEVDF.DLL      : 8.1.2.2      106868 Bytes  25.10.2011 18:19:18
AESCRIPT.DLL  : 8.1.4.19      455034 Bytes  11.05.2012 17:46:39
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 20:17:00
AESBX.DLL      : 8.2.5.5      606579 Bytes  18.03.2012 09:05:50
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.16.13    807287 Bytes  11.05.2012 17:46:39
AEOFFICE.DLL  : 8.1.2.28      201082 Bytes  27.04.2012 12:14:26
AEHEUR.DLL    : 8.1.4.28    4800886 Bytes  17.05.2012 21:43:20
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 17:46:31
AEGEN.DLL      : 8.1.5.28      422260 Bytes  27.04.2012 12:14:19
AEEXP.DLL      : 8.1.0.40      82292 Bytes  17.05.2012 21:43:20
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.25.6      201078 Bytes  18.03.2012 09:05:44
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  17.05.2012 21:42:28
AVPREF.DLL    : 12.3.0.15      51920 Bytes  17.05.2012 21:43:48
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 17:47:08
AVARKT.DLL    : 12.3.0.15    211408 Bytes  17.05.2012 21:43:34
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  17.05.2012 21:43:38
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  17.05.2012 21:44:34
AVSMTP.DLL    : 12.3.0.15      63952 Bytes  17.05.2012 21:43:50
NETNT.DLL      : 12.3.0.15      17104 Bytes  17.05.2012 21:44:21
RCIMAGE.DLL    : 12.3.0.15    4491472 Bytes  17.05.2012 21:42:31
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  17.05.2012 21:42:31

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,

Beginn des Suchlaufs: Samstag, 26. Mai 2012  13:00

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD4
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD5
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOTEPAD.EXE' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmplayer.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSLoader.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SysMonitor.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'eRecoveryService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'sesvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrB.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'MemCheck.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMSServer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2414' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\Program Files\WinRAR\rarnew.dat
  [WARNUNG]  Das Archiv ist unbekannt oder defekt
C:\Users\Ingolf Baikow\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\AppData\Roaming\Microsoft\Document Building Blocks\1031\Building Blocks.dotx
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\AppData\Roaming\Mozilla\Firefox\Profiles\7i723wp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome\chrome_user.jar
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Documents\Blutzuckerwerte.ods
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Documents\Grundsteuer.odt
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Documents\Inserat Auto.odt
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r00
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r01
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r02
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r03
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r04
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r05
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r06
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r07
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r08
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r09
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r10
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r11
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r12
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r13
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r14
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r15
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r16
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r17
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r18
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r19
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r20
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r21
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r22
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r23
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r24
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r25
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r26
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r27
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r28
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r29
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r30
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.r31
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Die Kinder vonis DVDRiP MD German DECRYPTED - ZHONGGUO Oo 1 35 GB\Die.Kinder.von.Paris.DVDRiP.MD.German.DECRYPTED.XViD-ZHONGGUO__www.realmom.info__cd2.rar
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.r50
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.r51
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.r52
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.r53
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.r54
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.r55
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.r56
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\Kaiten Human Torpedo War German 2006 AC3 DVDRiP - GMA - gma - kaiten - xvid\gma-kaiten-xvid.rar
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Reine Fellsache German DVDRip - KiNOWELT nfo Oo 774\Reine.Fellsache.German.DVDRip.XviD-KiNOWELT__www.realmom.info__.rar
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r00
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r01
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r02
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r03
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r04
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r05
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r06
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r07
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r08
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r09
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r10
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r11
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r12
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r13
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r14
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r15
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r16
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r17
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r18
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r19
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r20
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r21
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r22
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r23
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r24
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r25
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r26
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r27
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r28
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r29
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r30
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r31
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r32
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r33
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r34
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r35
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r36
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r37
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r38
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r39
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r40
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r41
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r42
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r43
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r44
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r45
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r46
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r47
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r48
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r49
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r50
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r51
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r52
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r53
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r54
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.r55
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\oO Thor Der Hammer Gottes German 2009 AC3 DVDRip - GMA par2 Oo 1 16 GB\Thor.Der.Hammer.Gottes.German.2009.AC3.DVDRip.XViD-GMA__www.realmom.info__.rar
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r00
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r01
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r02
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r03
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r04
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r05
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r06
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r07
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r08
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r09
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r10
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r11
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r12
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r13
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r14
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r15
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r16
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r17
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r18
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r19
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r20
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r21
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r22
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r23
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r24
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r25
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r26
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r27
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r28
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r29
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r30
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r31
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r32
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r33
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r34
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r35
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r36
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r37
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r38
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r39
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r40
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r41
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r42
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r43
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r44
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r45
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r46
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r47
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r48
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r49
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r50
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r51
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r52
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r53
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r54
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r55
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r56
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r57
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r58
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r59
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r60
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r61
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r62
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r63
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r64
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r65
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r66
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r67
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r68
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r69
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r70
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r71
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.r72
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Documents\Firstload\World Invasion Battle Los Angeles R5 MD German - CIS Oo 1 51 GB\World.Invasion.Battle.Los.Angeles.R5.MD.German.XViD-CIS__www.realmom.info__.rar
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Ingolf Baikow\Downloads\dotnetfx_cleanup_tool.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Downloads\ETF_Acer_2.5.4011_Vistax64Vistax86_A.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Downloads\Modem_Pro-Nets_2.1.74.0_Vistax86_A.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Downloads\pscan.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Downloads\wgprotokollderordentlicheneigentmerversammlungvom16_.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Downloads\wgwegoskarmaistrae21ddwhg_03.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Ingolf Baikow\Downloads\Downloads\avira_free_antivirus_de.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\Ingolf Baikow\Downloads\Downloads\master2011(2).exe
  [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
Beginne mit der Suche in 'D:\' <DATA>
D:\Bewerbungs-Daten\Anschreiben_P_+_S_Labormedien_Handels_GmbH.zip
  [WARNUNG]  Der Archivheader ist defekt
D:\Downloads\dotnetfx_cleanup_tool.zip
  [WARNUNG]  Der Archivheader ist defekt
D:\Firstload Ikarus\Alone in the Dark2 (2008) - German - RATDVD - by PofC\Alone in the Dark2 (2008) - German - RATDVD - by PofC\Alone in the Dark 2 [C-XC O T-131 S-1 A-DE_EN Q-115].ratDVD
  [WARNUNG]  Der Archivheader ist defekt
D:\Firstload Ikarus\Iron Man (2008) - German - RATDVD - by PofC\Iron Man (2008) - German - RATDVD - by PofC\Iron Man (C-XC O T-125 S-1 A-DE_EN Q-115).ratDVD
  [WARNUNG]  Der Archivheader ist defekt
D:\Firstload Ikarus\Nachts im Museum2 - (RaTDvD) - by XSD & ScReaM 0\Nachts im Museum2(C-XC M T-148 S-2 A-EN_DE Q-120).ratDVD
  [WARNUNG]  Der Archivheader ist defekt
D:\Firstload Ikarus\Riddick 2 - Riddick - Chroniken eines Kriegers - (RatDvD) 1\Riddick (RatDvD) (2)\Riddick.ratDVD
  [WARNUNG]  Der Archivheader ist defekt
D:\Firstload Ikarus\The Reaping Die Boten der Apokalypse (RaTDvD) by XSD & ScReaMThe Reaping Die Boten der Apokalypse FSK 16\The Reaping FSK 18 [C-XC M T-133 S-3 A-EN_DE Q-120].ratDVD
  [WARNUNG]  Der Archivheader ist defekt
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 13.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 14.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 15.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 16.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 17.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 172.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 173.zip
  [WARNUNG]  Der Archivheader ist defekt
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 18.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 19.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 20.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 21.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 22.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 23.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 28.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 29.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 30.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 31.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 32.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 33.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 34.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 35.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 36.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 38.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 39.zip
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
D:\SUSI\Backup Set 2011-03-26 191819\Backup Files 2011-03-26 191819\Backup files 51.zip
  [0] Archivtyp: ZIP
  [WARNUNG]  Die Datei konnte nicht gelesen werden!
  --> C/Users/Ingolf Baikow/Documents/Firstload/Piranha German 2010 AC3 DVDRip - KiNOWELT.7z
      [WARNUNG]  Die Datei konnte nicht gelesen werden!


Ende des Suchlaufs: Samstag, 26. Mai 2012  15:28
Benötigte Zeit:  2:28:13 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  26754 Verzeichnisse wurden überprüft
 848740 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 848740 Dateien ohne Befall
  12541 Archive wurden durchsucht
    221 Warnungen
      0 Hinweise
 582948 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

kira 26.05.2012 18:32
► sonst arbeitet dein Rechner einwandfrei?

Datenentschlüsselung:
Wir sind intensiv mit der Lösung beschäftigt, wird das aber noch einige Zeit in Anspruch nehmen. Bisher leider kein Schema entdecken können, wie die Virenprogrammierern mit den Daten umgegangen sind. Leider mußt du damit rechnen, diese Änderung vlt so gut wie nie rückgängig zu machen können.
Da sieht man wieder einmal wie wichtig ist, um die regelmäßige Sicherung ihrer wichtigen Dateien zu kümmern.
Wichtig!:
Nach den ersten vorliegenden Ergebnissen, ich kann dir nur wärmstens empfehlen, alle Funde, die sich in der Quarantine befinden, NICHT endgültig vernichten bzw löschen lassen! Es liegt nämlich die Vermutung nahe, dass
mit den gefundenen und dann entfernten Schadcode, die Wiederherstellung von Originaldaten ist nicht mehr möglich! Also alle Funde auf jeden Fall in der Quarantäne lassen muss!
Die Liste umfasst unter anderem (Software die wir eingesetzt haben):
-> Malwarebytes, OTL/OTLPE (Quarantäne *:\_OTL\Moved Files), deine Antivirensoftware

eventuell noch probieren mit "Wiederherstellen einer Datei mit der Schattenkopie:"
-> http://technet.microsoft.com/de-de/m...09.backup.aspx
-> *klick*


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:43 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58