| |
| |||||||
Log-Analyse und Auswertung: Probleme mit Windows Restore - Schnellstartleiste wiederherstellen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.04.2011, 07:50
| #1 |
| |  Probleme mit Windows Restore - Schnellstartleiste wiederherstellen. Hallo, ich habe mir ebenfalls Windows Restore eingefangen und habe das Problem bereits mit Malwarebytes beseitigt. Habe einen Quick und danach einen vollständigen Scan gemacht. Nachdem ich die Infizierten Daten bereinigt habe, habe ich mir OTL heruntergeladen und einen Scan nach der Anleitung in einem ähnlichen Thema gemacht. Kann mir bitte jemand sagen, was ich nun machen muss, damit ich die Schnellstartleiste und auch die versteckten Dateien wiederherstellen kann? Hier die OTL-Logdaten: OTL.Txt: OTL logfile created on: 13.04.2011 08:26:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joscha\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,27 Gb Total Space | 6,86 Gb Free Space | 3,12% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,80 Gb Free Space | 57,98% Space Free | Partition Type: NTFS Computer Name: JOSCHAS-IPOD | User Name: Joscha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.13 08:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joscha\Downloads\OTL.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.09.19 20:24:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.11.25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\ashDisp.exe PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\ashServ.exe PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009.05.20 23:31:19 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 00:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.09.07 20:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.07 20:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007.08.29 23:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (SafeList) ========== MOD - [2011.04.13 08:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joscha\Downloads\OTL.exe MOD - [2008.06.03 14:10:54 | 000,249,592 | ---- | M] (COMODO) -- C:\Windows\System32\cssdll32.dll MOD - [2008.01.19 00:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009.05.20 23:31:19 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.05.20 23:31:07 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.04.27 14:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.07 20:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.08.29 23:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.05.31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2004.01.11 16:03:32 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\LckFldService.exe -- (LckFldService) ========== Driver Services (SafeList) ========== DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.11.25 00:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009.02.27 18:41:42 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.12.08 18:42:00 | 007,451,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.09.07 20:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.08.29 07:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007.08.29 07:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.02.25 16:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2006.11.27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.08.05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com) IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 21:31:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 21:31:14 | 000,000,000 | ---D | M] [2008.09.03 18:32:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Joscha\AppData\Roaming\mozilla\Extensions [2011.01.09 14:24:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions [2008.01.02 20:32:36 | 000,000,000 | -H-D | M] (Freecorder Toolbar) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2008.03.16 02:38:05 | 000,000,000 | -H-D | M] (Image Zoom [de]) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2009.04.25 00:04:59 | 000,000,000 | -H-D | M] (FoxyTunes) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2009.05.01 11:39:33 | 000,000,000 | -H-D | M] (Stylish) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.11.08 14:53:50 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.22 02:42:00 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.03.02 15:21:48 | 000,000,000 | -H-D | M] (BBCode [de]) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F} [2010.05.15 15:05:19 | 000,000,000 | -H-D | M] (NCH Toolbar) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2011.01.09 14:23:56 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.06.14 00:08:34 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.03.30 01:21:20 | 000,000,000 | -H-D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Joscha\AppData\Roaming\mozilla\Firefox\Profiles\7p6a1b6t.default\extensions\sparweltgutscheinewl@sparwelt.de [2010.05.15 15:06:42 | 000,000,909 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\conduit.xml [2009.11.11 15:04:02 | 000,000,961 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-1.xml [2010.01.17 22:12:19 | 000,000,961 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-10.xml [2010.01.26 12:50:43 | 000,000,961 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-11.xml [2010.03.12 16:32:53 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-12.xml [2010.03.29 14:43:51 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-13.xml [2010.04.02 21:29:34 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-14.xml [2010.05.15 16:51:45 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-15.xml [2010.06.28 12:28:43 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-16.xml [2010.08.01 00:21:55 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-17.xml [2010.09.19 20:24:29 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-18.xml [2009.12.23 12:12:17 | 000,000,961 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-2.xml [2008.02.08 18:51:45 | 000,000,949 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-3.xml [2008.04.20 07:46:06 | 000,000,949 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-4.xml [2008.07.06 20:54:40 | 000,000,949 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-5.xml [2008.07.30 16:22:02 | 000,000,949 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-6.xml [2008.09.25 18:53:07 | 000,000,949 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-7.xml [2009.08.25 16:20:47 | 000,000,950 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-8.xml [2009.10.06 12:01:57 | 000,000,961 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin-9.xml [2008.03.31 09:52:00 | 000,000,168 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin.gif [2008.03.31 09:52:00 | 000,000,618 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin.src [2008.07.10 14:07:28 | 000,000,944 | -H-- | M] () -- C:\Users\Joscha\AppData\Roaming\Mozilla\Firefox\Profiles\7p6a1b6t.default\searchplugins\icqplugin.xml [2010.11.08 14:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.14 16:47:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.04 19:15:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.08 14:53:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009.07.14 16:47:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2008.03.26 18:03:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008.08.15 13:25:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009.05.01 11:40:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 09:28:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.17 13:36:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.03 17:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.07.04 19:15:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.08 14:53:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.06.03 14:10:52 | 000,024,683 | ---- | M] (Ask.com) -- C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.19 20:24:18 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.19 20:24:18 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.19 20:24:18 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.19 20:24:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.19 20:24:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Joscha\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\system32\cssdll32.dll) - C:\Windows\System32\cssdll32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4ec80084-785f-11df-a55e-001dd9eaf902}\Shell - "" = AutoRun O33 - MountPoints2\{4ec80084-785f-11df-a55e-001dd9eaf902}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{91c6decf-f19d-11dc-aaf3-001dd9eaf902}\Shell - "" = AutoRun O33 - MountPoints2\{91c6decf-f19d-11dc-aaf3-001dd9eaf902}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{a33031db-e363-11df-bfc2-001dd9eaf902}\Shell - "" = AutoRun O33 - MountPoints2\{a33031db-e363-11df-bfc2-001dd9eaf902}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{d4e23c40-04ed-11de-9feb-001d09b0e06a}\Shell - "" = AutoRun O33 - MountPoints2\{d4e23c40-04ed-11de-9feb-001d09b0e06a}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{ec7c1958-07d2-11dd-a835-001d09b0e06a}\Shell - "" = AutoRun O33 - MountPoints2\{ec7c1958-07d2-11dd-a835-001d09b0e06a}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.13 07:44:24 | 000,000,000 | ---D | C] -- C:\Users\Joscha\AppData\Roaming\Malwarebytes [2011.04.13 07:44:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.13 07:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.13 07:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.13 07:44:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.13 07:44:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.13 07:43:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joscha\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.08 17:19:44 | 000,000,000 | -H-D | C] -- C:\Users\Joscha\Desktop\iPod Photo Cache [2011.04.04 14:03:13 | 000,000,000 | -H-D | C] -- C:\Users\Joscha\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.04.04 14:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myphotobook.de [2011.04.04 14:02:04 | 000,000,000 | ---D | C] -- C:\Programme\myphotobook.de [2011.04.04 14:02:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR [2011.03.25 16:17:39 | 000,000,000 | -H-D | C] -- C:\Users\Joscha\AppData\Roaming\IDoser [2011.03.25 16:12:40 | 000,000,000 | -H-D | C] -- C:\Users\Joscha\Documents\Dose Files [2011.03.25 16:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Doser Free [2011.03.25 16:12:39 | 000,000,000 | ---D | C] -- C:\Programme\I-Doser Free [2011.03.25 16:05:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2011.03.25 16:03:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.03.25 16:03:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.03.25 16:03:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll ========== Files - Modified Within 30 Days ========== [2011.04.13 08:35:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{57ED9316-F13A-464E-B03C-0A8CD7429FFD}.job [2011.04.13 08:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.04.13 07:59:24 | 000,658,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.13 07:59:23 | 000,704,050 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.13 07:59:23 | 000,158,928 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.13 07:59:23 | 000,129,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.13 07:53:16 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.13 07:53:16 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.13 07:53:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.13 07:52:08 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.13 07:44:19 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 07:43:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joscha\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.12 22:42:58 | 000,064,670 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.12 22:42:41 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~45014792r [2011.04.12 22:42:41 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~45014792 [2011.04.12 22:34:30 | 000,000,384 | -H-- | M] () -- C:\ProgramData\45014792 [2011.04.10 00:29:20 | 000,064,670 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.04.09 13:49:04 | 104,212,358 | -H-- | M] () -- C:\Users\Joscha\Desktop\Lil Wayne - Green and Yellow.rar [2011.04.07 23:32:02 | 000,246,784 | -H-- | M] () -- C:\Users\Joscha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.04 14:02:49 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\myphotobook.de.lnk [2011.04.04 13:48:23 | 000,007,822 | -H-- | M] () -- C:\Users\Joscha\Documents\myphotobook.odt [2011.03.31 16:53:41 | 713,346,620 | -H-- | M] () -- C:\Users\Joscha\Desktop\Spiel ohne Regeln.divx [2011.03.30 00:07:10 | 000,014,949 | -H-- | M] () -- C:\Users\Joscha\Documents\es ist einer dieser tage.odt [2011.03.25 16:39:43 | 047,454,971 | -H-- | M] () -- C:\Users\Joscha\Desktop\Crystal_Meth.rar [2011.03.25 16:38:49 | 033,601,409 | -H-- | M] () -- C:\Users\Joscha\Desktop\lsd.mp3 [2011.03.25 16:38:33 | 043,201,762 | -H-- | M] () -- C:\Users\Joscha\Desktop\previewlökkl.mp3 [2011.03.25 16:37:39 | 043,201,763 | -H-- | M] () -- C:\Users\Joscha\Desktop\preview.mp3 [2011.03.25 16:35:58 | 000,093,415 | -H-- | M] () -- C:\Users\Joscha\Desktop\ex.html [2011.03.25 16:12:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\I-Doser Free.lnk [2011.03.25 16:02:31 | 002,205,686 | -H-- | M] () -- C:\Users\Joscha\Desktop\IDoserFreeSetup.exe [2011.03.21 22:44:47 | 270,699,695 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.18 17:41:24 | 000,001,622 | -H-- | M] () -- C:\Users\Joscha\Desktop\ICQ 7 Multi Starter.lnk ========== Files Created - No Company Name ========== [2011.04.13 07:44:19 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.12 22:32:34 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45014792r [2011.04.12 22:32:34 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~45014792 [2011.04.12 22:31:45 | 000,000,384 | -H-- | C] () -- C:\ProgramData\45014792 [2011.04.09 13:45:26 | 104,212,358 | -H-- | C] () -- C:\Users\Joscha\Desktop\Lil Wayne - Green and Yellow.rar [2011.04.04 14:02:49 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\myphotobook.de.lnk [2011.04.04 13:48:23 | 000,007,822 | -H-- | C] () -- C:\Users\Joscha\Documents\myphotobook.odt [2011.03.31 17:03:53 | 713,346,620 | -H-- | C] () -- C:\Users\Joscha\Desktop\Spiel ohne Regeln.divx [2011.03.30 00:07:10 | 000,014,949 | -H-- | C] () -- C:\Users\Joscha\Documents\es ist einer dieser tage.odt [2011.03.25 16:39:58 | 050,401,488 | -H-- | C] () -- C:\Users\Joscha\Desktop\Crystal_Meth.mp3 [2011.03.25 16:38:20 | 047,454,971 | -H-- | C] () -- C:\Users\Joscha\Desktop\Crystal_Meth.rar [2011.03.25 16:35:56 | 000,093,415 | -H-- | C] () -- C:\Users\Joscha\Desktop\ex.html [2011.03.25 16:35:49 | 033,601,409 | -H-- | C] () -- C:\Users\Joscha\Desktop\lsd.mp3 [2011.03.25 16:35:40 | 043,201,762 | -H-- | C] () -- C:\Users\Joscha\Desktop\previewlökkl.mp3 [2011.03.25 16:33:45 | 043,201,763 | -H-- | C] () -- C:\Users\Joscha\Desktop\preview.mp3 [2011.03.25 16:12:40 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\I-Doser Free.lnk [2011.03.25 16:02:31 | 002,205,686 | -H-- | C] () -- C:\Users\Joscha\Desktop\IDoserFreeSetup.exe [2011.03.21 22:44:09 | 270,699,695 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.02.27 07:51:38 | 000,000,064 | ---- | C] () -- C:\Windows\sysmem32.dat [2010.02.27 12:57:07 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.02.27 12:57:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.02.07 16:24:51 | 000,000,094 | -H-- | C] () -- C:\Users\Joscha\AppData\Local\fusioncache.dat [2010.02.07 16:16:01 | 000,022,328 | -H-- | C] () -- C:\Users\Joscha\AppData\Roaming\PnkBstrK.sys [2010.02.07 16:15:42 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.12.29 21:15:23 | 000,000,028 | ---- | C] () -- C:\Windows\Pueblo.sys [2009.12.24 14:07:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.25 20:44:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LckFldService.exe [2009.02.28 00:30:10 | 000,064,670 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2009.02.28 00:30:10 | 000,064,670 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.12.24 22:39:49 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.12.24 22:39:47 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.12.24 22:39:41 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.06.01 09:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2008.05.31 14:04:59 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI [2008.05.14 03:29:30 | 000,041,296 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2008.04.13 04:22:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2008.03.14 10:58:48 | 000,027,773 | -H-- | C] () -- C:\Users\Joscha\AppData\Roaming\UserTile.png [2008.02.11 20:42:50 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.31 14:12:23 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2008.01.28 22:01:22 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini [2008.01.27 20:42:31 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2008.01.09 20:50:08 | 000,000,745 | ---- | C] () -- C:\Windows\WININIT.INI [2008.01.09 20:49:24 | 000,001,254 | ---- | C] () -- C:\Windows\ODBC.INI [2008.01.09 20:49:24 | 000,000,892 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.01.07 12:16:52 | 000,007,592 | -H-- | C] () -- C:\Users\Joscha\AppData\Local\d3d9caps.dat [2007.12.26 19:50:51 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat [2007.12.26 18:59:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.12.26 13:02:46 | 000,000,000 | -H-- | C] () -- C:\Users\Joscha\AppData\Roaming\wklnhst.dat [2007.12.24 22:49:06 | 000,055,526 | -H-- | C] () -- C:\Users\Joscha\AppData\Roaming\nvModes.001 [2007.12.24 22:08:41 | 000,246,784 | -H-- | C] () -- C:\Users\Joscha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.24 22:01:55 | 000,055,526 | -H-- | C] () -- C:\Users\Joscha\AppData\Roaming\nvModes.dat [2007.12.18 03:28:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.12.18 03:27:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.17 19:34:03 | 000,002,484 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,704,050 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,158,928 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,368,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,658,234 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,129,972 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Joscha\Documents\eigene Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Joscha\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP  FC5A2B2< End of report > Extras.Txt: OTL Extras logfile created on: 13.04.2011 08:26:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joscha\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,27 Gb Total Space | 6,86 Gb Free Space | 3,12% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,80 Gb Free Space | 57,98% Space Free | Partition Type: NTFS Computer Name: JOSCHAS-IPOD | User Name: Joscha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .ini [@ = inifile] -- C:\Program Files\Boxer Text Editor\b.exe (Boxer Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l .txt [@ = txtfile] -- C:\Program Files\Boxer Text Editor\b.exe (Boxer Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- C:\Program Files\Boxer Text Editor\b.exe "%1" (Boxer Software) batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inifile [open] -- C:\Program Files\Boxer Text Editor\b.exe "%1" (Boxer Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- C:\Program Files\Boxer Text Editor\b.exe "%1" (Boxer Software) txtfile [open] -- C:\Program Files\Boxer Text Editor\b.exe "%1" (Boxer Software) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05AC65E8-E177-442C-B76C-96A5A37DDDAB}" = rport=2869 | protocol=6 | dir=out | app=system | "{0B70AA87-D52C-4BC2-A03C-9817DB1827B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{10E18876-F4F0-407A-876C-0BE177D69EE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1C0A5269-E64E-4694-BF6C-F81427DF28CD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2A757FD1-B3CD-498D-9300-8DB25472B408}" = rport=10243 | protocol=6 | dir=out | app=system | "{2C2B1125-B95C-4ED7-94C6-6FABB41A4B99}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3A5F4D8E-DDC1-45D1-BA12-9D8CFB7D190C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{51D5572C-34AD-4EAC-BECB-A14917CB1390}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{57AC1312-9FF1-45E3-8814-9A84E930459B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{824C4175-FA6A-43E0-86B0-43178A5983E3}" = lport=10243 | protocol=6 | dir=in | app=system | "{8D090E82-825C-44A4-9606-918E3550C51F}" = lport=86 | protocol=6 | dir=in | name=broadcam web server | "{908B0960-FB02-4D9A-8B4D-31808DD98029}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{9F7F272B-72C8-4E24-BD95-2F18EA2971B2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AE8A5B04-9772-4408-AB88-9B846309E6EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AF27EF7D-235C-4A5E-BC02-79A4D0392BBD}" = lport=2869 | protocol=6 | dir=in | app=system | "{B03D85C7-7E52-4E13-8FEC-308F53B68C87}" = lport=2869 | protocol=6 | dir=in | app=system | "{D97AC7B1-2F21-4787-A7CC-BC57F8E0EC0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E0FE85A0-1560-4B61-9067-D2B9F020D27C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0580BCB9-9348-422C-83D7-68634D55CFEF}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{0786D5F7-B981-4C7C-8D91-EFA146848D70}" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\call of duty 4 - modern warfare\iw3mp.exe | "{07A79B35-3C3F-4CA5-BC0C-3CB5EDFAD10B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{093E094C-2F3A-43EB-BBAA-80009AFF9766}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0A5037E8-EDCE-4987-91C6-D8D2E5E2B34D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0B5BBC28-4E1A-4750-9B5A-CC8F283D46F8}" = protocol=6 | dir=out | app=system | "{1390AA69-74CC-4A85-845B-E90BF542AE2A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "{15E131E6-BC3B-4BB7-9F63-31C9FEDEF6E5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{18491A37-49AF-4432-8DF1-026D7E3D5150}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{1C7A55DB-3BEF-466C-BB65-0372E5C96FC4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{25323341-C636-4075-A8A2-F313D4E48DF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{28CC6806-FF1E-4F42-B5DE-D67EB7C4B4FD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{2B8088F0-6E0F-4775-BC60-E4E91064BA4E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{2CD923B9-618A-4420-A107-3246F35B27E3}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{2EBCAA1C-3072-40B7-AA2C-15962EA396A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{30520C32-5C09-471B-8BA8-5FBEEA896964}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{3159E53F-48A7-4DAC-8D78-271667BD9AA4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3A745B58-88AB-4598-9B59-5401A0CC73FD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{42076C3B-E070-4241-ABE2-482810DA0A4C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{49B2A3CB-28E7-4673-9299-6B910B8E1BBF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{4E7FB7E2-EADE-4093-A544-1526060E1851}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{552B71B2-008E-477D-8EDE-D7B0FE272A33}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{55C6B1E0-03F3-4042-9267-6A16A80458E7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5A9CE1D2-BEBB-41CE-8E0F-0D1BDE4C673B}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | "{5CB91F02-4EDB-4F09-A820-DD12DA076B6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6304293E-50CB-4481-9B34-7865BB21874D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{71FF4FA7-B1DB-46E5-AB3B-552DC1310318}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{779D57CC-F584-4E47-BADE-183529A4D29D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{785FD29A-2795-4ECD-B56C-A890B1849AAE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{7B4C9E2B-6D90-4251-94E2-C81B0CCF480D}" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\call of duty 4 - modern warfare\iw3mp.exe | "{7F031235-538B-455D-9427-5A758F132818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7F12B730-5C1C-4DE8-AF5E-A1D26772B042}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7FD7E94D-6C32-487D-BACF-3A4BFDA127FC}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{88318EC2-36EA-46F3-9BCF-F09FAB1FA3A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8C4DDD54-F59C-4F49-B868-8E306C3704E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{97324976-DC36-4746-BCBE-3A62BB5DF01D}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "{9876B121-4297-408A-8DEC-1538E0016AC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9C8CC478-2FBA-4355-8ABF-9FF95532D7FA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{9DC36A77-F586-4952-BE3D-F8F1A66814C5}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{9E9F95BB-34A8-4BA8-8871-F4259B549700}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{AA222D6F-44D9-4D39-9C73-48A778A6358F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{BCF8BB1D-5CC9-4530-A2B3-1CCE1E5E667A}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe | "{C48F8385-78D6-45DA-AD20-9D7E23F940AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C93E1EC0-8DDC-4DE3-BE53-6CC44681D30C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF50C0E5-7EF0-429C-ABAB-7F4DDE1A6664}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{D1EE7359-FEF5-4AD5-ACEB-826F98488B76}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D1F83AB7-277D-4090-9A6D-FD29B21D48CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D3AC2865-C432-4212-8ADC-3FE52C87A0E0}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{D537D189-A8C9-486C-834D-F0DA7F5CB0A5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{D5F78E56-7FA0-4A89-BEB3-CBA7C3914032}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DBEA26B9-CB1D-4BE7-BD12-BD1D06674232}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E0B769D6-7B9D-4250-A7C2-54A79BEF42D7}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{E6E1A9B4-7F94-46C5-8F82-76AFF99A3F28}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | "{F6C4A9BD-0705-48DA-ACCE-83D8FBAC410F}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{F9C7BB7D-1D78-474D-A019-3F75C38F79E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{070E3E63-00F2-4807-81C2-17CDCD245B9F}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\counter-strike 1.6 - cracked\hl.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\counter-strike 1.6 - cracked\hl.exe | "TCP Query User{0C54C82C-22E1-4F10-A16A-BA15BD2C7D6D}C:\users\joscha\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\joscha\desktop\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{0E25B975-E10D-42FA-8B44-FF5C7B5B0E0A}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\call of duty 4 - modern warfare\iw3mpcrack.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\call of duty 4 - modern warfare\iw3mpcrack.exe | "TCP Query User{1D50F05F-2CDC-48F2-B010-F1C69B079A6A}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{2297285D-630A-43CD-88EC-FD3B14716EA8}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "TCP Query User{2C982F51-FC5D-4C0E-8DA1-E3A53C7A9875}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | "TCP Query User{2E317BDD-B984-441D-913E-A91C25F49C78}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "TCP Query User{3117060F-7A0B-43C1-8084-B8A00422353B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{327140C0-3939-4CF7-94E1-241044990218}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{331EA234-6D1F-4CF9-AC56-F3852112105E}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{3B7E3FD2-6056-4FB8-845F-6A78A44F2F33}C:\program files\icq7.0\icq.exe2" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe2 | "TCP Query User{3DDA2732-9ACA-4165-A5A4-07E6B4C8CF89}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{3DEC48F4-0193-42F6-B5BD-F7F57E08F056}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{40934EED-FEF3-4124-A06E-785D55ABE1C0}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\battlefield vietnam\bfvietnam.exe | "TCP Query User{40F74871-9E01-4D7A-9022-2F9DBA861FC5}C:\users\joscha\desktop\aircrack-ng-1.0-win\bin\buddy-ng.exe" = protocol=6 | dir=in | app=c:\users\joscha\desktop\aircrack-ng-1.0-win\bin\buddy-ng.exe | "TCP Query User{5495FBC2-A0BD-4AAE-A292-06459E786141}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{617979AA-41D2-4404-9986-AFBF55E5491F}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{6373113E-D9E2-40D0-962B-4B28FC7710AE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{64ADB849-88CA-4D21-985C-93323E36F80E}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | "TCP Query User{65682DA8-DC24-4CAD-842C-48C042133F18}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | "TCP Query User{65E3D0BF-5D9B-45A2-AB99-A6A6EC11BE6D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{727F8470-F8A9-4889-9713-55963C85E628}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{8215DA47-DDC5-405D-9C6F-FE7F221605A3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{9A1FB185-1F12-476B-A41E-52A53DE791EA}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "TCP Query User{9B7B82F6-556F-40EE-B7D4-1E5EA89AE67F}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | "TCP Query User{A40872F6-61E6-4447-ACEB-693D1434312C}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\battlefield vietnam\bfvietnam.exe | "TCP Query User{B895E7CD-D002-47C9-93ED-1A66BF17E34D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{B8F8E69A-77D3-426D-B249-C4B283417005}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "TCP Query User{BC380EBB-F119-4680-A8E5-6564C73ABADE}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\cs\hl.exe | "TCP Query User{D673AA78-BC2A-472B-9A89-89D75ACDAFD0}C:\program files\icq7.0\icq.exe1" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe1 | "TCP Query User{D6DCD171-42B8-47DE-A5FB-F59A35792927}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{D893E8AA-84AD-4E31-A465-E2130E495AE2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{E502032B-1681-461C-B7FF-60BF0EF75ED3}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{EFC7FA44-B686-4E40-8810-5FA2DB8AD7C4}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "TCP Query User{F6749CB7-E11F-4D7E-8186-DC65ABBA95A2}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\cs\hl.exe | "TCP Query User{FD975A6E-D7A1-456E-B485-B58B8BE73442}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\counter-strike 1.6 - cracked\hl.exe" = protocol=6 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\counter-strike 1.6 - cracked\hl.exe | "TCP Query User{FF6ED020-4A4B-4C60-8EB7-6064F2194E92}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{04A5C647-71B6-4E89-B292-C1AE6690502B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{189DEE3C-4432-4A19-A161-DEBAA355DEF1}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\battlefield vietnam\bfvietnam.exe | "UDP Query User{1E28C5CE-14A3-4553-A50C-51B2F9DC83A1}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{1E373452-C27A-44E8-BE92-73A170490114}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{27580239-3C47-4BB4-BC19-BD5349AB5B97}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{29ED34B1-9187-45F6-B484-EEC3E9751A55}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "UDP Query User{2B727E97-81D9-4589-B5FE-60845E4F85F4}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | "UDP Query User{30F7F63B-19EC-486E-BA98-9CE046990E5C}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\counter-strike 1.6 - cracked\hl.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\counter-strike 1.6 - cracked\hl.exe | "UDP Query User{3CBA081C-41BB-47E7-BF45-54C714F529BA}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{4546B3E1-2BE0-40D2-AA56-709039A61855}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{4F39055B-9F87-4044-B231-8978753EDCF4}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | "UDP Query User{51B661C8-FC0A-4780-AB2E-18BB67B3A89B}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{5E185D74-06DC-48DA-BE21-D85A8A726FE7}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "UDP Query User{734D2354-B837-43D4-9DE4-B74EFA2298E1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{75184A28-0890-4A80-9EDA-604A6DA1E64B}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{77C4572C-197A-4898-86AB-E283D38719D5}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\cs\hl.exe | "UDP Query User{77E58927-AC70-40BA-BAFC-E5CA7342C658}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{809DDFCC-51E2-46A2-8E0C-48CE046491A3}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{87D8E5D5-4AC8-4FFB-9A02-78413E39BF4D}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\battlefield vietnam\bfvietnam.exe | "UDP Query User{94014A30-B553-49E5-8049-75ED5E7E1A21}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | "UDP Query User{9DB5AAFE-F633-42E1-BF73-0BA01E9C6838}C:\users\joscha\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\joscha\desktop\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{AB3BCFB4-FB00-465F-B98A-8605E2EC0F4B}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "UDP Query User{AC474A1C-EE6A-4572-A18D-2BB9BAF26277}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | "UDP Query User{AE9E039B-40B2-42DE-9596-CD1E1ED53A5F}C:\program files\icq7.0\icq.exe1" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe1 | "UDP Query User{B42E3D2D-DE00-4FC3-94E9-E58791B1691E}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{BA0C2BDA-25C3-46B4-B241-C704848D5FBA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{BF021DE2-57F3-4048-864E-25E1D5BCF33F}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{C1E6E609-650A-4E35-8793-CDD2102F0D6E}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{C2D6BCF5-C7D2-423B-86F3-B532C79979CF}C:\users\joscha\desktop\aircrack-ng-1.0-win\bin\buddy-ng.exe" = protocol=17 | dir=in | app=c:\users\joscha\desktop\aircrack-ng-1.0-win\bin\buddy-ng.exe | "UDP Query User{C7044968-D58F-4301-B0F1-6928AC8585C2}C:\program files\icq7.0\icq.exe2" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe2 | "UDP Query User{C8360F87-C0F8-496C-ABC3-5117ED276A54}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\counter-strike 1.6 - cracked\hl.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\counter-strike 1.6 - cracked\hl.exe | "UDP Query User{D75AE437-D8D7-4B54-851C-DC8CDF4936A0}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\call of duty 4 - modern warfare\iw3mpcrack.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\call of duty 4 - modern warfare\iw3mpcrack.exe | "UDP Query User{D9E17993-0C51-4A99-B033-24A2DF98989A}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{E07919B0-77CA-4A8B-B6A0-B59C29B75C13}C:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheißzeugsda\spiele\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\joscha\pictures\neuer ordner\eigene dateien\desktopsymbole xdxd scheisszeugsda\spiele\cs\hl.exe | "UDP Query User{E5D2F96A-1E9D-4170-ABA2-163FE588F51C}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "UDP Query User{EB4AB847-15FD-427C-9CB0-99C766FE1393}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{F4312DC8-2B4E-4A64-B10A-9AB19FF64898}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{441C8911-CEC0-19E6-6CAC-694553E06A28}" = myphotobook.de "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4 "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:30 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Alternate Directory_is1" = Alternate Directory 3.013 "ArtMoney SE_is1" = ArtMoney SE v7.31 "avast!" = avast! Antivirus "Boxer Text Editor" = Boxer Text Editor v13.0 "de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de "Debut" = Debut Video Capture Software "Easy-Shutdown" = Easy-Shutdown 1.3 "Folder Access 2.0.0 Free Version" = Folder Access 2.0.0 Free Version "Forte Free" = Forte Free 2.0 "FoxyTunesForFirefox" = FoxyTunes for Firefox "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3 "Free Studio_is1" = Free Studio version 4.3 "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1 "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.4 "Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1 "Free YouTube Download_is1" = Free YouTube Download 2.2 "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Frequency Generator 2007" = Frequency Generator 2007 "I-Doser" = I-Doser Free "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "IPS" = IPS "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McLoad Preinstaller" = McLoad Preinstaller "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NCH Toolbar" = NCH Toolbar "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "Prism" = Prism Video Converter "PunkBusterSvc" = PunkBuster Services "SoundTap" = SoundTap Streaming Audio Recorder "ST6UNST #1" = NfS CarTuner "SynTPDeinstKey" = Dell Touchpad "ToolBox" = NCH Toolbox "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "winpcap-nmap" = winpcap-nmap 4.02 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = CopyTrans Suite Remove Only "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 17.03.2010 17:55:42 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Joscha\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\0bca7fc8b7117fa83080cfd5e17e09bd83fa016d\constructedids.synciddb-journal failed, 00000005. Error - 11.04.2010 18:07:26 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe failed, 00000005. Error - 24.04.2010 19:12:19 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Joscha\AppData\Local\Temp\etilqs_GLoyW0Zy8raOYwfA6BvR failed, 00000005. Error - 24.04.2010 19:27:15 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 15.05.2010 10:51:37 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Joscha\AppData\Local\Mozilla\Firefox\Profiles\7p6a1b6t.default\Cache\_CACHE_002_ failed, 00000005. Error - 01.11.2010 18:12:29 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Joscha\AppData\Local\Temp\flaA05.tmp failed, 00000005. Error - 03.11.2010 12:04:12 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Joscha\AppData\Local\Last.fm\Client\iTunesPlays.db failed, 00000005. Error - 10.11.2010 13:18:34 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 12.12.2010 12:24:26 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of H:\DCIM\100MSDCF\DSC00689.JPG failed, 00000005. Error - 10.02.2011 17:38:53 | Computer Name = Joschas-iPod | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Joscha\AppData\Local\Temp\plugtmp-30\plugin-player_login.php failed, 00000005. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Danke im Vorraus!  |
|
13.04.2011, 11:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme mit Windows Restore - Schnellstartleiste wiederherstellen. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
| Themen zu Probleme mit Windows Restore - Schnellstartleiste wiederherstellen. |
| adblock, alternate, antivirus, autorun, avast!, bho, bonjour, call of duty, canon, conduit, converter, decrypter, desktop, error, failed, firefox, flash player, format, grand theft auto, home, install.exe, location, logfile, mozilla, mp3, nvlddmkm.sys, oldtimer, plug-in, problem, registry, rundll, safer networking, saver, scan, schnellstartleiste, searchplugins, security, shell32.dll, shortcut, skype.exe, software, sptd.sys, start menu, studio, svchost.exe, udp, versteckte dateien, video converter, vista, windows, windows restore |
Linear-Darstellung
