Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer ist schlagartig langsammer geworden.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2010, 21:34   #1
Carso
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



Hey, ich bin nicht sicher ob das trojaner-board die richtige anlaufstelle ist, aber ich kann mir irgendwie nichts anderes mehr vorstellen.

mein system (2gb ram, dual core 6400 @2,13GHz prozessor, nvidia Grafikk.) ist seit ca 3 tagen echt langsam geworden.

das hochfahren dauert länger, aber vor allem das öffnen von programmen ist unglaublich anstrengend. davon sind so ziemlich alle programme betroffen ausser der explorer selbst (der ja auch nicht wirklich ein programm ist...).
ganz extrem ist es bei firefox, der teilweise bis zu 5-6 minuten braucht um zu starten. ab und zu muss ich vorher ein skript beenden, bevor er startet.

ich habe bereits defragmentiert, den PC mit CCleaner bereinigt und das einzige programm dass ich in letzter zeit installiert habe ("elster" um online die steuer zu machen) wieder entfernt, aber nichts hilft.

kann das ganze mit malware zu tun haben? antivir und Ad-Aware haben nichts gefunden. soll ich trotzdem mal einen hijack-this log posten?

falls ich hier falsch bin: sorry! löscht den post einfach.

viele grüße
carso

Alt 30.12.2010, 11:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 30.12.2010, 17:40   #3
Carso
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



hey, das hatte ich gestern abend schonmal vorsorglich gemacht

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5419

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

29.12.2010 23:10:46
mbam-log-2010-12-29 (23-10-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151619
Laufzeit: 6 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Wincodec (Trojan.Agent) -> Value: Wincodec -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\xxx\AppData\Roaming\Modfree\resnew.exe (Trojan.Agent) -> No action taken.
         

Code:
ATTFilter
OTL logfile created on: 29.12.2010 22:01:10 - Run 6
OTL by OldTimer - Version 3.2.18.2     Folder = D:\My Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,08 Gb Total Space | 6,22 Gb Free Space | 15,93% Space Free | Partition Type: NTFS
Drive D: | 129,56 Gb Total Space | 48,80 Gb Free Space | 37,66% Space Free | Partition Type: NTFS
Drive J: | 129,45 Gb Total Space | 31,97 Gb Free Space | 24,69% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 625,00 Gb Free Space | 67,10% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\My Documents\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\shfolder.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (NETFWDSL) -- C:\Windows\System32\DRIVERS\NETFWDSL.SYS File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (SASKUTIL) -- D:\SuperAntiSpyWare\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SASDIFSV) -- D:\SuperAntiSpyWare\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (MSTAPE) -- C:\Windows\System32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (sonypvs1) -- C:\Windows\System32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/xxx/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4984e93c.pac"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\RealPlayer\browserrecord [2008.01.29 14:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.21 03:42:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.21 16:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: D:\Thunderbird\components [2010.11.28 23:52:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: D:\Thunderbird\plugins
 
[2010.09.29 19:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2010.09.29 19:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.29 03:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions
[2010.06.28 23:04:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 20:09:30 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010.08.01 16:25:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.26 10:53:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.18 12:29:15 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.12.25 02:07:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.28 23:04:41 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.06.20 22:29:03 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ahsvcjx6.default\extensions\DTToolbar@toolbarnet.com
[2010.06.20 22:28:57 | 000,002,059 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\ahsvcjx6.default\searchplugins\daemon-search.xml
[2010.12.29 21:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.29 19:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\ThunderbirdPortable\App\Thunderbird\extensions
[2010.09.29 19:03:44 | 000,000,000 | ---D | M] (Thunderbird (default)) -- C:\Programme\Mozilla Firefox\ThunderbirdPortable\App\Thunderbird\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.09.29 19:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\ThunderbirdPortable\Data\profile\extensions
[2009.08.21 16:52:42 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.10.29 16:45:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.29 16:45:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.29 16:45:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.29 16:45:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.29 16:45:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.12 13:47:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DMS-Kalenderchen] D:\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Wincodec] C:\Users\xxx\AppData\Roaming\Modfree\resnew.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\SuperAntiSpyWare\SASWINLO.dll - D:\SuperAntiSpyWare\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\SuperAntiSpyWare\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{347bf044-461b-11de-83fc-001a92821b19}\Shell - "" = AutoRun
O33 - MountPoints2\{347bf044-461b-11de-83fc-001a92821b19}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\K:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: chkdinst - (C:\Windows\system32\cmstNAME.dll) - C:\Windows\System32\cmstNAME.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.29 21:59:53 | 000,602,624 | ---- | C] (OldTimer Tools) -- D:\My Documents\OTL.exe
[2010.12.28 21:32:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.26 21:35:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Modfree
[2010.12.25 13:49:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2010.12.25 13:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2010.12.25 13:45:33 | 000,000,000 | ---D | C] -- C:\Programme\ElsterFormular
[2010.12.25 13:35:48 | 056,404,080 | ---- | C] (Landesfinanzdirektion Thüringen) -- D:\My Documents\ElsterFormular-11.5.3.5585.exe
[2010.12.21 16:04:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.12.21 16:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.12.21 15:41:43 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.12.21 15:41:40 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.12.21 15:40:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Sunbelt Software
[2010.12.21 15:21:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010.12.20 16:08:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\ticket
[2010.12.17 15:48:10 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.15 14:23:10 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 14:23:09 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 14:23:09 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 14:23:09 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 14:23:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 14:23:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 14:23:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 14:23:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 14:23:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 14:23:05 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 14:23:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 14:23:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 14:23:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.15 14:23:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.15 14:22:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.11 00:08:59 | 000,000,000 | ---D | C] -- D:\My Documents\Crazy Browser
[2010.12.05 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\.jordan
[2010.12.03 02:39:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\status
[2007.10.19 19:15:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\xxx\AppData\Roaming\pcouffin.sys
[3 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.29 22:00:21 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4318E496-D163-410D-9ABB-89E26924B160}.job
[2010.12.29 22:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.12.29 21:59:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\My Documents\OTL.exe
[2010.12.29 21:23:36 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.29 21:23:36 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.29 20:55:54 | 000,623,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.29 20:55:54 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.29 20:55:54 | 000,124,978 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.29 20:55:54 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.29 20:53:38 | 000,102,877 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.12.29 20:53:36 | 000,088,665 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.12.29 20:53:13 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.29 20:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.28 20:59:13 | 000,236,544 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 16:18:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.12.26 22:25:15 | 044,067,955 | ---- | M] () -- D:\My Documents\16.3.zip
[2010.12.25 17:28:53 | 095,799,228 | ---- | M] () -- D:\My Documents\Hirsch.rar
[2010.12.25 14:25:12 | 000,054,412 | ---- | M] () -- C:\Users\xxx\Desktop\komprimierte Steuererklaerung_est_2009.pdf
[2010.12.25 14:25:00 | 000,076,581 | ---- | M] () -- C:\Users\xxx\ESt2009 xxx xxx.elfo
[2010.12.25 13:43:39 | 056,404,080 | ---- | M] (Landesfinanzdirektion Thüringen) -- D:\My Documents\ElsterFormular-11.5.3.5585.exe
[2010.12.21 16:05:16 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.21 15:41:40 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.12.21 15:21:40 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.12.20 21:12:01 | 000,297,947 | ---- | M] () -- C:\Users\xxx\Desktop\16_hi.jpg
[2010.12.20 15:15:56 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 19:27:56 | 000,564,070 | ---- | M] () -- C:\Users\xxx\Desktop\6a0133f4950835970b0147e0c43ec6970b.jpg
[2010.12.17 16:01:18 | 000,040,082 | ---- | M] () -- D:\My Documents\cc_20101217_160056.reg
[2010.12.17 15:48:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.16 21:11:38 | 001,258,322 | ---- | M] () -- D:\My Documents\Filmkopien 3.png
[2010.12.16 21:11:36 | 001,376,245 | ---- | M] () -- D:\My Documents\Filmkopien 2.png
[2010.12.16 21:11:34 | 000,809,619 | ---- | M] () -- D:\My Documents\Filmkopien 1.png
[2010.12.16 03:22:19 | 000,523,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.12 14:01:55 | 000,129,710 | ---- | M] () -- D:\My Documents\Gruppenverteilung.pdf
[2010.12.12 14:01:53 | 000,015,886 | ---- | M] () -- D:\My Documents\Mitgliederliste.pdf
[2010.12.04 10:09:47 | 000,144,369 | ---- | M] () -- D:\My Documents\Groupon-A32F489855.pdf
[2010.12.04 10:09:43 | 000,144,838 | ---- | M] () -- D:\My Documents\Groupon-450801E5B1.pdf
[2010.12.04 10:09:38 | 000,144,572 | ---- | M] () -- D:\My Documents\Groupon-C58C59BF29.pdf
[2010.12.04 10:09:34 | 000,144,924 | ---- | M] () -- D:\My Documents\Groupon-8B66373DAE.pdf
[2010.12.04 10:09:30 | 000,144,561 | ---- | M] () -- D:\My Documents\Groupon-BB1F71163F.pdf
[2010.12.04 10:09:25 | 000,145,030 | ---- | M] () -- D:\My Documents\Groupon-9A3B5E377E.pdf
[2010.12.04 10:09:22 | 000,144,943 | ---- | M] () -- D:\My Documents\Groupon-3485133FEF.pdf
[2010.12.04 10:09:17 | 000,144,806 | ---- | M] () -- D:\My Documents\Groupon-F032DD21C1.pdf
[2010.12.04 10:09:12 | 000,144,760 | ---- | M] () -- D:\My Documents\Groupon-3BEA6DB3FD.pdf
[2010.12.04 10:09:07 | 000,144,709 | ---- | M] () -- D:\My Documents\Groupon-3F5F225C94.pdf
[2010.12.03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.12.03 10:05:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.12.01 03:25:12 | 000,000,600 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd
[2010.12.01 01:32:37 | 000,000,599 | ---- | M] () -- C:\Windows\ULead32.ini
[3 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.26 22:10:18 | 044,067,955 | ---- | C] () -- D:\My Documents\16.3.zip
[2010.12.25 16:53:39 | 095,799,228 | ---- | C] () -- D:\My Documents\Hirsch.rar
[2010.12.25 14:25:12 | 000,054,412 | ---- | C] () -- C:\Users\xxx\Desktop\komprimierte Steuererklaerung_est_2009.pdf
[2010.12.25 13:55:52 | 000,076,581 | ---- | C] () -- C:\Users\xxx\ESt2009 xxx xxx.elfo
[2010.12.25 13:08:31 | 000,001,256 | ---- | C] () -- C:\Users\xxx\Desktop\Movies.lnk
[2010.12.21 16:05:16 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.21 15:21:40 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.12.20 21:12:00 | 000,297,947 | ---- | C] () -- C:\Users\xxx\Desktop\16_hi.jpg
[2010.12.18 19:27:54 | 000,564,070 | ---- | C] () -- C:\Users\xxx\Desktop\6a0133f4950835970b0147e0c43ec6970b.jpg
[2010.12.17 16:01:00 | 000,040,082 | ---- | C] () -- D:\My Documents\cc_20101217_160056.reg
[2010.12.17 15:48:12 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.16 21:11:38 | 001,258,322 | ---- | C] () -- D:\My Documents\Filmkopien 3.png
[2010.12.16 21:11:36 | 001,376,245 | ---- | C] () -- D:\My Documents\Filmkopien 2.png
[2010.12.16 21:11:33 | 000,809,619 | ---- | C] () -- D:\My Documents\Filmkopien 1.png
[2010.12.12 14:01:55 | 000,129,710 | ---- | C] () -- D:\My Documents\Gruppenverteilung.pdf
[2010.12.12 14:01:52 | 000,015,886 | ---- | C] () -- D:\My Documents\Mitgliederliste.pdf
[2010.12.04 10:09:47 | 000,144,369 | ---- | C] () -- D:\My Documents\Groupon-A32F489855.pdf
[2010.12.04 10:09:43 | 000,144,838 | ---- | C] () -- D:\My Documents\Groupon-450801E5B1.pdf
[2010.12.04 10:09:38 | 000,144,572 | ---- | C] () -- D:\My Documents\Groupon-C58C59BF29.pdf
[2010.12.04 10:09:34 | 000,144,924 | ---- | C] () -- D:\My Documents\Groupon-8B66373DAE.pdf
[2010.12.04 10:09:30 | 000,144,561 | ---- | C] () -- D:\My Documents\Groupon-BB1F71163F.pdf
[2010.12.04 10:09:25 | 000,145,030 | ---- | C] () -- D:\My Documents\Groupon-9A3B5E377E.pdf
[2010.12.04 10:09:22 | 000,144,943 | ---- | C] () -- D:\My Documents\Groupon-3485133FEF.pdf
[2010.12.04 10:09:17 | 000,144,806 | ---- | C] () -- D:\My Documents\Groupon-F032DD21C1.pdf
[2010.12.04 10:09:12 | 000,144,760 | ---- | C] () -- D:\My Documents\Groupon-3BEA6DB3FD.pdf
[2010.12.04 10:09:06 | 000,144,709 | ---- | C] () -- D:\My Documents\Groupon-3F5F225C94.pdf
[2010.11.25 01:42:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.11.25 01:42:24 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.10.20 11:23:32 | 000,000,087 | ---- | C] () -- C:\Windows\settings.ini
[2010.10.05 16:50:23 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd
[2010.06.18 13:02:33 | 000,017,408 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db
[2010.05.26 12:48:26 | 000,000,150 | ---- | C] () -- C:\Windows\System32\ImportDF.ini
[2009.10.26 12:42:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.21 15:06:27 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.05.14 11:31:45 | 000,088,665 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.14 11:31:44 | 000,102,877 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.09 00:14:50 | 000,000,086 | ---- | C] () -- C:\Windows\EmperorEdit.INI
[2009.01.27 17:17:22 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.01.27 17:17:11 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.01.27 16:10:42 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.01.23 01:38:54 | 000,000,073 | ---- | C] () -- C:\Windows\maplev4.ini
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.22 19:33:14 | 000,029,962 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin
[2008.10.07 17:07:43 | 000,000,374 | ---- | C] () -- C:\Windows\capture.ini
[2008.09.06 18:21:42 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2008.06.18 14:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.17 21:19:41 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\PUTTY.RND
[2007.11.13 21:31:59 | 000,000,023 | ---- | C] () -- C:\Windows\SLAY.INI
[2007.10.30 22:28:54 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007.10.29 23:24:52 | 000,001,414 | ---- | C] () -- C:\Windows\disney.ini
[2007.10.19 19:15:25 | 000,000,034 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.log
[2007.10.19 19:15:07 | 000,007,887 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.cat
[2007.10.19 19:15:07 | 000,001,144 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.inf
[2007.06.11 21:23:52 | 000,000,277 | ---- | C] () -- C:\Windows\VideodeLuxe.INI
[2007.06.04 20:06:58 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI
[2007.05.14 13:49:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.05.10 15:16:03 | 000,000,599 | ---- | C] () -- C:\Windows\ULead32.ini
[2007.05.09 19:00:45 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.05.08 14:10:28 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.05.08 14:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2007.05.06 19:38:44 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.05.06 17:07:33 | 000,236,544 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.05.03 20:40:56 | 000,029,239 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png
[2007.04.16 08:03:57 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2007.04.16 08:03:55 | 000,012,231 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.04.16 08:03:47 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\xxx\Desktop\DSCF0276.AVI:TOC.WMV
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1247C505
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ECF5194F

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 29.12.2010 22:01:10 - Run 6
OTL by OldTimer - Version 3.2.18.2     Folder = D:\My Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,08 Gb Total Space | 6,22 Gb Free Space | 15,93% Space Free | Partition Type: NTFS
Drive D: | 129,56 Gb Total Space | 48,80 Gb Free Space | 37,66% Space Free | Partition Type: NTFS
Drive J: | 129,45 Gb Total Space | 31,97 Gb Free Space | 24,69% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 625,00 Gb Free Space | 67,10% Space Free | Partition Type: NTFS
 
Computer Name: SCOTTY | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090DA493-1C43-424A-A477-BDD645E74502}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher | 
"{0A2B512F-D038-486C-A31A-C68D0A76FB81}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher | 
"{0D37B204-4FA5-4DB1-8B9A-0B38BACF4F62}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher | 
"{186F96FD-7ADB-44E1-870C-C0C4DF73FFBD}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{205611DB-62C9-40F9-83A6-72D0C9CB0554}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{2D1BD9D4-7B7D-400E-B04E-71970458D38E}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher | 
"{2EE98E33-6140-4C24-97B7-D8C0EEB49231}" = lport=6941 | protocol=17 | dir=in | name=league of legends launcher | 
"{347C9619-DACD-466B-86C0-5A79B2A76AD8}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher | 
"{36D181EC-2697-4491-B1F9-DD90BF9AF88A}" = lport=6941 | protocol=6 | dir=in | name=league of legends launcher | 
"{39ECF3A2-0BF3-45DA-99C4-4AE983E3C56D}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher | 
"{3F1553D1-1924-48B6-95E0-388D3A616E01}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher | 
"{3F6DF32E-8635-403E-9B18-53662CDF3ACF}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | 
"{55C58D22-DC92-45CB-84A8-A87AC886EF17}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{58C93CF8-9BF2-48CB-BBE1-3AC8DDEFCE59}" = lport=6977 | protocol=6 | dir=in | name=league of legends launcher | 
"{7BF7EF93-4218-4E2C-8367-6AE13612E45D}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{80448A44-8FAB-4AA9-BAA1-0164FC0F8DF2}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher | 
"{8082EC55-B122-4D0B-AD52-875BA29E1C79}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher | 
"{867A2E8A-CAE2-4C38-9525-D7B698841E25}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{93AF549E-2287-4260-AE3C-C5EAE3BA26CD}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher | 
"{9861123C-C17B-4A28-B69D-77682123D82C}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{99D5D1B2-BC19-40F5-BBC2-A3E4A9548589}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher | 
"{9A1BF246-6558-4ACE-BA42-45B9D8D4AFA1}" = lport=6977 | protocol=17 | dir=in | name=league of legends launcher | 
"{9A78EB68-6618-4D2E-A06E-F6D3F108C35C}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher | 
"{9EC74AC4-5603-4413-BBA7-9C185219988D}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher | 
"{AAB36251-F5B2-4907-A678-8B20D6A0F5A7}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{ABEDC0EA-7CB4-4B94-A496-06C1E5C0A75E}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{B1D3663C-1A16-4A58-BA5E-CA0D0606E6EF}" = lport=6942 | protocol=6 | dir=in | name=league of legends launcher | 
"{B67DA565-F27B-4188-A95C-B64AD64955E0}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{BD479ECF-F2DF-4ED3-A1B1-2455BDEE8D1A}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher | 
"{CD808F51-0B25-41D5-AE30-B6229340451A}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher | 
"{CF8D335B-36A1-42EA-AE88-0AC00C590BB4}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{D6C6CADE-B022-4F86-B6A5-E6AF6CE7EF57}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{D6D93544-A4C8-4E09-908C-56FCD95C664C}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{D7AB2FB3-1161-4680-B7A3-DD7E7742CA5A}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher | 
"{DB3BED5C-9864-4178-9E56-EF9031CA6248}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{E2FB7631-1310-4D45-B302-6E0777C7B5A9}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher | 
"{E6226371-688B-4A2D-8B19-08A106A79B69}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{E7230BB5-F043-4503-9064-C6F4CE6BCCA8}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | 
"{E82012E1-CA33-401A-87A7-2CB255BF1AEC}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{F6D3E633-3922-48B2-BC6C-58FA8BE974F2}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher | 
"{F8791BEE-AFDF-41BC-81E7-B9CFA3811A9F}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher | 
"{FB054CBC-37F5-4F62-A12B-8B92B80EE48F}" = lport=6942 | protocol=17 | dir=in | name=league of legends launcher | 
"{FB458CB1-8590-4F04-8B2E-8C8FB4BE069B}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005BD4FC-2513-4DCA-B7C8-C2AE773B3605}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{0503D44B-EE5C-4EC4-87DC-36ED01374D3A}" = protocol=17 | dir=in | app=j:\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{0C7D1B93-E5A5-4E12-BC27-6ABC6B8D55D4}" = protocol=6 | dir=in | app=j:\age of empires iii_original\age3.exe | 
"{0C9AA41F-05EF-4ECC-99F8-EEDA70DD77AE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{0DC0FDD9-20F5-43CE-AECC-B7083C1C0835}" = protocol=17 | dir=in | app=j:\wow\world of warcraft\backgrounddownloader.exe | 
"{0E801E20-BA36-46E9-91E3-1A446C604F4B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{1341D069-EB91-40A5-80FD-A5C497D179C8}" = protocol=6 | dir=in | app=j:\wow\world of warcraft\wow-2.4.0-dede-downloader.exe | 
"{1593459E-13C3-41D8-BDAD-B84930D8DF30}" = protocol=6 | dir=in | app=j:\age of empires iii\age3.exe | 
"{17A47C47-3007-4E5A-9718-90919AD0B41D}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe | 
"{20BE1960-2642-4971-BB14-519505BB299B}" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"{2195D975-6FD4-412D-B675-0A79CA4F4897}" = protocol=17 | dir=in | app=j:\wow\world of warcraft\wow-2.4.0-dede-downloader.exe | 
"{22E39BC9-1CB7-402B-BD86-832122E939F9}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe | 
"{25BBFAF4-6643-495A-87B2-73B0625B15FE}" = protocol=6 | dir=in | app=j:\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{271981FC-1F77-457E-A054-8FCC964D62ED}" = protocol=6 | dir=in | app=j:\ds2\dungeonsiege2.exe | 
"{286041CA-562A-4F1B-94AA-4C95F4AC808F}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{2FDA52EA-1150-43CE-AC85-A89FDFBEC60B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3195954C-BE49-4DEB-A103-6554255620D2}" = protocol=6 | dir=in | app=d:\limewire\limewire.exe | 
"{35230386-8591-4177-B631-A9BCA470CA65}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{37871AEC-7A81-4579-B3F0-6832C60682B9}" = protocol=6 | dir=in | app=j:\wow\world of warcraft\backgrounddownloader.exe | 
"{3AB57D6D-21AF-4525-ABD2-77004A491BF3}" = protocol=17 | dir=in | app=j:\league of legends\air\lolclient.exe | 
"{42D66F00-089E-4B18-9BD3-CEB8E83382C4}" = protocol=6 | dir=in | app=j:\league of legends\game\league of legends.exe | 
"{44BAEAB7-CB46-4F7E-B77B-1195DF8C9EB6}" = protocol=6 | dir=in | app=j:\league o.l. deutsch\air\lolclient.exe | 
"{4706DEC5-D44D-40F6-8F23-87324DA48FD0}" = protocol=17 | dir=in | app=j:\league o.l. deutsch\air\lolclient.exe | 
"{4F6B2E17-BB83-4A16-A296-0503F8FB7356}" = protocol=17 | dir=in | app=d:\limewire\limewire.exe | 
"{51C5B3D8-2F51-4A28-B816-A8C2922AD688}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{54E05B1F-57ED-43E5-832E-BF6C138C010F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{5675E682-1380-4E9B-886C-218393484967}" = protocol=6 | dir=in | app=j:\league of legends\air\lolclient.exe | 
"{58276C0A-0C79-4224-A50A-F37FF5ABE11A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{58AA1D1A-EA54-47F9-8945-A3CF50423D69}" = protocol=17 | dir=in | app=j:\league o.l. deutsch\lol.launcher.exe | 
"{591A2037-9773-4DF3-855A-B101222A0721}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{5CD7119F-05CC-44D8-90FB-6522E0CB0539}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe | 
"{5E7C1841-6790-4FD9-A5F5-5DEA34D9EA2D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{69B5458A-5F08-44D0-BFC9-6803F7278EC7}" = protocol=6 | dir=in | app=j:\league o.l. deutsch\game\league of legends.exe | 
"{6A5E6D0A-3224-4BD1-AEB0-1DA57F7A9061}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6E3161FD-2207-43ED-BFEC-25E3E2A1C013}" = protocol=6 | dir=in | app=d:\skype\skype.exe | 
"{712D25A1-965E-4DD9-946C-8F490E4147CE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe | 
"{7321095D-B0B7-4A35-A7C3-CE72611246A1}" = protocol=17 | dir=in | app=j:\league o.l. deutsch\game\league of legends.exe | 
"{75090772-24ED-4A24-818C-5A0CEC98CB7B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-dede-downloader.exe | 
"{839BEBD1-8DFC-4356-B0D1-E06A2B16FD33}" = protocol=17 | dir=in | app=j:\wow\addons\curse\curseclient.exe | 
"{8C145166-4F37-4C66-9605-844722576AE1}" = protocol=6 | dir=in | app=j:\steam\steamapps\xxx_xxx@web.de\counter-strike\hl.exe | 
"{9167807E-349E-47E8-A26E-6E80FA38D799}" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"{91A19850-D39A-432F-8275-C1DCA1D458C0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{91C01C01-BFB3-4CA7-8F36-27C2D764AA3D}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{969A0382-0CE5-4958-B2AF-E2FE8F8E8198}" = protocol=17 | dir=in | app=j:\age of empires iii_original\age3.exe | 
"{9BDB6126-217D-46DD-BDAE-5469AE6F3569}" = protocol=17 | dir=in | app=j:\steam\steamapps\xxx_xxx@web.de\counter-strike\hl.exe | 
"{9E85A428-C436-4A4B-86BE-D054043005DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-dede-downloader.exe | 
"{A2AD8AE8-93AB-450B-85FE-74415158D3AF}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{A6BEF88D-458F-4632-92DD-3EB3D62DF48E}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe | 
"{AEC9FD86-F5B7-4AE9-98C1-43441759371C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B6617364-FC3D-451C-B755-8EA3C07F7E41}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B7EFA533-B5C5-48DC-A2BE-4E0B91FB3CF1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{BA589C2C-CE3F-4DED-931E-C732228F9FF0}" = protocol=17 | dir=in | app=j:\league o.l. deutsch\game\league of legends.exe | 
"{CD093667-68A4-4061-9E02-AE0D51FE4245}" = protocol=6 | dir=in | app=j:\league o.l. deutsch\game\league of legends.exe | 
"{CD390F9F-2DE5-4AAA-9B65-3F296E2AF03F}" = protocol=17 | dir=in | app=j:\league of legends\game\league of legends.exe | 
"{CE841C17-0D6A-40D1-9424-11EBCD4703B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CF2AA6D4-8DA0-4A9C-BF3F-6A12B833B80F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{D1E4F10A-F294-4360-8A8D-F20DCDB162F7}" = protocol=17 | dir=in | app=d:\skype\skype.exe | 
"{DBA0D724-7D9D-4B7D-AE57-3525695F241C}" = protocol=6 | dir=in | app=j:\wow\addons\curse\curseclient.exe | 
"{DEA54743-1D44-49AD-ACD3-47FFEAB612A5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe | 
"{E15E10D7-F51A-41C0-9D31-EFBD46BAD51C}" = protocol=6 | dir=in | app=j:\league o.l. deutsch\air\lolclient.exe | 
"{E17110D0-B0EA-4AE1-A292-2F479840C0B8}" = protocol=17 | dir=in | app=j:\age of empires iii\age3.exe | 
"{E63A1460-E998-41C9-B06F-C72179EBA0F3}" = protocol=6 | dir=in | app=j:\league o.l. deutsch\lol.launcher.exe | 
"{EC69B6AE-023F-4B1F-AD80-EFCCE4AF81DE}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{F20F05F5-7EAD-4436-A955-CBDA94177746}" = protocol=17 | dir=in | app=j:\ds2\dungeonsiege2.exe | 
"{F7510BED-163B-44AD-88A7-875C5CF9813E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{FF1D9013-BA03-4DBC-BADE-9331E65519AE}" = protocol=17 | dir=in | app=j:\league o.l. deutsch\air\lolclient.exe | 
"TCP Query User{01AD3700-4D61-469C-8434-3FBFAAB48239}J:\bf1942\bf1942.exe" = protocol=6 | dir=in | app=j:\bf1942\bf1942.exe | 
"TCP Query User{1D65FACD-84BB-427F-B2B3-01505CBF8C74}C:\users\xxx\appdata\local\temp\blizzard launcher temporary - d323bd40\launcher.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\temp\blizzard launcher temporary - d323bd40\launcher.exe | 
"TCP Query User{1E3CD71D-5B68-4D25-8B3B-15DCD476B4F3}J:\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=j:\anno1404\tools\anno4web.exe | 
"TCP Query User{24BE1D21-9E08-49E5-B1BA-D26486C8AB86}D:\zattoo\zattood.exe" = protocol=6 | dir=in | app=d:\zattoo\zattood.exe | 
"TCP Query User{2B61B161-A028-4D59-835B-42C7625690CE}J:\warcraft an x force (name-33cba6fdd0)\war3.exe" = protocol=6 | dir=in | app=j:\warcraft an x force (name-33cba6fdd0)\war3.exe | 
"TCP Query User{2E1EFCF7-CBE9-4720-B0C7-589B696A8273}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{3285DFA6-5294-4EBD-9289-CFC1637AF81B}K:\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=k:\stronghold 2\stronghold2.exe | 
"TCP Query User{3338B1B1-1944-4280-9CFC-87957C9866E2}D:\icq6\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\icq6\icq6.5\icq.exe | 
"TCP Query User{3AFE4B61-ECDC-4DD2-B509-D740C0ECAD63}J:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=j:\warcraft iii\war3.exe | 
"TCP Query User{3C2DF961-4E6F-4F6B-838D-5BA031FC9345}D:\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=d:\crazy browser\crazy browser.exe | 
"TCP Query User{4639FA02-7EB4-4538-8609-3F3ECBF53A98}D:\icq6\icq6\icq.exe" = protocol=6 | dir=in | app=d:\icq6\icq6\icq.exe | 
"TCP Query User{48CD1430-531E-469B-9D1D-B1B8B9CB7C72}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{59812612-BA56-4272-9074-1F0D3C5704D6}J:\wow\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=j:\wow\world of warcraft public test\launcher.exe | 
"TCP Query User{5A6A166D-0D24-457F-88C8-FD6355E5498B}D:\chilirec\chilirec.exe" = protocol=6 | dir=in | app=d:\chilirec\chilirec.exe | 
"TCP Query User{6018DDEF-B319-4039-A7C1-7BFAE64F769F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{645EE0D8-7572-41EF-B983-543AB4950CEC}J:\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=j:\call of duty - black ops\blackops.exe | 
"TCP Query User{6BE05EB7-788E-4E09-BCB4-AC639A17A682}C:\users\xxx\appdata\local\temp\blizzard launcher temporary - 25e1ebf8\launcher.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\temp\blizzard launcher temporary - 25e1ebf8\launcher.exe | 
"TCP Query User{6F076E97-46C6-4562-8133-153E983D7389}J:\battlefield1942\bf1942.exe" = protocol=6 | dir=in | app=j:\battlefield1942\bf1942.exe | 
"TCP Query User{761C9B68-80C3-43A0-9683-4A70DD23CD85}J:\modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=j:\modern warfare 2\iw4sp.exe | 
"TCP Query User{77932AD7-C118-4F74-A006-F424DD6AE2D7}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe | 
"TCP Query User{787E7E81-4EEF-4F01-A5D0-06CFBD39639D}J:\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=j:\stronghold 2\stronghold2.exe | 
"TCP Query User{7D8C8B0E-1D35-4420-A026-863C69EA76EB}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"TCP Query User{7E6BCCE1-36DF-410B-9BD7-855DDA1368CA}D:\foxit.pdf.editor.v2.0.1011-yag\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=d:\foxit.pdf.editor.v2.0.1011-yag\pdf editor\pdfedit.exe | 
"TCP Query User{8BFC35D1-F0A2-4D0E-8C56-FA1E10DAC94B}D:\realplayer\realplay.exe" = protocol=6 | dir=in | app=d:\realplayer\realplay.exe | 
"TCP Query User{A0C3C2A5-E68C-4A24-B2C5-3CD47E4D5A8F}J:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=j:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{A3598138-54B9-4B51-86BF-96FDCF0F463A}J:\warcraft an x force (name-33cba6fdd0)\war3.exe" = protocol=6 | dir=in | app=j:\warcraft an x force (name-33cba6fdd0)\war3.exe | 
"TCP Query User{A58CCE47-2859-41C6-8C2F-012105893C85}J:\warcraft 3 - lan - flow\war3.exe" = protocol=6 | dir=in | app=j:\warcraft 3 - lan - flow\war3.exe | 
"TCP Query User{AAD97362-2B6A-41CE-827D-A3A8BC384A23}C:\users\xxx\documents\copy of hansoft documents\bunda_uni_paderborn_de.politworld.xxx\projects\politworld prototype 2\build\politworld.exe" = protocol=6 | dir=in | app=c:\users\xxx\documents\copy of hansoft documents\bunda_uni_paderborn_de.politworld.xxx\projects\politworld prototype 2\build\politworld.exe | 
"TCP Query User{B16F2820-844A-4654-B022-4F33DD8E6EBC}J:\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=j:\ut2004\system\ut2004.exe | 
"TCP Query User{B5F44899-A1BD-487C-AAF9-0E863F91FE64}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{B758E308-C4FD-40F7-AA19-17094E32C5AD}J:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=j:\warcraft iii\war3.exe | 
"TCP Query User{C339629F-DD7F-4D81-B6C2-22AEBCFD204D}D:\zattoo\zattoo.exe" = protocol=6 | dir=in | app=d:\zattoo\zattoo.exe | 
"TCP Query User{C7A0E974-E043-4206-A29E-B7B425B2E3B3}J:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=j:\anno 1404\tools\anno4web.exe | 
"TCP Query User{CBEE4966-58FA-4443-AD61-345B2CC36C3A}D:\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=d:\crazy browser\crazy browser.exe | 
"TCP Query User{CE3285A3-3543-480D-A83E-A2727A01B67E}J:\warcraft an x force (name-33cba6fdd0)\warcraft englisch\warcraft iii\war3.exe" = protocol=6 | dir=in | app=j:\warcraft an x force (name-33cba6fdd0)\warcraft englisch\warcraft iii\war3.exe | 
"TCP Query User{D1322D26-3B4B-4B24-823E-1019EFAC505B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{D2E5012C-25E6-40A6-B7ED-B429C3627AD2}J:\tony hawk american wasteland\tony hawk american wasteland\game\thaw.exe" = protocol=6 | dir=in | app=j:\tony hawk american wasteland\tony hawk american wasteland\game\thaw.exe | 
"TCP Query User{D390BA8B-3360-4FAA-B5FA-03C70E12BEA9}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{D68859EA-5889-4E6C-BBA5-B79C3E3DDADC}D:\icq6\icq6\icq.exe" = protocol=6 | dir=in | app=d:\icq6\icq6\icq.exe | 
"TCP Query User{D8BC1DD2-E765-4E63-A145-D29EEECC3C49}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D9549FD3-17B9-4A68-B114-267BD7F14BF2}C:\users\xxx\desktop\3\dslan\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\3\dslan\mysql\bin\mysqld.exe | 
"TCP Query User{D9FB2E10-73D1-4C54-870E-B8DBCAF1E009}D:\icecast\analogx\simpleserver\shout\shout.exe" = protocol=6 | dir=in | app=d:\icecast\analogx\simpleserver\shout\shout.exe | 
"TCP Query User{DB15C434-6085-4224-949B-50A8FB51ACCA}D:\realplayer\realplay.exe" = protocol=6 | dir=in | app=d:\realplayer\realplay.exe | 
"TCP Query User{E5C564BF-D3F1-474F-B196-8BC7433CFD12}D:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{EBB1049F-0C17-4663-B951-CD5ECEB24E16}J:\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=j:\wow\world of warcraft\launcher.exe | 
"TCP Query User{F0C12C0C-E845-45A9-AFAD-6ACFD646154B}C:\program files\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_07\jre\bin\java.exe | 
"TCP Query User{F3840DA7-3021-40D4-809C-988C23075CC1}C:\users\xxx\desktop\3\dslan\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\3\dslan\apache\bin\apache.exe | 
"TCP Query User{F538AD8F-9D29-4233-B05A-E718C1096D5A}D:\icecast\shout.exe" = protocol=6 | dir=in | app=d:\icecast\shout.exe | 
"TCP Query User{FC765806-CF7A-4FDD-BC32-CE9798A2F01C}J:\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=j:\stronghold 2\stronghold2.exe | 
"TCP Query User{FCCEF871-93C4-4D40-BEBC-2350883DF177}L:\zoggerei\call of duty 5 - world at war\call of duty 5\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=l:\zoggerei\call of duty 5 - world at war\call of duty 5\codwaw_lanfixed.exe | 
"UDP Query User{01B0C4AC-EC84-408A-A01B-DC9AFE8CE8D8}D:\zattoo\zattoo.exe" = protocol=17 | dir=in | app=d:\zattoo\zattoo.exe | 
"UDP Query User{04949225-213B-48D5-A371-FC8E7566E6E9}D:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{11CAC876-AA5E-430C-BBEE-E441A84B04CF}J:\warcraft an x force (name-33cba6fdd0)\war3.exe" = protocol=17 | dir=in | app=j:\warcraft an x force (name-33cba6fdd0)\war3.exe | 
"UDP Query User{172CE249-C86D-48BF-BC77-B376DFB1B4FB}J:\tony hawk american wasteland\tony hawk american wasteland\game\thaw.exe" = protocol=17 | dir=in | app=j:\tony hawk american wasteland\tony hawk american wasteland\game\thaw.exe | 
"UDP Query User{22BD4430-DF0B-41B7-BBC0-C3CD547A8EA8}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe | 
"UDP Query User{23DB6E82-65BB-4822-A721-0A8F720B5C33}D:\realplayer\realplay.exe" = protocol=17 | dir=in | app=d:\realplayer\realplay.exe | 
"UDP Query User{24720F25-C6DB-450B-BD3C-C4221DB7D76C}D:\icecast\shout.exe" = protocol=17 | dir=in | app=d:\icecast\shout.exe | 
"UDP Query User{29448E0E-1E9A-4B36-A28E-0EA4C38F6540}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{2BDB7191-5865-4338-96A7-5C02EFDF38EF}C:\users\xxx\desktop\3\dslan\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\3\dslan\mysql\bin\mysqld.exe | 
"UDP Query User{2FDA1855-8C6F-4BAA-A41B-D9D58BE97BDD}J:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=j:\warcraft iii\war3.exe | 
"UDP Query User{31D92E69-2FEC-4D26-B28D-29606FA93D02}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{34EA02A6-89A4-4A0B-9297-70862381E2E4}J:\warcraft 3 - lan - flow\war3.exe" = protocol=17 | dir=in | app=j:\warcraft 3 - lan - flow\war3.exe | 
"UDP Query User{3D7C92E7-1F4D-4B7F-AD14-CA0AB319409E}J:\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=j:\call of duty - black ops\blackops.exe | 
"UDP Query User{4052BABC-0DEF-4254-AD7D-02EC0FE0F377}J:\battlefield1942\bf1942.exe" = protocol=17 | dir=in | app=j:\battlefield1942\bf1942.exe | 
"UDP Query User{4AA0C45C-07B0-4FCD-99D8-1FD6DEECA8BB}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{5647390E-3902-4FD5-92D8-8050015CBC20}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{5AC92322-4192-4AEF-B285-89176535C15A}D:\icq6\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\icq6\icq6.5\icq.exe | 
"UDP Query User{5FA24528-455C-400C-B37D-10753A012DDA}D:\icq6\icq6\icq.exe" = protocol=17 | dir=in | app=d:\icq6\icq6\icq.exe | 
"UDP Query User{622DB403-3E26-488E-94CD-0E7A0BD4461F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{667186AC-8402-458B-AA0C-E26F689E4755}C:\users\xxx\desktop\3\dslan\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\3\dslan\apache\bin\apache.exe | 
"UDP Query User{69B76B89-56AB-4B45-8774-C409B42AB391}J:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=j:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{7A7A3E54-98FF-44BA-91FF-549F90E5EAC9}D:\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=d:\crazy browser\crazy browser.exe | 
"UDP Query User{7F9B8A33-B12C-4500-8E7B-E2C2AED8FF93}D:\zattoo\zattood.exe" = protocol=17 | dir=in | app=d:\zattoo\zattood.exe | 
"UDP Query User{89605DAF-1A3D-40C8-9BCB-F02179A1AD4E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{8A2247C5-B62A-43EB-8F5E-7B69188B235A}J:\warcraft an x force (name-33cba6fdd0)\war3.exe" = protocol=17 | dir=in | app=j:\warcraft an x force (name-33cba6fdd0)\war3.exe | 
"UDP Query User{8F116185-7EFA-465F-AFB6-3081013510E1}J:\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=j:\anno1404\tools\anno4web.exe | 
"UDP Query User{994EF7B8-7029-4EE1-858A-6DE3E3CE7F73}J:\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=j:\ut2004\system\ut2004.exe | 
"UDP Query User{A4425F34-C607-4A16-B11E-3F056F9B5D86}D:\chilirec\chilirec.exe" = protocol=17 | dir=in | app=d:\chilirec\chilirec.exe | 
"UDP Query User{A74E8B04-EAA8-4675-BB54-F570F3D38C8B}J:\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=j:\wow\world of warcraft\launcher.exe | 
"UDP Query User{AAE9500E-9047-4BF1-A9FF-B4EAA1C95897}D:\icecast\analogx\simpleserver\shout\shout.exe" = protocol=17 | dir=in | app=d:\icecast\analogx\simpleserver\shout\shout.exe | 
"UDP Query User{AC6FB0E1-69E2-47AF-A088-B200D3BCE654}J:\wow\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=j:\wow\world of warcraft public test\launcher.exe | 
"UDP Query User{B35318E9-DEBB-4E96-AA6E-0D1E41E19C4A}J:\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=j:\stronghold 2\stronghold2.exe | 
"UDP Query User{B506B1DC-A9A4-47EE-A7D3-B5D4DE414341}D:\icq6\icq6\icq.exe" = protocol=17 | dir=in | app=d:\icq6\icq6\icq.exe | 
"UDP Query User{BCBA774B-2713-4733-B886-0718508FF16B}C:\users\xxx\appdata\local\temp\blizzard launcher temporary - 25e1ebf8\launcher.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\temp\blizzard launcher temporary - 25e1ebf8\launcher.exe | 
"UDP Query User{BCBE3E5D-B89B-424A-A2B0-D647D3EAE7EB}J:\warcraft an x force (name-33cba6fdd0)\warcraft englisch\warcraft iii\war3.exe" = protocol=17 | dir=in | app=j:\warcraft an x force (name-33cba6fdd0)\warcraft englisch\warcraft iii\war3.exe | 
"UDP Query User{C6E5763F-0D46-4F42-ACCA-00AEA7C00A3E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{CDC1F0D0-F704-498A-99D8-794B3280B3C0}C:\users\xxx\appdata\local\temp\blizzard launcher temporary - d323bd40\launcher.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\temp\blizzard launcher temporary - d323bd40\launcher.exe | 
"UDP Query User{D2029A18-9982-4F9B-BCCD-9ED03EFB95F1}L:\zoggerei\call of duty 5 - world at war\call of duty 5\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=l:\zoggerei\call of duty 5 - world at war\call of duty 5\codwaw_lanfixed.exe | 
"UDP Query User{D478A131-A162-46D6-A094-1D9B6954EAA8}K:\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=k:\stronghold 2\stronghold2.exe | 
"UDP Query User{D589D5F9-99BC-407B-9B16-726B269B32A0}C:\program files\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_07\jre\bin\java.exe | 
"UDP Query User{D99A11F5-05FB-4006-9BA3-C029B783F486}D:\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=d:\crazy browser\crazy browser.exe | 
"UDP Query User{DA269367-00ED-49C8-9D44-6B6136672E79}J:\modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=j:\modern warfare 2\iw4sp.exe | 
"UDP Query User{DF34D957-8321-45CA-B75E-0B5F800A1C3D}J:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=j:\warcraft iii\war3.exe | 
"UDP Query User{E291E665-5241-4777-9296-CEA093C7EE0D}D:\foxit.pdf.editor.v2.0.1011-yag\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=d:\foxit.pdf.editor.v2.0.1011-yag\pdf editor\pdfedit.exe | 
"UDP Query User{E51937EB-9018-48D1-A742-835CD79D915B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{EEF82905-2762-4B40-928E-668C43883B49}J:\bf1942\bf1942.exe" = protocol=17 | dir=in | app=j:\bf1942\bf1942.exe | 
"UDP Query User{EF70B379-8AFB-4E0F-AB17-97A974ED31B1}J:\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=j:\stronghold 2\stronghold2.exe | 
"UDP Query User{FC99ED7F-85E1-43FE-8908-64E19F8E379D}C:\users\xxx\documents\copy of hansoft documents\bunda_uni_paderborn_de.politworld.xxx\projects\politworld prototype 2\build\politworld.exe" = protocol=17 | dir=in | app=c:\users\xxx\documents\copy of hansoft documents\bunda_uni_paderborn_de.politworld.xxx\projects\politworld prototype 2\build\politworld.exe | 
"UDP Query User{FCA2AFC7-E382-4345-85BE-1FA9CF93ED22}D:\realplayer\realplay.exe" = protocol=17 | dir=in | app=d:\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{432E898E-207A-475C-B6E8-0317C4A08A46}" = Jaws PDF Editor 3.5
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F76FFCC7-DFCE-4764-954F-DBB03CE89AF5}" = Opera 9.50
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"Acala DVD Copy_is1" = Acala DVD Copy 2.8.2
"Access" = Microsoft Office Access 2007
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueJ_is1" = BlueJ 2.5.0
"Busspur Auskunft für den Padersprinter E.ON 2009" = Busspur Auskunft für den Padersprinter E.ON 2009
"Busspur Auskunft für den Padersprinter E.ON 2010" = Busspur Auskunft für den Padersprinter E.ON 2010
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Crazy Browser 3.0.0 Beta2_is1" = Crazy Browser version 3.0.0 Beta2
"Crazy Browser 3.0.3_is1" = Crazy Browser version 3.0.3
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit PDF Editor" = Foxit PDF Editor
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Geany" = Geany 0.14
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.1.5
"Hansoft Project Manager Client" = Hansoft Project Manager Client
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"IsoBuster_is1" = IsoBuster 2.5
"Kalenderchen_is1" = Kalenderchen 4
"Kyocera Product Library" = Kyocera Product Library
"League of Legends_is1" = League of Legends
"MAGIX Foto Clinic 4.5 D" = MAGIX Foto Clinic 4.5 (D)
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"MAGIX Video deLuxe 2006 PLUS D" = MAGIX Video deLuxe 2006 PLUS (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"myphotobook" = myphotobook 3.63
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"S2TNG" = Die Siedler II - Die nächste Generation
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR Archivierer
"winscp3_is1" = WinSCP 4.2.9
"WordToPDF_is1" = WordToPDF 2.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
__________________

Alt 30.12.2010, 17:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte richtig lesen!! Ich wollte einen Vollscan sehen. Poste alle Logs, falls du in Vergangenheit schon Durchgänge gemacht hast.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.12.2010, 19:39   #5
Carso
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



sorry, das habe ich wohl überlesen.
hier der volsltändige scan.
frühere scans gibt es keine.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5419

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

30.12.2010 19:38:21
mbam-log-2010-12-30 (19-38-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 457176
Laufzeit: 1 Stunde(n), 22 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\masm32\qeditor.exe (Trojan.Dropper.PGen) -> No action taken.
d:\masm32\examples\exampl05\qeplugin\qeplugin.dll (Spyware.Passwords) -> No action taken.
d:\masm32\examples\exampl06\regdemo\regdemo.exe (Trojan.Downloader) -> No action taken.
d:\masm32\tutorial\dlltute\dll\dlltute.dll (Spyware.Passwords) -> No action taken.
j:\___Magix\addon\Firebird\setup.exe (Trojan.Agent) -> No action taken.
         


Alt 30.12.2010, 19:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



Was ist masm32?
__________________
--> Computer ist schlagartig langsammer geworden.

Alt 31.12.2010, 00:24   #7
Carso
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



habe gerade mal gegoogelt.
scheint nichts zu sein was auf meinem computer was zu suchen hat. habe keine ahnung was ich damit anfangen soll.
sehr seltsam dass mir der ordner nich aufgefallen ist. hab zwar ne menge sachen auf D: aber soviel auch wieder nicht

Alt 01.01.2011, 21:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer ist schlagartig langsammer geworden. - Standard

Computer ist schlagartig langsammer geworden.



Hast du alle Funde entfernt? Wenn nicht musst du das nachholen.
Poste danach frische OTL-Logs.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Computer ist schlagartig langsammer geworden.
ad-aware, alle programme, anderes, antivir, beenden, brauch, ccleaner, computer, elster, entfernt, explorer, falsch, firefox, hochfahren, installiert, langsam, log, löscht, malware, nicht sicher, nichts, nvidia, online, programme, prozessor, ram, starten., system, trojaner-board, öffnen



Ähnliche Themen: Computer ist schlagartig langsammer geworden.


  1. Computer mega langsam geworden
    Plagegeister aller Art und deren Bekämpfung - 19.09.2015 (13)
  2. Win 7: Computer sehr langsam geworden +mystartsearch
    Log-Analyse und Auswertung - 11.04.2015 (4)
  3. PC ist schlagartig extrem langasm geworden, Windows Serviceprogramme bringen nichts
    Alles rund um Windows - 22.02.2015 (15)
  4. Win 8.1: Computer sehr langsam geworden - VOPackage.exe plötlich auf Desktop
    Log-Analyse und Auswertung - 23.01.2015 (9)
  5. Windows 7:Computer deutlich langsamer geworden
    Log-Analyse und Auswertung - 17.10.2014 (3)
  6. Computer, windows 7, wurde langsammer, malwarebytes findet Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (13)
  7. Virusverdacht: Computer schlagartig langsam, heute kein Passwort eingeben
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (11)
  8. [Virus?] Firewall funktoniert nicht, Taskmanger funktioniert nicht und Computer sehr langsam geworden !
    Log-Analyse und Auswertung - 16.05.2013 (1)
  9. Computer nach Virenlöschung langsamer geworden
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (13)
  10. computer + internet sehr langsam geworden
    Log-Analyse und Auswertung - 23.03.2010 (1)
  11. Computer nach Befall sehr langsam (sogar Drucken langsamer geworden)
    Log-Analyse und Auswertung - 13.01.2010 (1)
  12. Probleme mit Windows schlagartig landsamer geworden
    Log-Analyse und Auswertung - 25.12.2009 (11)
  13. Internet und Computer ziemlich langsam geworden
    Log-Analyse und Auswertung - 04.09.2008 (0)
  14. PC ist viel langsammer.
    Log-Analyse und Auswertung - 29.07.2007 (3)
  15. Computer langsamer geworden
    Log-Analyse und Auswertung - 23.06.2007 (3)
  16. pc ist langsammer geworden
    Log-Analyse und Auswertung - 25.11.2004 (1)
  17. WIndows wird von Tag zu Tag langsammer!
    Log-Analyse und Auswertung - 18.11.2004 (4)

Zum Thema Computer ist schlagartig langsammer geworden. - Hey, ich bin nicht sicher ob das trojaner-board die richtige anlaufstelle ist, aber ich kann mir irgendwie nichts anderes mehr vorstellen. mein system (2gb ram, dual core 6400 @2,13GHz prozessor, - Computer ist schlagartig langsammer geworden....
Archiv
Du betrachtest: Computer ist schlagartig langsammer geworden. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.