| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2011, 17:18
| #1 |
 |  Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert Hallo, ich habe das selbe problem wie viele anderen hier. Also bildschrim schwarz, taskmanager funzt nicht usw. ihr wisst sicher was ich meine  . Ich hab mir einige threats hier durchgelesen und wollte es mal ausprobieren. Problem: mein abgesicherter modus startet nicht und hört auf weiter zumachen bzw / hört auf zu arbeiten ab Loaded \windows\system32\drivers\crcdisk.syshoffe auf schnelle Hilfe Mfg |
|
17.12.2011, 17:44
| #2 |
| /// Malware-holic   | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert hi, hast du abgesicherter modus mit netzwerk gewählt?
__________________
__________________ |
|
17.12.2011, 17:47
| #3 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert nein also ganz normal ..
__________________ |
|
17.12.2011, 18:00
| #4 |
| /// Malware-holic | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert was passiert wenn du abgesicherter modus mit netzwerk wählst, startet der
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2011, 18:02
| #5 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert nein, auch nicht .. hab mal an dem pc von dem ich hier schreibe geschaut wie lang er braucht bis der abgesicherte modus startet also dauert nicht wirklich lange .. bei meinem gehts wie ich schon sagte nicht mehr voran.. |
|
17.12.2011, 18:06
| #6 |
| /// Malware-holic | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert ok is ja kein ding. Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade  OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ --> Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert |
|
17.12.2011, 18:09
| #7 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert wie meinst du das, ob ich mit brenner dran komme`? ah achso ja verlsesen sry ja komme ich ^^ Geändert von JamesP (17.12.2011 um 18:14 Uhr) Grund: verständnis |
|
17.12.2011, 18:54
| #8 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert das mit dem booten muss dann aber auf dem infizierten pc sein oder? |
|
17.12.2011, 19:24
| #9 |
| /// Malware-holic | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert na klar von dem infiziertem pc.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2011, 19:33
| #10 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert so hey hab das mit dem booten mal gemacht glaub aber das es icht wirklich funktioniert hat hab die inet verbindung mal von dem infizierten pc entfehrnt diesmal kam diese achtung.. meldung nciht was soll ich jetzt tun ? kann per usb schnell alles rübekopieren. |
|
17.12.2011, 19:35
| #11 |
| /// Malware-holic | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert was maawas hast du gemacht? du sollst doch einfach nur die cd brennen und dann davon den pc starten den infizierten logischerweise alles andere macht ja keinen sinn dann das log erstellen auf nen stick kopieren und hier ins forum stellen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2011, 21:45
| #12 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert OTL _________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.12.2011 21:17:26 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neu\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,32% Memory free 6,22 Gb Paging File | 5,01 Gb Available in Paging File | 80,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,69 Gb Total Space | 76,72 Gb Free Space | 16,84% Space Free | Partition Type: NTFS Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,72% Space Free | Partition Type: NTFS Computer Name: JONAS-PC | User Name: Neu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.17 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe PRC - [2011.10.19 21:35:51 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.08.15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.05.21 05:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010.08.19 07:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.11.23 12:39:31 | 005,888,696 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe PRC - [2009.11.23 12:39:31 | 005,608,632 | ---- | M] (Salfeld Computer) -- C:\Windows\System32\cc32\webtmr.exe PRC - [2009.11.23 12:39:31 | 000,979,632 | ---- | M] (Salfeld Computer) -- C:\Windows\System32\cchservice.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:36 | 000,067,584 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe PRC - [2007.04.07 02:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe PRC - [2007.02.15 12:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe ========== Modules (No Company Name) ========== MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009.04.11 07:27:36 | 000,067,584 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (GameConsoleService) SRV - [2011.12.14 20:40:55 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.29 12:36:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.08.19 07:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.06 00:19:17 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2010.01.12 23:09:00 | 003,395,532 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.11.23 12:39:31 | 000,979,632 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\System32\cchservice.exe -- (Windows-CCHook-Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - [2011.12.08 18:08:21 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.02.22 14:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 14:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 14:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007.12.07 16:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.11.17 20:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.10.12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.04.28 16:24:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2005.12.06 16:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x) DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl) DRV - [2003.03.02 16:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{B29B86EA-3BA9-49F4-9B5C-44AE0D4D645D} IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 CE BA 7E ED C2 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 13:17:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 13:20:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.22 21:29:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Neu\AppData\Roaming\5008 [2009.10.28 15:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neu\AppData\Roaming\mozilla\Extensions [2011.12.15 16:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions [2010.04.27 20:28:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.11 12:16:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.11.28 20:34:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.11.13 13:20:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.17 21:13:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.06.22 01:10:45 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\toolbar@ask.com [2010.03.06 00:19:22 | 000,001,054 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\conduit.xml [2010.10.25 17:54:51 | 000,002,286 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\googlede.xml [2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-1.xml [2011.09.01 16:15:12 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-10.xml [2011.09.09 14:17:41 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-11.xml [2011.09.27 20:49:09 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-12.xml [2011.10.01 12:24:31 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-13.xml [2011.11.13 13:20:57 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-14.xml [2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-2.xml [2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-3.xml [2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-4.xml [2010.10.25 19:15:35 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-5.xml [2010.11.16 20:53:32 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-6.xml [2011.07.05 10:23:37 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-7.xml [2011.08.02 16:03:02 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-8.xml [2011.08.17 21:28:01 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-9.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin.xml [2010.10.25 17:54:52 | 000,001,695 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\web-search.xml [2010.10.25 17:54:52 | 000,002,152 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{49877FB4-8465-4100-999B-C8559EF12E4E}.xml [2010.10.25 17:54:52 | 000,001,834 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{AB9A0B8A-0ACE-4C61-AF60-4F2D682DC47F}.xml [2010.10.25 17:54:52 | 000,002,041 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{E41A30D2-E0C3-413D-8535-90FE9795A4EE}.xml [2011.11.13 13:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008.12.03 19:04:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.15 11:05:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2009.11.14 16:03:40 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com () (No name found) -- C:\USERS\NEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0HEF4DC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.13 13:20:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.10 16:21:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2011.09.09 14:17:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.09 14:17:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.05.04 18:56:22 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml [2010.05.04 18:56:22 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml [2010.05.04 18:56:22 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml [2011.09.09 14:17:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.09 14:17:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.05.04 18:56:22 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml [2010.05.04 18:56:22 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml [2010.05.04 18:56:22 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml [2010.05.04 18:56:22 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml [2010.05.04 18:56:22 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml [2011.09.09 14:17:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.09 14:17:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [2010.05.04 18:56:22 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml O1 HOSTS File: ([2010.07.17 01:20:48 | 000,000,937 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Byteswarm\LiveUpdate\LiveUpdate.exe (AceGain Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Download-Version\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Neu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [firefox.exe] C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe () O4 - HKCU..\Run: [Java developer Script Browse] C:\Users\Public\jusched.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Mpk.exe = C:\Program Files\Crysis\KGB\Mpk.exe O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9387C991-5D8C-40E0-97E4-464102180468}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73713B5-224F-4FCF-AA39-697F40C8AC35}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Neu\AppData\Roaming\hotfix.exe) - File not found O24 - Desktop WallPaper: C:\Users\Neu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Neu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.06 10:23:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c7691ba-774a-11dd-afdf-001fc64b8c08}\Shell - "" = AutoRun O33 - MountPoints2\{0c7691ba-774a-11dd-afdf-001fc64b8c08}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{aac97770-ff7e-11dc-95f2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{aac97770-ff7e-11dc-95f2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Nvsetup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe - (ArcSoft, Inc.) MsConfig - StartUpFolder: C:^Users^Neu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screen Capturer.lnk - C:\Program Files\Screen Capturer\ScreenCapturer.exe - (ScreenCapturer.com) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin) MsConfig - StartUpReg: ChicoSys - hkey= - key= - File not found MsConfig - StartUpReg: EPSON Stylus DX8400 Series - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: TBPanel - hkey= - key= - C:\Program Files\Vtune\TBPanel.exe () MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.12.17 20:46:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe [2011.12.14 14:48:32 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.14 14:48:32 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.14 14:48:30 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.14 14:48:29 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.14 14:48:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.14 14:48:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.14 14:48:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.14 14:48:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.14 14:48:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.14 14:48:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.12.14 14:48:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.12.14 14:48:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.12.14 14:48:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.12.14 14:48:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.12.14 14:48:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.14 14:48:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.12.14 14:48:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.12.14 14:48:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.14 14:48:17 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.12.14 14:48:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.12.14 14:48:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.12.14 14:48:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.12.14 14:48:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.12.14 14:48:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.11.26 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\Neu\AppData\Roaming\.minecraft [2011.11.25 21:44:35 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\.minecraft [2011.11.25 19:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.23 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\Neu\AppData\Local\Chromium [2011.11.22 21:29:31 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe [2011.11.22 21:29:31 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe [2011.11.22 21:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\REACTOR [2011.11.22 21:28:18 | 007,822,632 | ---- | C] (Macrovision Corporation) -- C:\Users\Neu\Desktop\IJJI_REACTOR_INST_EN.exe [2011.11.22 18:58:55 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\lilli hp [2011.11.22 18:10:02 | 000,000,000 | ---D | C] -- C:\ijji [2011.11.22 18:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji [2011.11.21 19:36:00 | 3799,935,896 | ---- | C] (NHN USA Inc) -- C:\Users\Neu\Desktop\U_AVA_Setup.exe [2011.11.20 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\wichtiger gta shit [2011.11.20 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\CrossFire_1080 [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Neu\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Neu\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Neu\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Neu\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2011.12.17 20:41:26 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.17 19:24:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.17 19:24:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.17 19:24:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.17 19:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.17 19:24:01 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys [2011.12.17 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe [2011.12.15 16:10:38 | 000,465,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.14 21:35:13 | 000,194,654 | ---- | M] () -- C:\Users\Neu\Desktop\hgh.jpg [2011.12.12 17:58:50 | 000,889,435 | ---- | M] () -- C:\Users\Neu\Desktop\2011-12-12 18.58.51.jpg [2011.12.12 17:57:58 | 000,942,137 | ---- | M] () -- C:\Users\Neu\Desktop\2011-12-12 18.57.58.jpg [2011.12.08 22:12:13 | 000,246,050 | ---- | M] () -- C:\Users\Neu\Desktop\imba8.jpg [2011.12.08 18:08:21 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.07 22:08:45 | 000,061,973 | ---- | M] () -- C:\Users\Neu\Desktop\375530_264254766957614_178866558829769_679430_1849437699_n.jpg [2011.12.06 19:35:37 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.12.06 19:35:24 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.12.06 19:33:55 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.12.04 22:32:03 | 000,643,366 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.04 22:32:03 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.04 22:32:03 | 000,131,578 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.04 22:32:03 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.30 22:48:59 | 000,269,663 | ---- | M] () -- C:\Users\Neu\Desktop\dhmm.jpg [2011.11.25 21:42:27 | 001,102,574 | ---- | M] () -- C:\Users\Neu\Desktop\mcpatcher-2.2.2.exe [2011.11.25 19:47:27 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.11.22 21:31:42 | 000,000,171 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url [2011.11.22 21:31:40 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk [2011.11.22 21:28:45 | 007,822,632 | ---- | M] (Macrovision Corporation) -- C:\Users\Neu\Desktop\IJJI_REACTOR_INST_EN.exe [2011.11.22 18:57:53 | 000,000,766 | ---- | M] () -- C:\Users\Neu\Desktop\AVA - Verknüpfung.lnk [2011.11.22 00:20:42 | 3799,935,896 | ---- | M] (NHN USA Inc) -- C:\Users\Neu\Desktop\U_AVA_Setup.exe [2011.11.21 23:41:30 | 000,029,972 | ---- | M] () -- C:\Users\Neu\Desktop\kid-cudi-arrested1.jpg [2011.11.21 23:32:27 | 000,149,600 | ---- | M] () -- C:\Users\Neu\Desktop\377954_282778178430442_100000947860374_799212_340569781_n.jpg [2011.11.20 20:51:47 | 000,000,895 | ---- | M] () -- C:\Users\Neu\Desktop\CrossFire.lnk ========== Files Created - No Company Name ========== [2011.12.14 21:35:12 | 000,194,654 | ---- | C] () -- C:\Users\Neu\Desktop\hgh.jpg [2011.12.12 19:06:44 | 000,889,435 | ---- | C] () -- C:\Users\Neu\Desktop\2011-12-12 18.58.51.jpg [2011.12.12 19:06:43 | 000,942,137 | ---- | C] () -- C:\Users\Neu\Desktop\2011-12-12 18.57.58.jpg [2011.12.08 22:12:12 | 000,246,050 | ---- | C] () -- C:\Users\Neu\Desktop\imba8.jpg [2011.12.07 22:08:44 | 000,061,973 | ---- | C] () -- C:\Users\Neu\Desktop\375530_264254766957614_178866558829769_679430_1849437699_n.jpg [2011.11.30 22:48:58 | 000,269,663 | ---- | C] () -- C:\Users\Neu\Desktop\dhmm.jpg [2011.11.25 21:42:21 | 001,102,574 | ---- | C] () -- C:\Users\Neu\Desktop\mcpatcher-2.2.2.exe [2011.11.25 19:47:27 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.22 21:31:42 | 000,000,171 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url [2011.11.22 21:31:40 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk [2011.11.22 18:57:53 | 000,000,766 | ---- | C] () -- C:\Users\Neu\Desktop\AVA - Verknüpfung.lnk [2011.11.21 23:41:29 | 000,029,972 | ---- | C] () -- C:\Users\Neu\Desktop\kid-cudi-arrested1.jpg [2011.11.21 22:52:53 | 000,149,600 | ---- | C] () -- C:\Users\Neu\Desktop\377954_282778178430442_100000947860374_799212_340569781_n.jpg [2011.11.20 20:51:47 | 000,000,895 | ---- | C] () -- C:\Users\Neu\Desktop\CrossFire.lnk [2011.05.29 20:47:28 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.02.08 08:27:46 | 000,138,056 | ---- | C] () -- C:\Users\Neu\AppData\Roaming\PnkBstrK.sys [2011.02.08 08:27:30 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.11.06 22:44:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\swctl.dll [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.05.27 23:11:38 | 000,002,032 | ---- | C] () -- C:\Users\Neu\AppData\Local\d3d9caps.dat [2010.05.27 23:11:38 | 000,001,648 | ---- | C] () -- C:\Users\Neu\AppData\Local\d3d8caps.dat [2010.04.29 20:37:08 | 000,000,000 | ---- | C] () -- C:\Users\Neu\AppData\Local\rx_image.Cache [2010.04.10 13:08:14 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.03.10 21:54:02 | 000,000,091 | ---- | C] () -- C:\Users\Neu\AppData\Local\fusioncache.dat [2009.11.23 12:39:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.11.23 12:39:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.11.23 12:38:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.10.30 10:04:33 | 000,044,645 | ---- | C] () -- C:\Windows\System32\httpuurl.dat [2009.10.30 10:04:33 | 000,001,548 | ---- | C] () -- C:\Windows\System32\nogoapp.dat [2009.10.30 10:04:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\ccwt64.dat [2009.10.28 15:15:17 | 000,024,064 | ---- | C] () -- C:\Users\Neu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.01 05:22:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.12 14:30:30 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.11.28 21:31:46 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.11.28 21:31:25 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.11.28 21:31:24 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008.11.28 21:31:24 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.08.31 13:08:43 | 008,090,386 | ---- | C] () -- C:\Windows\System32\httpsurl.dat [2008.08.31 13:08:42 | 000,000,145 | -H-- | C] () -- C:\Windows\System32\CTLSW.INI [2008.08.31 13:08:37 | 000,000,529 | ---- | C] () -- C:\Windows\System32\nochook.ini [2008.08.31 11:53:03 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2008.08.27 22:02:20 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2008.08.19 13:37:50 | 000,000,555 | ---- | C] () -- C:\Windows\eReg.dat [2008.07.29 06:30:29 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.07.29 06:30:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.07.29 06:27:16 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2008.07.29 06:27:16 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2008.07.28 19:42:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.07.28 19:42:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.07.28 19:42:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.07.28 19:42:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.07.28 19:42:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.07.28 19:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.07.28 19:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.07.28 19:42:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.07.28 19:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.07.28 19:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.07.28 19:42:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.07.28 19:42:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.07.28 19:42:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.07.28 19:42:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.07.28 19:42:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.07.28 19:42:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.07.28 19:42:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.07.28 19:42:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.07.28 19:42:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.07.28 19:33:51 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini [2008.03.06 17:55:16 | 000,643,366 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.03.06 17:55:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.03.06 17:55:16 | 000,131,578 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.03.06 17:55:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.03.06 10:14:24 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat [2008.03.06 09:53:43 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2008.03.06 09:51:10 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2008.03.06 09:51:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007.11.14 18:42:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2007.11.09 12:01:59 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Neu\AppData\Local\lame_enc.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,465,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Neu\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Neu\AppData\Local\no23xwrapper.dll [2000.02.28 15:26:02 | 000,092,660 | ---- | C] () -- C:\Windows\System32\bass.dll [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [1998.05.20 14:17:12 | 000,280,064 | ---- | C] () -- C:\Windows\System32\CNCS232.DLL ========== LOP Check ========== [2011.11.26 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\.minecraft [2009.12.18 22:12:46 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\EverAd [2009.11.14 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\FreeFLVConverter [2011.01.05 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\gtk-2.0 [2011.12.16 14:01:13 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\ICQ [2011.02.08 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\LolClient [2011.05.29 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\MAGIX [2010.01.12 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\McLoad [2010.08.02 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Need for Speed World [2010.03.06 00:19:17 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\OCS [2010.03.06 00:19:22 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Opera [2011.11.16 14:50:55 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\PhotoScape [2010.02.16 22:39:55 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Research In Motion [2010.04.10 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Samsung [2011.02.05 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Soldat [2010.03.21 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\TeamViewer [2010.10.13 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\TS3Client [2010.12.03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\UAs [2009.11.04 16:55:40 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\WinBatch [2011.01.16 01:14:33 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Winsock-Chat [2010.12.03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\xmldm [2011.12.17 16:10:18 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.18 21:06:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.12.13 20:31:43 | 000,000,000 | ---D | M] -- C:\735e1701f0a0219f68334ddc [2010.04.29 20:28:27 | 000,000,000 | ---D | M] -- C:\AV_LOGS [2010.01.29 13:18:47 | 000,000,000 | -HSD | M] -- C:\Boot [2011.11.24 22:15:34 | 000,000,000 | ---D | M] -- C:\CFLog [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.07.28 18:47:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.08.29 21:04:52 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2011.01.21 13:39:17 | 000,000,000 | ---D | M] -- C:\Fraps [2011.05.23 11:54:11 | 000,000,000 | ---D | M] -- C:\gamigo [2009.11.18 17:28:23 | 000,000,000 | -H-D | M] -- C:\hp [2011.11.22 18:10:02 | 000,000,000 | ---D | M] -- C:\ijji [2008.10.23 18:52:12 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.03.09 23:22:21 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.11.03 17:15:27 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.22 21:29:30 | 000,000,000 | ---D | M] -- C:\Program Files [2011.11.15 21:07:21 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.07.28 18:47:50 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.14 22:20:32 | 000,000,000 | ---D | M] -- C:\rads [2011.12.17 21:03:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.11.26 12:26:10 | 000,000,000 | ---D | M] -- C:\Temp [2009.11.04 18:04:08 | 000,000,000 | ---D | M] -- C:\The Games Page [2011.08.24 18:23:47 | 000,000,000 | R--D | M] -- C:\Users [2011.11.16 14:50:55 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2007.01.18 21:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\Neu\AppData\Local\No23 Recorder.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys [2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.06 18:30:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys [2008.03.06 18:30:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys [2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys [2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.03.06 10:03:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.03.06 10:03:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\hp\drivers\nvidia_storage\nvstor32.sys [2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\drivers\nvstor32.sys [2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_0ccbf6f4\nvstor32.sys [2007.12.07 16:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=689A2160B851F8BF88F20728FD2F30BD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_d22c7930\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.03.06 18:04:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.03.06 18:04:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.01.07 12:05:50 | 000,005,389 | ---- | M] () -- C:\Users\Neu\.recently-used.xbel [2009.10.28 15:24:08 | 000,000,377 | ---- | M] () -- C:\Users\Neu\Jonas.lnk [2011.12.17 21:39:33 | 003,670,016 | -HS- | M] () -- C:\Users\Neu\ntuser.dat [2011.12.17 21:39:33 | 000,262,144 | -H-- | M] () -- C:\Users\Neu\ntuser.dat.LOG1 [2009.10.28 15:00:29 | 000,000,000 | -H-- | M] () -- C:\Users\Neu\ntuser.dat.LOG2 [2011.12.17 16:10:17 | 000,065,536 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.12.17 16:10:17 | 000,524,288 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.10.28 22:39:31 | 000,524,288 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.10.28 15:00:29 | 000,000,020 | -HS- | M] () -- C:\Users\Neu\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Neu\Desktop\2011-05-29 - 02.mpg:TOC.WMV @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D06A4C76 < End of report > |
|
17.12.2011, 21:47
| #13 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert EXTRAS ______________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.12.2011 21:17:26 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,32% Memory free
6,22 Gb Paging File | 5,01 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,69 Gb Total Space | 76,72 Gb Free Space | 16,84% Space Free | Partition Type: NTFS
Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,72% Space Free | Partition Type: NTFS
Computer Name: JONAS-PC | User Name: Neu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD8FE75-105D-4186-A97A-BB7EE53D39AB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{157CE713-F56B-40F5-9968-EC194ED07A7A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{33413EB1-8562-4C4D-8C2E-B44894D941DD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4BCF574E-3CBE-45FB-9629-9456A5355A8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{60F2DC52-2127-4C96-9699-599FC1A1D3FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D35FA5E-4AEF-4EEE-AAA9-7E6F15FCBA9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A8C6B90-6EC6-44FA-AC4B-E89631D37684}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB5EB706-7320-4000-B47E-559160B53D8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2957BB6-CD00-4367-933A-8C6858C481F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1D0F820-E5D2-4306-A547-4D0743619A1E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F620CBD3-6745-412A-B9C9-9B26D32E2484}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0041945B-BA87-4EE2-9BA0-4CBFF03CF9BF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0645BB43-CD81-4B69-959D-4E40383F1F18}" = protocol=6 | dir=in | app=c:\users\jonas\desktop\bf2.exe |
"{09483105-75B8-4BC0-976D-9619971A13DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09D2E352-9A45-4C09-9499-D52594B4FCCC}" = protocol=6 | dir=in | app=c:\program files\i-buddy manager\i-buddymanager.exe |
"{0BA4942D-A329-4419-A710-CF69AF3087CD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{144076F8-27DE-4D1B-BF79-E9CB549D7E9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CB15FA8-CD09-43D2-8BFF-A2A0734C80D2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1CB30A6F-B44D-4CCA-A1FA-02877D913498}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{238F807A-2F01-4A3B-B81B-3CDD23B0D99E}" = protocol=17 | dir=in | app=c:\program files\i-buddy manager\i-buddymanager.exe |
"{2887A703-3E96-4C53-BC4F-5C945CA7FAB8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{29967F15-E18C-4639-B321-BC71A7B80236}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2F36F780-AEB1-49F0-8C81-E9885ACD2A89}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{34057510-0C0A-4479-A2C8-B41EFB161164}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{36D618E0-A43D-44D9-9F6C-51ADE3A81BCE}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3D543911-BE09-4F0D-A4A8-C71EA936437B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{438BD11A-A14F-48CC-B2E4-29D0E3DEB60D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{48E96D45-68C7-4AB3-9EF0-5B741D470704}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{4DBDE3D3-FEA3-4D6B-8DD7-1567E6A7C15B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4DD1CD7E-C2CE-463A-B844-FB11C69A6CFC}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{52A00628-97FA-4970-94F3-D89946312596}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{54475131-D65E-4D26-9B09-C117E6A2BDC4}" = protocol=6 | dir=in | app=c:\users\neu\appdata\local\akamai\netsession_win.exe |
"{6080CF54-BC34-4C00-8399-DC9944EAE22A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{661C2C2F-ADB1-4C30-828C-D4B989599D26}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{66AB7BAD-4EC4-4488-978E-F6E15082E271}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{695C2F3B-CED8-43EC-B981-0E8089C302BF}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{6987830B-2325-4467-81D9-C9E183FBD9BD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6BF1EC7D-9A06-466B-81B4-4BB460BB08F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6C3BEFD8-05CE-41C4-BBCE-D856D75F2CC0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CEA65DB-A6F7-4048-A287-2EAA0A384322}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{7494D9DF-8A41-4F28-8830-B7A43C49FEE0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7615B6DE-4B51-4DC7-9F61-AAB9A8C3652B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B434783-2C48-4D25-B838-FA63C5AD96E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{95169441-6FE0-4054-9BD1-3BC1D110E0BC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{95FC1969-427E-4968-AF6D-195E39F9AE22}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{996FA132-F120-47A0-A6E1-B5DDCC940940}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{9D3F746D-9D6E-4F4A-B0E3-99B499402F2D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9FB2F48E-F5AD-4786-8E68-76736EEDBEA3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A09721A9-AAE3-4821-80A0-C1856A86FCC5}" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe |
"{A661E410-201F-4232-AEE1-2A910B2A2E2D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AA2D2210-FBE1-44C5-85D7-1DA00BDB9871}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{AF436557-654F-4DB3-9901-4F1D8A64800E}" = protocol=17 | dir=in | app=c:\users\neu\appdata\local\akamai\netsession_win.exe |
"{BAF1C590-0BFF-43AB-97DE-24288AC63E32}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{BC50B70D-273D-45F7-A5B7-2A5F9FF22613}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BCE66393-9326-4CDF-B9D3-C2578BCA32DA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{BDECB72C-4062-46EC-96A3-CDC44371F77B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{BF2A61E0-AA98-4A11-8C9C-982793C5A4A2}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D1615FA5-C02C-4044-903A-3D9E58EECB61}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D3A8EAB6-E24F-4448-AFAF-FD0FE93A8A7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D49AB8B6-6DB8-4CCE-9BC9-CC4D2EAC5CCF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D80082AA-D3FC-4C5E-B0C8-D96B7C364444}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E0072442-4D5E-47BB-AFB7-C57AABBA17A3}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{E198455C-2BE0-4D19-B703-359CCC7A5A24}" = protocol=17 | dir=in | app=c:\users\jonas\desktop\bf2.exe |
"{E42498B2-F183-411C-B7E4-3A4DEE3FFFE7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{E96CFAA2-187D-4AB5-A612-190B0ED71182}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EA51856D-62C1-435F-9242-E729C1A48346}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{EAC8B09B-46B0-4240-BD27-3881410D8FC2}" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe |
"{EBAFCDFC-A7BE-4C0A-87EC-B83B4B6F8388}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{EBD60429-BEF8-42F8-A8A6-7209A1965BF3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EC74283F-7014-4BDA-B695-6098950B2B6B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{F75736B2-C565-4315-A752-8C4F43692438}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{F76A4268-0BF6-4504-9897-2B36008B615E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7C8779E-56D8-4D4B-9DE9-7DB36642CC6F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F8989487-8E76-42CC-9CAF-EBB1A9637B8D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F9D364EC-2066-477A-86B8-41A38442C6D3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FE1A33D6-3089-4E64-BB42-34213DF3C42E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{037606DC-5650-4F73-ADF1-394A6A8A7C71}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{0B017C49-8318-4E6A-8483-4B01D10115C8}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe |
"TCP Query User{1AB1860E-1F4D-4731-86ED-1D7B3AE12611}F:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe" = protocol=6 | dir=in | app=f:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe |
"TCP Query User{2D085435-37F9-4A31-B265-381E441D3109}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{32F2FA77-36C5-4998-A6AD-FD19BA6BB0C5}C:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"TCP Query User{466660D9-179C-4A4F-9DCF-5F9A4E42B463}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{46D70E1C-9CCF-49EE-99E4-D2A5FA12843A}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe |
"TCP Query User{509D2C25-E9C6-43CC-82E4-3DCB124192B4}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{50B3F2B2-591D-4D04-922F-668431E646B9}C:\program files\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\crysis\bin32\crysis.exe |
"TCP Query User{589025F1-5E5E-473C-A9B7-E9A197FA83FF}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{5B47C67E-F203-4557-B80C-EF08A1F7426D}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{5EBC75B5-15EA-430E-A538-034EAB471D1A}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"TCP Query User{619FB7A0-E196-4624-832E-166B2A89A4ED}C:\program files\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"TCP Query User{658DAA1C-C27E-4AC1-8817-27ACE2C1A884}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{7531CC57-B37B-408C-8E33-E8BB98D005FB}C:\program files\ea games\bfvietnam_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\bfvietnam_w32ded.exe |
"TCP Query User{8BF401A2-ED19-438C-A88D-EA3CEEB957F1}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=6 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe |
"TCP Query User{92CB3F9C-22CE-4A3F-9717-E62E73FD82BA}C:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe |
"TCP Query User{9CED6B91-E294-4E4A-B806-91EC3CAFED3F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A2C83B2C-2D07-4D7F-AD45-D0766D762B5D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A5696E75-8F49-4AD1-8C4D-9383888938BC}C:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe |
"TCP Query User{A7A5CDC6-6A68-4918-BF6A-EA1ED6C5733A}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{AF9EC5A6-60E4-4E11-BA60-F7B7ABAD12B9}C:\program files\activision\call of duty - world at war\codwaw2.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw2.exe |
"TCP Query User{BD3C6203-EE1E-45F2-86B2-9ED509DC20FF}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"TCP Query User{BDA1A443-C931-42D6-914D-84CF1A367354}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{C10B7475-7BB2-49D4-82F1-2ADFCCFD4B57}C:\users\neu\desktop\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\league of legends\lol.launcher.exe |
"TCP Query User{C4A34D53-1470-4CF3-94B8-6EAA6A6895A0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{C6EA65AB-1AD3-4C47-8ACD-06B9DAD82947}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |
"TCP Query User{C72DFECA-FB34-414F-874A-649193864C75}C:\program files\ea games\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\bfvietnam.exe |
"TCP Query User{D7244BEC-3513-456F-8E66-FCA5300A922C}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe |
"TCP Query User{D9D9C9C2-8898-4E97-B3A9-A2B50EA4091B}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe |
"TCP Query User{DDDB31F7-95EF-408B-9982-D3CB9AE8F535}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{DFD0AA41-88CB-4B46-9C09-C0C910B0FFB4}F:\l4d2\left4dead2.heiising" = protocol=6 | dir=in | app=f:\l4d2\left4dead2.heiising |
"TCP Query User{E2D20D4D-7CBA-4344-BD6D-43A281604AD9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E2D4B108-E1AD-438E-A4D0-F56FC306A586}C:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"TCP Query User{E6636CAB-42B3-4BC4-B3FC-0A0BEAA9ACFB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{ED677A53-D535-4310-8645-38A9AE729FA3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F38B093B-0FBD-421A-82AF-0954838B8FDC}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"TCP Query User{F9C8D732-D2F1-4B5E-9660-EA5AB9951BBB}C:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe |
"TCP Query User{FA4E5968-690C-4F93-8D40-680D9ED6AE7B}C:\program files\counter-strike source\srcds.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\srcds.exe |
"UDP Query User{0D2D13FC-773A-445C-ADDC-DF6876AB63A0}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{1243FF20-BA23-4E9D-B6EA-CECDC1CE7B33}C:\program files\ea games\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\bfvietnam.exe |
"UDP Query User{174C1F81-5A23-4CB9-8D5A-F0BE59BCF854}C:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe |
"UDP Query User{2158D587-4AC1-426A-B43B-0FAECEF64E86}F:\l4d2\left4dead2.heiising" = protocol=17 | dir=in | app=f:\l4d2\left4dead2.heiising |
"UDP Query User{33934978-2389-4299-BA48-5B272CE01504}C:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"UDP Query User{346730F1-0A9A-4B72-883D-FA2ACE32F1FA}C:\program files\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"UDP Query User{39A5A25D-EA3D-4C71-8634-F93B5319C05D}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |
"UDP Query User{40DC8937-CDFF-4D1E-86D5-5B098F4DDE79}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"UDP Query User{43E55E52-E297-4415-81C9-A9F64C9A2CB1}C:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe |
"UDP Query User{4A3155AB-F49F-4138-BEAE-5C04B56F69F5}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4B0CD05A-B921-49B2-8FCF-9F1DAD5774C3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4DC3FAB8-2EFB-48BF-9A35-F86FE21AB1D2}F:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe" = protocol=17 | dir=in | app=f:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe |
"UDP Query User{58FB4247-F709-4735-ACE7-FC72731B3969}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{59F5A2C7-7964-44D5-B628-1518902B9387}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{5B015E4B-DAA8-471D-9908-16489AE7880E}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"UDP Query User{61088C7E-F725-430A-9D65-30983E1F841C}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{6381CB07-6565-4354-B17B-E4969E24495C}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{652C7C88-8910-48D1-8888-330E3B4AA818}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{6BA58D73-FB5F-429A-94C6-7090725465A8}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe |
"UDP Query User{6E3CE62C-2200-4554-9DE8-612274DA4519}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{6E45EEEB-16E1-422D-BC14-30C4514B25A2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{77FE412E-A7EF-4D4A-82EB-0D1505753DB1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7950F971-CBF8-4793-9DF3-4B96E32C9044}C:\users\neu\desktop\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\league of legends\lol.launcher.exe |
"UDP Query User{7E6B20CD-9462-4F9F-B365-C599416E79E9}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{8A2B2015-414F-4A8D-A39A-42ECD80A7955}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe |
"UDP Query User{9D9825C4-359B-4F73-87C4-1BA8518DACCB}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{A210228E-537B-4C66-A003-3EDB66FC7E5C}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe |
"UDP Query User{ADF5B0CB-FDE9-42FC-BC43-32A3695162CD}C:\program files\activision\call of duty - world at war\codwaw2.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw2.exe |
"UDP Query User{B2AFCF8C-344C-438C-9947-20F2EDFC6A5C}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{BE13A9D1-5BB7-4EFD-A56B-160BBEB29D3A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{C5E723D1-FA5B-4048-B99D-CBACFCA8A8BB}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe |
"UDP Query User{C6B2BB73-0CA2-4620-9ECC-2D2B21F9FDA9}C:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"UDP Query User{C99F0E44-0A34-4388-824A-5C77C88E08F0}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{D9BAEF4F-412B-4F6A-9044-B0841A827B1F}C:\program files\ea games\bfvietnam_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\bfvietnam_w32ded.exe |
"UDP Query User{E6FA790E-2CF9-4036-88A2-1D1E96EF661A}C:\program files\counter-strike source\srcds.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\srcds.exe |
"UDP Query User{ED876495-55DA-4112-9A4A-1ECF90053814}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"UDP Query User{F202887C-A45A-4CF0-96AB-49802FC2B42E}C:\program files\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\crysis\bin32\crysis.exe |
"UDP Query User{F4D0EDEB-CC00-4EA9-A318-B14371A541E4}C:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe |
"UDP Query User{FE53FD56-43E4-4FBD-9197-24722218EB00}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=17 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1104E2E0-9378-455d-9E0E-6235A4E52DB0}_is1" = ArchLord
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{441C8911-CEC0-19E6-6CAC-694553E06A28}" = myphotobook.de
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{93712806-272D-485E-8D8E-C08E861CF3E0}" = A.V.A
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cross Fire_is1" = Cross Fire En
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"EA Download Manager" = EA Download Manager
"Fraps" = Fraps (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus Download-Version D" = MAGIX Video deluxe 16 Plus Download-Version 9.0.0.55 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MySSID_is1" = Vtune 7.13
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Steam App 620" = Portal 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Akamai" = Akamai NetSession Interface
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.12.2011 16:24:39 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16583
Error - 03.12.2011 16:24:39 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16583
Error - 05.12.2011 13:08:11 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0x71d4610a] Bitte Avira informieren
und die obige Datei übersenden!
Error - 07.12.2011 09:21:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x5782400e, Prozess-ID 0x84c,
Anwendungsstartzeit 01ccb4e306aab9a5.
Error - 07.12.2011 09:30:03 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x57824002, Prozess-ID 0x84c,
Anwendungsstartzeit 01ccb4e306aab9a5.
Error - 11.12.2011 12:40:11 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0x725c614a] Bitte Avira informieren
und die obige Datei übersenden!
Error - 17.12.2011 10:49:20 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6002.18005, Zeitstempel
0x49e01b94, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x5782400e, Prozess-ID 0x784,
Anwendungsstartzeit 01ccbccb0c88442c.
Error - 17.12.2011 11:05:59 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x57824002, Prozess-ID 0x878,
Anwendungsstartzeit 01ccbccd380ac67c.
Error - 17.12.2011 11:07:26 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00047336, Prozess-ID 0x6a4, Anwendungsstartzeit
01ccbccd33c62f5c.
Error - 17.12.2011 11:27:41 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
Ausnahmecode 0xc0000005, Fehleroffset 0x00047336, Prozess-ID 0x5e4, Anwendungsstartzeit
01ccbcd04b74b784.
[ System Events ]
Error - 17.12.2011 12:48:34 | Computer Name = Jonas-PC | Source = sfsync03 | ID = 262145
Description =
Error - 17.12.2011 12:48:38 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 17.12.2011 12:49:18 | Computer Name = Jonas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.12.2011 um 17:47:16 unerwartet heruntergefahren.
Error - 17.12.2011 12:50:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.12.2011 12:50:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.12.2011 14:23:49 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 17.12.2011 14:24:08 | Computer Name = Jonas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.12.2011 um 17:59:18 unerwartet heruntergefahren.
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
17.12.2011, 21:53
| #14 |
| | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert ach und die frage ist es normal das dieser trojaner nicht wirkt wenn das internet aus ist? weil bei mir hat er jz nichts machen können wie oben schon gesagt.. |
|
18.12.2011, 16:40
| #15 |
| /// Malware-holic | Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert hi achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [firefox.exe] C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
:Files
C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert |
| abgesicherter, abgesicherter modus, abgesicherter modus startet nicht, achtung, achtung!, andere, anderen, arbeiten, aus sicherheitsgründen wurde ihr windowssystem blockiert, bildschrim, blockiert, drivers, funzt, modus, problem, schnelle, schnelle hilfe, schwarz, starte, startet, startet nicht, system, system32, taskma, taskmanager, threats, windows, wisst, wurde ihr |
Linear-Darstellung
