| |
| |||||||
Log-Analyse und Auswertung: BKA ScarewareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.08.2011, 18:00
| #1 |
 |  BKA Scareware Hallo,ich habe das gleiche problem wie viele hier, das ich diesen bka-virus eingefangen habe (war eigentlich nur auf "facebook" und www.sidereel.com bzw megavideo wegen ner serie). ich habe schon jede Menge threads zum thema "bka virus/scareware" durch gelesen, aber so richtig schlau wird man nicht, da immer bei otl immer andere benutzerdefinierte scans eingefügt werden. Vielen Dank schon mal für die Hilfe. OTL.txt Code:
ATTFilter OTL logfile created on: 10.08.2011 18:38:37 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\himi\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,87% Memory free 11,43 Gb Paging File | 10,26 Gb Available in Paging File | 89,74% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 67,47 Gb Free Space | 14,49% Space Free | Partition Type: NTFS Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32 Computer Name: Computer Name | User Name: User Name | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\himi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\vVX6000.exe (Microsoft Corporation ) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (SafeList) ========== MOD - C:\Users\himi\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 16:37:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.23 16:37:44 | 000,000,000 | ---D | M] [2011.05.08 12:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\himi\AppData\Roaming\mozilla\Extensions [2011.08.10 17:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\himi\AppData\Roaming\mozilla\Firefox\Profiles\gnndmyow.default\extensions [2011.08.10 17:55:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\himi\AppData\Roaming\mozilla\Firefox\Profiles\gnndmyow.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7431c1d6-992f-11db-9c5a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7431c1d6-992f-11db-9c5a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.10 18:35:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\himi\Desktop\OTL.exe [2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4 [2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4 [2011.08.09 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.08.09 20:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011.07.13 15:47:13 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.13 15:47:11 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.13 15:47:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.10 18:35:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\himi\Desktop\OTL.exe [2011.08.10 18:13:50 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.10 18:13:50 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.10 18:13:50 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.10 18:13:50 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.10 18:07:39 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.08.10 18:07:38 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.08.10 18:06:54 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.10 18:06:54 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.10 18:06:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.10 18:05:45 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys [2011.07.21 20:52:08 | 000,921,624 | ---- | M] () -- C:\DC6810xp-001.raw [2011.07.15 13:01:23 | 000,264,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.10 20:32:33 | 000,008,704 | ---- | C] () -- C:\Users\himi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll [2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini [2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI [2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI [2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini [2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI [2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL [1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI [1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI [1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI [1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL [1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 10.08.2011 18:38:37 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\himi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,87% Memory free
11,43 Gb Paging File | 10,26 Gb Available in Paging File | 89,74% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 67,47 Gb Free Space | 14,49% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
Computer Name: computername | User Name: username | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DBB7867-A899-4A39-AC5D-D3CACBE0CEAB}" = lport=17520 | protocol=6 | dir=in | name=mubox12 |
"{4A187491-A5AF-467A-AA8E-9A43423E2EC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA045F37-067C-4AEB-B3E3-6BCCDBE1D13F}" = lport=17520 | protocol=17 | dir=in | name=mubox11 |
"{F56D9D9A-527F-4ABB-96EA-AD8D9EE52E76}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B5C5B-3047-42A9-A630-4DD034B328AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00559B89-735E-4FC9-870E-9385740C7AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{005B37CF-53BD-465C-A517-C8543EBA4A8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{029C677C-7D18-4399-999F-7A5EC3DB3829}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02AE4505-AD32-4BC9-A6FA-493AF443E4A1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{03A557C7-06DB-4DC8-8DC7-3F8DA99583CA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0501F28D-BC74-4CFA-B060-53E342273D45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05131434-5FAF-4461-A0F2-CFC75F302495}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05659D87-63F2-49DE-8A6B-4C6EE294C323}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05D9DC1C-FB8A-445E-8C07-C5C7EACD149B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06339B3C-1417-44CA-8A43-C726F49CFEEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{072D7A48-7BDE-43D8-974A-7600F76EDEB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08D3BB8D-9FC6-449D-9F55-99FBDD4BE2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A993350-A07F-403B-B4E0-4C6F1221AC7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B8B3430-7CBB-49C8-9DBD-DA40FBF5F5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BE05B04-D00E-4F89-B033-830667A3E09C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C1D98B8-717F-47B6-9598-6E2EBCEEFE7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C84075D-9BAF-4663-8460-AAFF4B46A28C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E684D5E-71B0-4900-94D1-4419BC63BC07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10077AC1-B407-4417-8879-200CC40B06FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{103EB0CB-7650-4A94-84AC-94AC08EA770F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10EC98BC-7736-4A7F-91D5-70D9B1AD2E97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1117BED4-51B7-4273-94FF-A78AC350DF4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1264C8C2-B49A-4BD6-8432-641968D04CA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12D24E6A-EDE6-48A7-9930-1DEF75C36F22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12E5F683-8AA9-4705-B92C-25D2328D658A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{13076F4E-4B5F-40A3-A278-7519512CCF1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{134435C1-6212-4978-9269-2747FAD54082}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{138921ED-A620-44DC-9AA2-6DFDD589DE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13E99B7F-FA66-40CE-92F7-196DE81229AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14AB23E6-485C-4863-B9DA-93134E31DC6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |
"{14D77BA4-4A3D-435C-9C80-344AECA5A038}" = protocol=6 | dir=in | app=c:\spiele\battlefield 2\bf2.exe |
"{153C470C-D4A6-4A47-BE87-929840073CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15941C9C-01C3-4B86-8D67-A01B9DD6EF0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15FE61B0-EA88-4D91-B342-CD9042B72110}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{178E7D6F-B823-40DE-BEC6-3DCCBEF664F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17C94D14-4356-41CF-B4D5-8CE7A38CA60D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17E849A4-0494-4753-A0CB-634EE4EE5FBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19346D50-9598-4DA0-B8FF-299FACDF9BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19CE2D91-48F7-4E15-8C1F-9790776D1FAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19FB4B0F-264E-4EE5-AA93-E76B3CFEE389}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BB78FF3-EC62-4CF4-A88A-44CAC3B84447}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C5176D7-A7D9-4BA7-A1BE-A95061369DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DF2E80B-B9AB-4965-AC81-F21E7000143C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EDBF42D-C036-413F-8D7B-2F2738C48AE7}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx.exe |
"{1F6635FE-D548-4A4E-9AC9-2244FDF6681D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FB2695F-5D0D-41F0-8EEB-651F8D75E96F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{201AB2D0-42B6-4FF1-AE1F-8320226AF966}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20AEF45B-3209-424E-917D-5061B3DE6338}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{229B2156-F644-4A9D-80AD-3B603458D93D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{235CEBDD-675D-463B-9C22-28A44C86DFD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{252D6767-9B53-4006-AB04-8B1458CB902F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{258CC967-E240-4070-B056-A973522FC721}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27F6EB0F-CC53-43CF-AEB8-1981544D0855}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{283A07B8-19A1-4125-BFB3-7C375CC66618}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{283E9404-1519-496A-AF8E-59EF2438B753}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28F5CD87-28F3-46F5-8228-1E3B95B000A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{290B5E01-3501-4246-A7D0-6B8FB527A9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29FB2327-7C21-4589-B966-5CB65DB7B386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A0070C9-B502-41E1-A79B-4D15A9A8DE8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A976822-73D6-4861-94B1-857E254DE103}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AFF5B9B-0C74-4B3B-BA80-66E6CCAE6CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C3A3DEA-BE16-4CB4-AF54-A4689F6B8B43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C5C7A24-9E95-4983-90E5-1164A454444F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD8F032-2C62-45AC-9477-0B964D522287}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D7AC443-F9B9-4E0D-A9E1-3F76787C47FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2D891BEE-A1BB-43B4-8D12-0675E9881D62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DD2099F-939B-48F2-AD08-AECD8A02764B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E105ECA-33F0-4DC6-A320-9072FB3597FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F872074-DB11-4515-A069-8BB74FFC7D65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F91FCA5-028D-4DF5-92BA-5DCEF8A0DBFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{303CCA1A-1354-4564-B29F-1BECE69DA593}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30D73AAC-B031-4512-A6F2-6B3054242B82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32DE05E7-6198-4825-80A0-2A638B2D8BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3364A205-A82B-48A7-AD18-7D4A7D2D4319}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33791EF8-1164-460F-9F97-00682E65EDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34820175-C66F-4AFD-B818-D5B4D740BEBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35425D1E-E405-49E2-84BC-676A0FE9EF07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3634015C-C76A-4423-88A3-F923E6774948}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3642DED7-AB59-4700-A1DE-E42DA04CC853}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{36F0A7CF-C49C-4C2E-9DED-6BBBC79CD306}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{376FA0C2-A5B9-4D0A-96EB-33781120793E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3979A064-71F4-481E-835E-D85912600E67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39945DC4-EB1C-491C-BE01-9A8B7BFBF085}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A5CDD4B-81D2-4CF8-9113-E1E39E3F02E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A6E7D0D-7D17-47AE-AB71-5EE1CCF273C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B147A5E-4A63-4228-A86F-9A57FD9EC888}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BF0B062-D60F-4B57-8C19-4C592998CABF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C24207B-1137-40CC-851E-F4FC0E372CEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C7F1F0C-C73B-43F2-B146-DE98B2CCC823}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DE3AA84-09BF-47A7-8E0A-03D77F5FAB39}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E65FC37-9AC2-48C3-91C3-511FA733AD19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EA2A545-F8EC-478A-A578-F04D2FB1A05C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDB7703-5244-421C-BD73-06816A1AE294}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDD8611-2CEC-4024-9628-7D1F28191A9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FFF3001-B430-436B-B7AD-F92FDFBFF9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{402ABC1A-9C9B-4911-B8EA-3ABF09419BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{406D8FCA-F87B-4D64-9719-26917BB43BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40888520-4B57-4B91-BDC0-39CEE4F766D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42E72ED4-DEF8-4629-ABDD-6B2BDE1E6C7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43D53421-1FB2-43E8-94CA-0719E0F6819D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43F6A7CC-BC64-40CB-9944-310F6FECF942}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4403D093-D215-4217-8E4A-973FB21C59FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{460D9734-F17A-4E5C-A593-26A1AC35BB8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47E5BC90-A7AC-420F-91B6-AA58C05C0E4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48031CC0-B7E9-401E-ACE0-A7070D12CE9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4848BF49-5787-43AC-BAF7-336E8E0A0EDA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4869EB28-480F-45F0-8ABF-6514E46FE51B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48B5E9CE-37B2-4A19-A356-65A77C5E2EA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A784CBD-5EBC-4912-BD3E-E1ADE299B855}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C255F38-8B7B-47E3-834C-2A1E420E5743}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C3495DE-10CE-40B2-9141-BC08CED0ADC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C50447E-393F-4D79-BD85-D46A07F66B20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D2D5EA6-E3C0-44EC-8804-298AB9F30407}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D36EB29-4437-4490-9ABD-1CB4BA0DBCF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51069E51-BEBD-422E-ADA1-BE6FEB7BC66E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{52B5F2C1-BE1F-4D7F-9D14-4F6BC749F657}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52C58F34-B6E8-4DC9-833B-746EBEC11BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54BA2EFD-BE19-4931-AFD4-ED082C1B511D}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{5667D35D-62E6-4992-ADB8-1DE4ECDC31BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{568D8FE6-7D4C-4824-8840-1D5CC3F6101F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56985AD9-9B4F-476B-88BA-42C4D07DD765}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{575962A8-7C1C-4B39-AB18-4787C25FDA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5786F3DD-2CFE-48F2-8F1F-6EACB0787689}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57C172C9-3335-438D-A734-B7C391BD82AD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{5A35D46C-46A2-4510-93D3-E65348D01A84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A41EB62-3BC2-4BCF-87DD-C172EE5663B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A9900A1-6C4A-487E-B6FA-4C05074308DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BB900A0-7BA1-400A-90FC-D21B2DDD200A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CAD0062-6E74-4A5B-B7E2-A8BA5452F15C}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |
"{5CB5239D-746A-45EE-BC7F-D1CD40B353BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CEA002E-6EFE-44B1-AD0D-BC63D56966E8}" = protocol=17 | dir=in | app=c:\spiele\battlefield 2\bf2.exe |
"{5D6BB1C1-E7B0-4B63-AACB-063D45251192}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D6D9ECF-9F09-4E5B-9047-A28E69FAA4E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DAB97D2-D372-45B1-BEA6-DB2C0052E7A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DB3106E-A543-4953-9E7F-001FEA8DF0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F6F6B06-F9C7-4C9F-BAA9-866784572D5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FE82E57-655D-4965-A8DE-6A1BEF09DEE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6034525D-8258-4C07-AF2B-7555D2824AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{608F3FE1-DEDF-4EEA-9DE1-4A299A3D7DDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60D147FD-0A2D-47A2-8635-6ABFA3FB2D65}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{611550F6-49C2-4D69-9CBF-95621B165B36}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{61B2B502-3744-4107-B2ED-E449A42CBB2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61CCBDD7-5BEB-474A-AA78-178BF1603AD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62616035-54FA-4D1C-BD54-E8C836EAE7E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{626BC1C1-D80C-4522-85E6-63DA077EAD68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62995E76-0410-487C-994D-8E75D852760F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63546320-54EC-4917-B005-A4112D64C656}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63F9332B-F4FA-49B1-9812-C295BB8460E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{641069E8-EA32-4996-A19A-1963FB8CF106}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{641E7369-38AD-4F2E-BE10-51B3B9A2621E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64794995-0F4F-44E5-B658-FC6E6AC77EA3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{65009C96-CC27-4F25-A60B-493312010A08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{650905B1-BECF-45A9-8D08-AF0C203510A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{655703B7-6CC4-475F-952A-7FE38A13B45B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6578D47F-63FB-4183-8AFE-10EEC3F6415C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659B9298-1917-401F-9CFE-D8F19FA00C6E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{65EB4B60-7DFA-4297-BC74-F21A58A9FA23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67CC644A-B729-4185-8D8B-71AC1B3D60F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67EA87AB-6624-48CF-9114-FA8922D38881}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6807868F-741B-4D2B-9F6A-E134688A29C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{697F4646-6D51-4B7A-BC39-85EAEC82C4FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{698CAE38-7AA5-4F95-9758-97D2A38AEC11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B5EB699-62AE-41A0-B27B-12B102502C71}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6BB98054-B9C1-4C4E-B7EA-9C0C5BD62E97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C5A55E2-7780-41D9-9DD9-D3C5EE7AEEA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D3FE7AD-0E7B-42F4-B990-CE5EEAC2771D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DE9C2DB-5617-4031-8823-46B87C2474AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E384561-9ED9-4BFE-B424-C1B9F806CC99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E6C01E1-1DDA-4AAE-9280-266FAD2F2843}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ED3EA61-E482-46D2-96A9-99C5C278CED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F48722E-70B0-4E07-85E5-9078C9353E38}" = protocol=6 | dir=in | app=c:\spiele\hellgate london\launcher.exe |
"{71267531-CC76-46F6-9E1E-F3CB3FD01CB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71BE1229-271B-4C7A-88F0-18607A1C1831}" = protocol=17 | dir=in | app=c:\spiele\battlefield2\bf2.exe |
"{726F7D41-0B5B-4A90-A236-444DEBA7E6B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7356DD5D-7A17-4B11-B834-E0A50042E7C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73C9942C-DF2C-4346-99FA-D317491AA55F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7449441F-2BDC-4186-8FCA-C2D4975ADA58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7450214B-7329-4B08-AF56-3D27A10951E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{746D1BBA-9C40-4837-91B3-419B8CA342F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{749937F1-F683-4D97-AD88-D0ACB1396D30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{762DF4FA-24CE-4615-8686-E2884DF9C991}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76443D58-6765-4942-B83F-791296274D65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{773EF4C5-9924-4685-AF2E-F35FFC4A6C2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{775E276F-4F23-475D-8F57-15791C9F21B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{789643F0-7DC2-4769-9800-D445D2114A2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78D95B16-99EE-47F7-A589-C93AD3745B64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79642FE2-79B7-488E-B24B-85BB32DF5876}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79A3D9D1-DFA9-443D-BC35-799C74D02214}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79BFC7BD-62B9-48F8-958A-592102276D96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AB46C2A-D39E-449A-A2DE-75022CCB4D06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BA1E7DB-1DE7-41A3-A2DF-2472072A23E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C0F32AD-21BA-4FBD-8EAD-941C68E94F57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C582E0C-9426-4934-B34C-9351586BBBE0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7EE2FE00-205F-423A-93A9-17C5FF62AB74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F9096AD-2D37-48DF-AEF1-B36F63B8D875}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB3D2D1-5C0D-4F29-BB8A-BFF3E6D2617B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FD14BD8-3C92-4F4F-8D3B-0C4488C714B2}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx.exe |
"{7FDD23AE-CF9C-4BFE-8ABB-8B0A59BFBC40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81702DAF-4AC8-4B94-9960-AA940240D4EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81B3E062-EFD9-4C9B-A178-C85349940296}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82B1ABE5-005F-4EEB-B858-42FC1BAD52E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8423D59E-5F84-4C56-B2BE-6AFBFEA50603}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{844DB633-B170-4403-8065-CF30CC435F02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85292C34-92C9-47DF-99C3-2A40866E09A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{855CE4B5-7DA3-43CE-B437-8BF7A095568D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{87FBF237-039B-4288-A77E-044179479EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88D757FA-FBC2-4C34-B83A-489673B164FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8966DF41-D067-4566-A997-89254A33D2D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89C5E18F-BE2C-4EF8-AC7E-E5F925C5EAB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A74504E-3164-4695-B93F-5182636D8E11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BCBB827-0E19-47E2-A363-EC607FFAC7FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BE9B14D-525D-4D0F-B31B-E8ED6E113734}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C1FED89-807F-49C9-AB37-5B012818D7D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D91F950-4B80-4AA2-A96E-9C0392B28244}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DE658E4-CE1D-4480-80C9-55A2AA5FCE91}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{8DF0E03A-ECC8-4E09-9DE7-C71715176623}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E935FD9-E72C-47D9-B8C4-5EEC7B6943E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FA325BF-891E-4827-B545-A7F0A21B9B6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FD85A37-F67C-4C43-981F-2873EAA1A393}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90EAF9CE-F9BB-448B-B79C-7C25804CC930}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90F20418-A20B-4ECA-9286-5DCE4834C2EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{911CE052-1296-4037-905E-196226A493A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91FEEAC5-B3EB-463D-99CF-B40CC7AC5875}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{9275DF02-0BE2-4E05-A7E4-3439469C5AA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9297FEFE-3C7C-4C51-BF5E-2E719805CB17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92BD6311-6C0D-4CF2-B32B-83625C32EA9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9434D2B7-9A6C-48E4-952B-C2A7EE014777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{946D1D22-30B3-4FA9-9669-034B96F78A0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9494797B-507E-4E64-92E8-1CC71A276C56}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{94F3B9F6-CDFC-4354-BC24-5BACE8040D68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{956778E5-F1C8-4E54-B640-ED1A910F215C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96173EB9-1430-468C-917A-25D594DF6418}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96567423-77FB-490A-B35E-E8E9C99F83C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96F00460-4D67-470B-B8B5-E485FA22730E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9851D700-F6E1-4A7B-A940-B70DC7B316DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FF368D-3962-4924-92F3-95D2592B2120}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9987A999-0E0E-4A36-A09F-C565E3E2AFA0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{99D17913-DEC8-43CC-B25D-BDD698D9BC9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A1504BA-D58B-4561-A089-E610157D6CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A96444E-FD4F-4385-9413-A087F7E7B1BD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9C132163-30D2-4B67-BB93-AAE53B6750CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CECAFCD-1543-4C02-8EC4-B8B0394127F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CFB9101-E6E3-458B-877B-A6B5075026A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D1767A7-E1B8-4405-82DB-866F2C2CCC66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D9E1D34-7417-4F60-8412-4E61A55583BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DD0573E-DB37-4E04-9A85-1B3ED3CA8F15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F355307-6E1D-4F73-9E59-ECE1CAB89FE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FC56592-56F7-4AF7-A80F-3EFE4A63F938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A06020E9-C9BC-48FD-A204-5348707F10E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A24278AC-C20A-4F18-B90C-509DDD03EDBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A26D6C5D-B63C-4EC0-A0E0-E6759B7A322E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2EDB997-557B-4429-AD5C-248778184266}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2FFB3D8-F2C7-40C5-89E2-A58C556EB4E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A432A592-ED44-44D3-9440-BBC7B83CA8BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5683135-BABC-477B-84A1-2CF321C25AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6D93C16-5976-4F95-A8B5-6A32D65F00F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A760F7C2-A845-4836-9D56-92DFFA4AC4ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A7C428A2-3160-4DF2-BBA1-2AB2FD45FBEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9B07034-0AE4-49CB-B2A5-C70D19BED1B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA637E72-4806-4351-94ED-89D9B74F7694}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AACE98C9-1F1A-4BE8-9609-9D56E6CE7D84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAD65875-2D64-4471-A269-C7893CE4C716}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACC3D864-7ACB-4825-B0EE-B8D5EF5456FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD38D988-57E6-49E1-A1E2-15A48CE8D27F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADE09D17-FC4A-4BF4-AB38-C5F11E62EE18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2CC558E-5EF7-45BC-806C-F5D1FA7759F5}" = protocol=17 | dir=in | app=c:\spiele\hellgate london\launcher.exe |
"{B344C6DF-43FC-4066-A2A1-C1F8911ACB40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3FF359F-487B-4ED9-BECD-6B0CFA60F5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B427DC65-B149-4B84-BE57-488D32B2AC3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B475798D-8952-4095-A3AF-6716A74EFC92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4F8C158-4706-476D-A22C-8433166E3DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5133D3B-DF45-4DB9-90FE-0C297E2488B3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B51F2910-5E55-46AF-9D6E-DE63D7A9A62F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5562BD9-2200-461A-87C2-97FB058FD082}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B5F6A7FB-7819-4716-B1FF-DE575A643F62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B61017AF-9DDF-42D1-B389-921980B73A45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B62B0C5C-050F-4A30-9B48-E063BE52A0DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6748994-8A43-458D-BAC6-2A76D3ECF637}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8CBA12C-258F-4FD7-908D-A9676656B9B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8E9E8C3-3548-4454-9992-10F9B4D847D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B945ABD3-F601-43B1-A3BF-C231359959B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B94FEB95-3BEB-4080-8A7B-417B5F49FD98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BAB61AB0-35E5-454B-AA83-78DB6DA497B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB590BC1-3FAF-407C-81C2-D93D7DB520DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB724666-BE74-4975-8417-8C8482EEA48C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC93961D-DCB1-456C-9BCE-CCD38715BF55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDBFD2DB-D5E1-43F3-8A8E-BFB96396C386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDEBB466-D436-4AA1-9017-F280EB34EDE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDED2D8F-1F29-4518-B311-5E3F4F37E3AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF203B47-7DA1-4C4B-8545-67DD1EFD3AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF56364D-5F5C-4C38-82CD-76F49F9A35E7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C147F518-9912-457F-BFB3-584B162C9BFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C17167D7-72AD-4D42-B386-FB346882B137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2B750E6-63B0-4D65-91EA-3517FD01A019}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2E8E0A5-AD0E-4D25-B9B3-8A7691ED880F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C50CE0DF-4B53-4F09-8CF8-46B8BFC2DA0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6352DAB-D506-4B9B-875A-E37FD6556651}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6446197-4542-4712-A8D0-287CE293E162}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe |
"{C70510F0-B5CA-49FA-8735-651A254EE53A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C74CEC14-B83E-4640-A9EA-18D323564BE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBEC7E09-6595-4329-BE33-B123C0FB072D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC4433E7-F808-418D-BCFA-2828E1E44ADE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC57ED92-DD00-4F4F-9B04-F0FB033CF976}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC757D75-6D33-482C-A40B-0F7DCA17B5D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC86C210-7631-49C0-AA3D-089283A40099}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD4BF6F9-DE3A-42B4-BF66-04DE3EC52DA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD64BEE1-ED1A-4A4B-87EF-8A73AC8EDD29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF96E47F-3780-4A31-B4DE-322B351B2A5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D148D604-22A4-453C-9337-049255BC3D33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3015268-E542-4AB5-BD38-EAD5F5C88CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3E1E130-B25A-4098-84E9-C9C696858C18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D43AD609-FB35-45F1-9BF2-534D42D79177}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D46C2C90-FA02-4F32-B86F-4778491D38B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5628C2D-57F1-450C-BA4E-05B513610B1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D760E3B1-91B8-460D-8407-328148B3EFDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D82B1409-6690-4F14-A844-285F17E52A86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D830E364-F8FD-477A-B9D5-294817341CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D83ABEC8-B15F-491C-9A75-1D231F275A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8797E7D-46F9-4EE5-A685-98CA124457B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA235F73-3DF5-4747-80AA-A6DFAAD989BE}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{DA38A0C0-E684-47C8-862D-9C4C4D5A94FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB152747-19E7-4956-B2C7-3660CBF6C63B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB165415-B26B-4190-8865-84C1934446A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC225148-4A00-4EC5-9F92-FFD533ECC5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC2C67BE-8762-4D7A-BA78-B9DF3404439D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC6B7AD9-34FF-45C3-B67C-C68F8C6A38E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC7DBE5B-B5C7-4D33-8084-A2B8C49B02C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD463BB1-3B61-4660-B805-B256B08A87F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE122E86-16A4-4428-A007-E2718AF11458}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEBB9287-671B-41FC-9EA6-523AC4C9CC0B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DF34B54C-FA4A-4154-BC04-A3203988439C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFFA0E2B-A780-48C6-91B4-BCC0840ECE57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0335049-6C66-4777-B23A-B862F2868807}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1DA5CA2-9408-4FBE-B38E-7558A8E87AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4538B0F-FB48-40DF-9A29-0EC5E32F8D4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4DFA4AD-483F-4FE4-94D4-D11E819DF2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5829D77-E080-4EF9-A497-3EDD025E6A8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E61744E0-97E9-4923-A0FE-6BF56E6C69D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6B89C9B-8260-4607-B589-2528D1F05EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6FAA65C-D1C8-4458-811E-B0D844DA021B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7F10DC4-90BF-495A-BD5D-A747E7013013}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E88E2F9D-EE41-429F-A7D8-C64EDEB66CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9E151E9-AB4F-466A-9BF3-567ECC94500F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA70EA62-A7DD-4108-9B3A-6E5791C9C3B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC21A141-91D7-447C-AFDE-5972EFE15737}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED0B973A-9748-460F-B665-CA263C3C431B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED8A4257-5770-436D-8ED5-00675A534A15}" = protocol=6 | dir=in | app=c:\spiele\battlefield2\bf2.exe |
"{EDD87CFE-0399-49E5-A50C-D46F0F885D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDEB9B1A-D26D-499E-9B32-83BDD72A9872}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3852A3-27E4-421C-8704-7AF4D80BAE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3AE5E2-0E74-42A4-9417-18F13D59ACF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEBC6C6D-7CE1-4E10-BC37-E1FBA6A55663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF2B9B12-A987-4A67-AA41-EB1C98204E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F08A5A63-AE6F-44E4-B919-BFA469DB7741}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F154C081-222F-4F18-B0C3-DAA2A07AE735}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F207EF09-E628-485D-88A2-71D2E867985F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3AE77E0-6E35-4171-9BCB-98DA9A058B48}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{F3B7EFB8-BB1A-4463-85AC-13EE53C9C3A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F440FBD0-1FA2-47E8-976A-7F145C8C8B6E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F452C321-E555-4058-8DD5-DD4EE2F10152}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6348E3A-606D-4F0D-A815-8FF7394D1D09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F674F7C9-D16C-45F6-A1AF-0D99D077B198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7B72E7C-71AA-46A7-BB15-97BF6A40A7E7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F833C534-B5BD-452C-9FC8-19FD81BF655E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F846DAE9-8177-4AC6-95FA-891A59A9CBF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD8840CD-B0B2-40C1-A93A-D3694D0C43A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDBCA210-A1CD-4D94-8D3E-F08834C6DE79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDC661AE-798D-4E70-B9AC-BA3CE2E9946E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF1E9516-A2A6-452B-86A6-7CCE1FBEF099}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF5539C6-7652-43C9-8E46-72C3DE937A9D}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe |
"TCP Query User{0FDC54C3-2D05-45A8-A838-049209227863}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe |
"TCP Query User{245541FB-981C-41FD-8226-97844CC4BC39}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=6 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe |
"TCP Query User{2F153825-4A10-46AC-B741-CFBE2917D150}C:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii\war3.exe |
"TCP Query User{309BC946-2486-4945-B1F0-B524AA01B69B}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe |
"TCP Query User{53AF4A54-46E8-4642-8F1E-8E6CEBC85BB5}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe |
"TCP Query User{5F85C172-8865-434E-91CC-A6BB5CE8EC8A}C:\spiele\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\repair.exe |
"TCP Query User{689E4F99-ABBF-4FB2-AF2C-E1F36A97302D}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe |
"TCP Query User{7BAD17EE-759A-4F1E-B53B-CE9F6058E060}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{8D89BAA1-8F07-4A83-B7F2-8A1C2BB30556}C:\spiele\aoe2 kings\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe |
"TCP Query User{97FC0374-FF43-4042-B34F-8B7E96DAAF18}C:\spiele\cnc 4\data\rts-final.exe" = protocol=6 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe |
"TCP Query User{9AC33C66-D760-4383-9F2F-C71CAA019AB2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9B602ECB-D420-4DB9-97A6-2645386AD4B1}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{A571EDA3-4B81-4E1D-B799-BAD96B606418}C:\d)\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe |
"TCP Query User{BCAE8201-8BD9-46EF-8CDA-A234243A1883}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{BCB3564E-5563-4833-820F-CCAAEC93D7D3}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe |
"TCP Query User{BD1B1463-7DCC-44B3-BA06-AE404BE3C634}C:\kav\kis7.0\german\setup.exe" = protocol=6 | dir=in | app=c:\kav\kis7.0\german\setup.exe |
"TCP Query User{C572B728-BF01-43FC-94AE-0F714FB2DAAD}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{C57FCC0C-A874-4B6B-91A4-765025E11283}C:\spiele\cnc4\data\cnc4.game" = protocol=6 | dir=in | app=c:\spiele\cnc4\data\cnc4.game |
"TCP Query User{D693C640-8B70-4051-8BC3-58E1B8297B60}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{0225931A-C5D9-479C-B750-999BA301E1DF}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe |
"UDP Query User{099AC4AC-832B-41F9-BD4F-D962CC3AF522}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=17 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe |
"UDP Query User{12AD07E3-BA42-40C7-A2BF-D917FC935E5E}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe |
"UDP Query User{22973E21-E778-4363-98CD-8605E937B33D}C:\kav\kis7.0\german\setup.exe" = protocol=17 | dir=in | app=c:\kav\kis7.0\german\setup.exe |
"UDP Query User{3266FDA8-EC61-4DB7-B895-22CA1C25C961}C:\spiele\cnc 4\data\rts-final.exe" = protocol=17 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe |
"UDP Query User{3A05E879-42B2-4DCE-9D41-F52C26F71DB4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{3F99AC85-E135-4084-A74F-245E0B8D7A66}C:\spiele\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\repair.exe |
"UDP Query User{5D25F1B9-4DC7-4C24-821E-C88F0D13ED16}C:\spiele\cnc4\data\cnc4.game" = protocol=17 | dir=in | app=c:\spiele\cnc4\data\cnc4.game |
"UDP Query User{80746C14-879B-4CA6-9D17-18D5DF4E6EE3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8DFA14F1-DD7E-4E6C-A0AE-2EA55ACF49E6}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{8F2C81FE-55A0-4835-A864-37E8DF9BCE67}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe |
"UDP Query User{A36AE038-7046-4A74-ACEA-64732D8EFEDC}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe |
"UDP Query User{A67991F4-A9C5-4590-B58E-3E52A3A73968}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C0ABA020-EA92-446D-A43F-6E295534CB28}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{D9B7B04A-F785-4CA9-8C93-34BA52353AA4}C:\spiele\aoe2 kings\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe |
"UDP Query User{DCCCE2C4-AACD-4D62-BB50-5D11425FE76E}C:\d)\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe |
"UDP Query User{DE208A4C-2D46-4921-8193-9FDAAC997644}C:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii\war3.exe |
"UDP Query User{E2EEEB30-963D-4D91-BD44-387F24D2E3F7}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{EA4334F1-EDA5-4FCF-B06D-A61BBBC271FA}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5CC68528-24FF-4DF8-91C9-AF540F98505A}" = Sony Ericsson Drivers
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B192E1BB-98A4-4369-9271-96117A57F546}" = Sony Ericsson PC Suite
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"dlanconf" = devolo dLAN-Konfigurationsassistent
"Download Manager" = Download Manager 2.3.7
"DPP" = Canon Utilities Digital Photo Professional 3.8
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"EOS Utility" = Canon Utilities EOS Utility
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MyFreeCodec" = MyFreeCodec
"Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè._is1" = Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè.
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RealPlayer 6.0" = RealPlayer
"Red Alert" = Red Alert Windows 95
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VKMusic 4_is1" = VKMusic 4
"VLC media player" = VLC media player 1.1.7
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
Geändert von gutenmorgan (10.08.2011 um 18:13 Uhr) Grund: darstellung war nicht als code |
|
11.08.2011, 22:53
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA Scareware Was wurde da entfernt? Offensichtlich benötigst du ja kein OTLPE!
__________________Zitat:
__________________ |
|
12.08.2011, 16:50
| #3 |
| | BKA Scareware das wusste ich nicht, das adminrechte wichtig sind. es war einfach so dass der bka virus bei meinem hauptprofil kam, wo ich admin bin, und habe dann umgelogt auf standard benutzer und da war der virus nicht, ich konnte also wengistens im internet nach ner lösung suchen, weshalb ich dann hier gelandet bin und otl gedownloadet habe.
__________________beim 2. start, hat avira antivir personal dann diese "jashla" datei gefunden und in quarantäne gesteckt. ich kann also mein admin profil wieder nutzen. trotzdem schätze ich ist ein scan unerlässlich. ich mache diesen jetzt also nochmal mit adminrechten. schon mal danke im voraus! OTL.txt Code:
ATTFilter OTL logfile created on: 12.08.2011 17:44:29 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\juma\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 52,14% Memory free 11,43 Gb Paging File | 9,69 Gb Available in Paging File | 84,75% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 72,65 Gb Free Space | 15,60% Space Free | Partition Type: NTFS Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32 Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\vVX6000.exe (Microsoft Corporation ) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (SafeList) ========== MOD - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation ) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation) DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation) DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.) DRV - (PRISM_USB) -- C:\Windows\System32\drivers\PRISMUSB.sys (GlobespanVirata, Inc.) DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\juma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 16:37:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.23 16:37:44 | 000,000,000 | ---D | M] [2009.02.14 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Extensions [2011.08.12 17:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions [2009.12.23 12:09:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.03.09 02:28:36 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2009.05.30 01:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\moveplayer@movenetworks.com [2011.08.06 19:47:20 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml [2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml [2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml [2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml [2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml [2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml [2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml [2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif [2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src [2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml [2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [avupdate] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [Eraser] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Office XP\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.10 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.08.10 23:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.10 23:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.10 20:37:03 | 001,982,224 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe [2011.08.10 20:25:47 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.10 18:35:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe [2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4 [2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4 [2011.07.30 17:11:07 | 009,863,516 | ---- | C] ( ) -- C:\Users\juma\Desktop\VKMusic_4.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.12 16:59:26 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.12 16:59:26 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.12 16:59:26 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.12 16:59:26 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.12 16:53:49 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.08.12 16:53:48 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.08.12 16:53:30 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.12 16:53:30 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.12 16:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.12 16:53:20 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys [2011.08.11 23:23:49 | 000,109,056 | ---- | M] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.10 20:37:20 | 001,982,224 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe [2011.08.10 20:26:25 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.10 18:35:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe [2011.08.09 21:46:12 | 000,000,848 | ---- | M] () -- C:\Users\juma\Desktop\VKMusic 4.lnk [2011.08.04 20:51:50 | 000,458,422 | ---- | M] () -- C:\Users\juma\Desktop\Contract.jpg [2011.08.04 20:51:49 | 000,366,167 | ---- | M] () -- C:\Users\juma\Desktop\contract 2.jpg [2011.07.30 17:11:12 | 009,863,516 | ---- | M] ( ) -- C:\Users\juma\Desktop\VKMusic_4.exe [2011.07.21 20:52:08 | 000,921,624 | ---- | M] () -- C:\DC6810xp-001.raw [2011.07.15 13:01:23 | 000,264,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.09 21:46:12 | 000,000,848 | ---- | C] () -- C:\Users\juma\Desktop\VKMusic 4.lnk [2011.08.04 20:51:45 | 000,458,422 | ---- | C] () -- C:\Users\juma\Desktop\Contract.jpg [2011.08.04 20:51:45 | 000,366,167 | ---- | C] () -- C:\Users\juma\Desktop\contract 2.jpg [2011.04.22 14:00:52 | 000,000,092 | ---- | C] () -- C:\Users\juma\AppData\Local\fusioncache.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll [2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini [2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.24 00:18:36 | 000,109,056 | ---- | C] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI [2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI [2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini [2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI [2007.01.01 02:01:13 | 000,000,680 | ---- | C] () -- C:\Users\juma\AppData\Local\d3d9caps.dat [2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL [1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI [1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI [1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI [1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL [1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL ========== Files - Unicode (All) ========== [2011.08.02 20:38:37 | 000,536,910 | ---- | M] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg [2011.08.02 20:38:36 | 000,501,039 | ---- | M] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg [2011.08.02 20:38:22 | 000,536,910 | ---- | C] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg [2011.08.02 20:38:22 | 000,501,039 | ---- | C] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 12.08.2011 17:44:29 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\juma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 52,14% Memory free
11,43 Gb Paging File | 9,69 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 72,65 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DBB7867-A899-4A39-AC5D-D3CACBE0CEAB}" = lport=17520 | protocol=6 | dir=in | name=mubox12 |
"{4A187491-A5AF-467A-AA8E-9A43423E2EC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA045F37-067C-4AEB-B3E3-6BCCDBE1D13F}" = lport=17520 | protocol=17 | dir=in | name=mubox11 |
"{F56D9D9A-527F-4ABB-96EA-AD8D9EE52E76}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B5C5B-3047-42A9-A630-4DD034B328AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00559B89-735E-4FC9-870E-9385740C7AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{005B37CF-53BD-465C-A517-C8543EBA4A8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{029C677C-7D18-4399-999F-7A5EC3DB3829}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02AE4505-AD32-4BC9-A6FA-493AF443E4A1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{03A557C7-06DB-4DC8-8DC7-3F8DA99583CA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0501F28D-BC74-4CFA-B060-53E342273D45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05131434-5FAF-4461-A0F2-CFC75F302495}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05659D87-63F2-49DE-8A6B-4C6EE294C323}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05D9DC1C-FB8A-445E-8C07-C5C7EACD149B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06339B3C-1417-44CA-8A43-C726F49CFEEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{072D7A48-7BDE-43D8-974A-7600F76EDEB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08D3BB8D-9FC6-449D-9F55-99FBDD4BE2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A993350-A07F-403B-B4E0-4C6F1221AC7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B8B3430-7CBB-49C8-9DBD-DA40FBF5F5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BE05B04-D00E-4F89-B033-830667A3E09C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C1D98B8-717F-47B6-9598-6E2EBCEEFE7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C84075D-9BAF-4663-8460-AAFF4B46A28C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E684D5E-71B0-4900-94D1-4419BC63BC07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10077AC1-B407-4417-8879-200CC40B06FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{103EB0CB-7650-4A94-84AC-94AC08EA770F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10EC98BC-7736-4A7F-91D5-70D9B1AD2E97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1117BED4-51B7-4273-94FF-A78AC350DF4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1264C8C2-B49A-4BD6-8432-641968D04CA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12D24E6A-EDE6-48A7-9930-1DEF75C36F22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12E5F683-8AA9-4705-B92C-25D2328D658A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{13076F4E-4B5F-40A3-A278-7519512CCF1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{134435C1-6212-4978-9269-2747FAD54082}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{138921ED-A620-44DC-9AA2-6DFDD589DE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13E99B7F-FA66-40CE-92F7-196DE81229AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14AB23E6-485C-4863-B9DA-93134E31DC6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |
"{14D77BA4-4A3D-435C-9C80-344AECA5A038}" = protocol=6 | dir=in | app=c:\spiele\battlefield 2\bf2.exe |
"{153C470C-D4A6-4A47-BE87-929840073CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15941C9C-01C3-4B86-8D67-A01B9DD6EF0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15FE61B0-EA88-4D91-B342-CD9042B72110}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{178E7D6F-B823-40DE-BEC6-3DCCBEF664F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17C94D14-4356-41CF-B4D5-8CE7A38CA60D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17E849A4-0494-4753-A0CB-634EE4EE5FBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19346D50-9598-4DA0-B8FF-299FACDF9BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19CE2D91-48F7-4E15-8C1F-9790776D1FAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19FB4B0F-264E-4EE5-AA93-E76B3CFEE389}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BB78FF3-EC62-4CF4-A88A-44CAC3B84447}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C5176D7-A7D9-4BA7-A1BE-A95061369DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DF2E80B-B9AB-4965-AC81-F21E7000143C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EDBF42D-C036-413F-8D7B-2F2738C48AE7}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx.exe |
"{1F6635FE-D548-4A4E-9AC9-2244FDF6681D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FB2695F-5D0D-41F0-8EEB-651F8D75E96F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{201AB2D0-42B6-4FF1-AE1F-8320226AF966}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20AEF45B-3209-424E-917D-5061B3DE6338}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{229B2156-F644-4A9D-80AD-3B603458D93D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{235CEBDD-675D-463B-9C22-28A44C86DFD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{252D6767-9B53-4006-AB04-8B1458CB902F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{258CC967-E240-4070-B056-A973522FC721}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27F6EB0F-CC53-43CF-AEB8-1981544D0855}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{283A07B8-19A1-4125-BFB3-7C375CC66618}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{283E9404-1519-496A-AF8E-59EF2438B753}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28F5CD87-28F3-46F5-8228-1E3B95B000A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{290B5E01-3501-4246-A7D0-6B8FB527A9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29FB2327-7C21-4589-B966-5CB65DB7B386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A0070C9-B502-41E1-A79B-4D15A9A8DE8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A976822-73D6-4861-94B1-857E254DE103}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AFF5B9B-0C74-4B3B-BA80-66E6CCAE6CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C3A3DEA-BE16-4CB4-AF54-A4689F6B8B43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C5C7A24-9E95-4983-90E5-1164A454444F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD8F032-2C62-45AC-9477-0B964D522287}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D7AC443-F9B9-4E0D-A9E1-3F76787C47FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2D891BEE-A1BB-43B4-8D12-0675E9881D62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DD2099F-939B-48F2-AD08-AECD8A02764B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E105ECA-33F0-4DC6-A320-9072FB3597FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F872074-DB11-4515-A069-8BB74FFC7D65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F91FCA5-028D-4DF5-92BA-5DCEF8A0DBFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{303CCA1A-1354-4564-B29F-1BECE69DA593}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30D73AAC-B031-4512-A6F2-6B3054242B82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32DE05E7-6198-4825-80A0-2A638B2D8BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3364A205-A82B-48A7-AD18-7D4A7D2D4319}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33791EF8-1164-460F-9F97-00682E65EDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34820175-C66F-4AFD-B818-D5B4D740BEBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35425D1E-E405-49E2-84BC-676A0FE9EF07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3634015C-C76A-4423-88A3-F923E6774948}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3642DED7-AB59-4700-A1DE-E42DA04CC853}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{36F0A7CF-C49C-4C2E-9DED-6BBBC79CD306}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{376FA0C2-A5B9-4D0A-96EB-33781120793E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3979A064-71F4-481E-835E-D85912600E67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39945DC4-EB1C-491C-BE01-9A8B7BFBF085}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A5CDD4B-81D2-4CF8-9113-E1E39E3F02E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A6E7D0D-7D17-47AE-AB71-5EE1CCF273C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B147A5E-4A63-4228-A86F-9A57FD9EC888}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BF0B062-D60F-4B57-8C19-4C592998CABF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C24207B-1137-40CC-851E-F4FC0E372CEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C7F1F0C-C73B-43F2-B146-DE98B2CCC823}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DE3AA84-09BF-47A7-8E0A-03D77F5FAB39}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E65FC37-9AC2-48C3-91C3-511FA733AD19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EA2A545-F8EC-478A-A578-F04D2FB1A05C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDB7703-5244-421C-BD73-06816A1AE294}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDD8611-2CEC-4024-9628-7D1F28191A9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FFF3001-B430-436B-B7AD-F92FDFBFF9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{402ABC1A-9C9B-4911-B8EA-3ABF09419BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{406D8FCA-F87B-4D64-9719-26917BB43BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40888520-4B57-4B91-BDC0-39CEE4F766D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42E72ED4-DEF8-4629-ABDD-6B2BDE1E6C7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43D53421-1FB2-43E8-94CA-0719E0F6819D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43F6A7CC-BC64-40CB-9944-310F6FECF942}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4403D093-D215-4217-8E4A-973FB21C59FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{460D9734-F17A-4E5C-A593-26A1AC35BB8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47E5BC90-A7AC-420F-91B6-AA58C05C0E4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48031CC0-B7E9-401E-ACE0-A7070D12CE9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4848BF49-5787-43AC-BAF7-336E8E0A0EDA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4869EB28-480F-45F0-8ABF-6514E46FE51B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48B5E9CE-37B2-4A19-A356-65A77C5E2EA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A784CBD-5EBC-4912-BD3E-E1ADE299B855}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C255F38-8B7B-47E3-834C-2A1E420E5743}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C3495DE-10CE-40B2-9141-BC08CED0ADC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C50447E-393F-4D79-BD85-D46A07F66B20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D2D5EA6-E3C0-44EC-8804-298AB9F30407}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D36EB29-4437-4490-9ABD-1CB4BA0DBCF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E427D73-F9D2-472B-A53E-C4ED1D1D5108}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51069E51-BEBD-422E-ADA1-BE6FEB7BC66E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{52B5F2C1-BE1F-4D7F-9D14-4F6BC749F657}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52C58F34-B6E8-4DC9-833B-746EBEC11BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54BA2EFD-BE19-4931-AFD4-ED082C1B511D}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{5667D35D-62E6-4992-ADB8-1DE4ECDC31BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{568D8FE6-7D4C-4824-8840-1D5CC3F6101F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56985AD9-9B4F-476B-88BA-42C4D07DD765}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{575962A8-7C1C-4B39-AB18-4787C25FDA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5786F3DD-2CFE-48F2-8F1F-6EACB0787689}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57C172C9-3335-438D-A734-B7C391BD82AD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{5A35D46C-46A2-4510-93D3-E65348D01A84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A41EB62-3BC2-4BCF-87DD-C172EE5663B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A9900A1-6C4A-487E-B6FA-4C05074308DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BB900A0-7BA1-400A-90FC-D21B2DDD200A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CAD0062-6E74-4A5B-B7E2-A8BA5452F15C}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |
"{5CB5239D-746A-45EE-BC7F-D1CD40B353BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CEA002E-6EFE-44B1-AD0D-BC63D56966E8}" = protocol=17 | dir=in | app=c:\spiele\battlefield 2\bf2.exe |
"{5D6BB1C1-E7B0-4B63-AACB-063D45251192}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D6D9ECF-9F09-4E5B-9047-A28E69FAA4E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DAB97D2-D372-45B1-BEA6-DB2C0052E7A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DB3106E-A543-4953-9E7F-001FEA8DF0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F6F6B06-F9C7-4C9F-BAA9-866784572D5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FE82E57-655D-4965-A8DE-6A1BEF09DEE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6034525D-8258-4C07-AF2B-7555D2824AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{608F3FE1-DEDF-4EEA-9DE1-4A299A3D7DDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60D147FD-0A2D-47A2-8635-6ABFA3FB2D65}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{611550F6-49C2-4D69-9CBF-95621B165B36}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{61B2B502-3744-4107-B2ED-E449A42CBB2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61CCBDD7-5BEB-474A-AA78-178BF1603AD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62616035-54FA-4D1C-BD54-E8C836EAE7E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{626BC1C1-D80C-4522-85E6-63DA077EAD68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62995E76-0410-487C-994D-8E75D852760F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63546320-54EC-4917-B005-A4112D64C656}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63F9332B-F4FA-49B1-9812-C295BB8460E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{641069E8-EA32-4996-A19A-1963FB8CF106}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{641E7369-38AD-4F2E-BE10-51B3B9A2621E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64794995-0F4F-44E5-B658-FC6E6AC77EA3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{65009C96-CC27-4F25-A60B-493312010A08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{650905B1-BECF-45A9-8D08-AF0C203510A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{655703B7-6CC4-475F-952A-7FE38A13B45B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6578D47F-63FB-4183-8AFE-10EEC3F6415C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659B9298-1917-401F-9CFE-D8F19FA00C6E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{65EB4B60-7DFA-4297-BC74-F21A58A9FA23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67CC644A-B729-4185-8D8B-71AC1B3D60F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67EA87AB-6624-48CF-9114-FA8922D38881}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6807868F-741B-4D2B-9F6A-E134688A29C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{697F4646-6D51-4B7A-BC39-85EAEC82C4FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{698CAE38-7AA5-4F95-9758-97D2A38AEC11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B5EB699-62AE-41A0-B27B-12B102502C71}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6BB98054-B9C1-4C4E-B7EA-9C0C5BD62E97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C5A55E2-7780-41D9-9DD9-D3C5EE7AEEA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D3FE7AD-0E7B-42F4-B990-CE5EEAC2771D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DE9C2DB-5617-4031-8823-46B87C2474AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E384561-9ED9-4BFE-B424-C1B9F806CC99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E6C01E1-1DDA-4AAE-9280-266FAD2F2843}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ED3EA61-E482-46D2-96A9-99C5C278CED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F48722E-70B0-4E07-85E5-9078C9353E38}" = protocol=6 | dir=in | app=c:\spiele\hellgate london\launcher.exe |
"{71267531-CC76-46F6-9E1E-F3CB3FD01CB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71BE1229-271B-4C7A-88F0-18607A1C1831}" = protocol=17 | dir=in | app=c:\spiele\battlefield2\bf2.exe |
"{726F7D41-0B5B-4A90-A236-444DEBA7E6B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7356DD5D-7A17-4B11-B834-E0A50042E7C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73C9942C-DF2C-4346-99FA-D317491AA55F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7449441F-2BDC-4186-8FCA-C2D4975ADA58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7450214B-7329-4B08-AF56-3D27A10951E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{746D1BBA-9C40-4837-91B3-419B8CA342F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{749937F1-F683-4D97-AD88-D0ACB1396D30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{762DF4FA-24CE-4615-8686-E2884DF9C991}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76443D58-6765-4942-B83F-791296274D65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{773EF4C5-9924-4685-AF2E-F35FFC4A6C2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{775E276F-4F23-475D-8F57-15791C9F21B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{789643F0-7DC2-4769-9800-D445D2114A2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78D95B16-99EE-47F7-A589-C93AD3745B64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79642FE2-79B7-488E-B24B-85BB32DF5876}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79A3D9D1-DFA9-443D-BC35-799C74D02214}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79BFC7BD-62B9-48F8-958A-592102276D96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AB46C2A-D39E-449A-A2DE-75022CCB4D06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BA1E7DB-1DE7-41A3-A2DF-2472072A23E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C0F32AD-21BA-4FBD-8EAD-941C68E94F57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C582E0C-9426-4934-B34C-9351586BBBE0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7C8F2F7A-0843-4704-9B5A-AA77380CDFDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EE2FE00-205F-423A-93A9-17C5FF62AB74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F9096AD-2D37-48DF-AEF1-B36F63B8D875}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB3D2D1-5C0D-4F29-BB8A-BFF3E6D2617B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FD14BD8-3C92-4F4F-8D3B-0C4488C714B2}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx.exe |
"{7FDD23AE-CF9C-4BFE-8ABB-8B0A59BFBC40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81702DAF-4AC8-4B94-9960-AA940240D4EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81B3E062-EFD9-4C9B-A178-C85349940296}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82B1ABE5-005F-4EEB-B858-42FC1BAD52E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8423D59E-5F84-4C56-B2BE-6AFBFEA50603}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{844DB633-B170-4403-8065-CF30CC435F02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85292C34-92C9-47DF-99C3-2A40866E09A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{855CE4B5-7DA3-43CE-B437-8BF7A095568D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{87FBF237-039B-4288-A77E-044179479EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88D757FA-FBC2-4C34-B83A-489673B164FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8966DF41-D067-4566-A997-89254A33D2D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89C5E18F-BE2C-4EF8-AC7E-E5F925C5EAB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A74504E-3164-4695-B93F-5182636D8E11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BCBB827-0E19-47E2-A363-EC607FFAC7FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BE9B14D-525D-4D0F-B31B-E8ED6E113734}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C1FED89-807F-49C9-AB37-5B012818D7D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D91F950-4B80-4AA2-A96E-9C0392B28244}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DE658E4-CE1D-4480-80C9-55A2AA5FCE91}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{8DF0E03A-ECC8-4E09-9DE7-C71715176623}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E935FD9-E72C-47D9-B8C4-5EEC7B6943E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FA325BF-891E-4827-B545-A7F0A21B9B6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FD85A37-F67C-4C43-981F-2873EAA1A393}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90EAF9CE-F9BB-448B-B79C-7C25804CC930}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90F20418-A20B-4ECA-9286-5DCE4834C2EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{911CE052-1296-4037-905E-196226A493A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91FEEAC5-B3EB-463D-99CF-B40CC7AC5875}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{9275DF02-0BE2-4E05-A7E4-3439469C5AA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9297FEFE-3C7C-4C51-BF5E-2E719805CB17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92BD6311-6C0D-4CF2-B32B-83625C32EA9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9434D2B7-9A6C-48E4-952B-C2A7EE014777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{946D1D22-30B3-4FA9-9669-034B96F78A0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9494797B-507E-4E64-92E8-1CC71A276C56}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{94F3B9F6-CDFC-4354-BC24-5BACE8040D68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{956778E5-F1C8-4E54-B640-ED1A910F215C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96173EB9-1430-468C-917A-25D594DF6418}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96567423-77FB-490A-B35E-E8E9C99F83C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96F00460-4D67-470B-B8B5-E485FA22730E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9851D700-F6E1-4A7B-A940-B70DC7B316DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FF368D-3962-4924-92F3-95D2592B2120}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9987A999-0E0E-4A36-A09F-C565E3E2AFA0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{99D17913-DEC8-43CC-B25D-BDD698D9BC9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A1504BA-D58B-4561-A089-E610157D6CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A96444E-FD4F-4385-9413-A087F7E7B1BD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9C132163-30D2-4B67-BB93-AAE53B6750CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CECAFCD-1543-4C02-8EC4-B8B0394127F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CFB9101-E6E3-458B-877B-A6B5075026A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D1767A7-E1B8-4405-82DB-866F2C2CCC66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D9E1D34-7417-4F60-8412-4E61A55583BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DD0573E-DB37-4E04-9A85-1B3ED3CA8F15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F355307-6E1D-4F73-9E59-ECE1CAB89FE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FC56592-56F7-4AF7-A80F-3EFE4A63F938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A06020E9-C9BC-48FD-A204-5348707F10E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A24278AC-C20A-4F18-B90C-509DDD03EDBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A26D6C5D-B63C-4EC0-A0E0-E6759B7A322E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2EDB997-557B-4429-AD5C-248778184266}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2FFB3D8-F2C7-40C5-89E2-A58C556EB4E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A432A592-ED44-44D3-9440-BBC7B83CA8BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5683135-BABC-477B-84A1-2CF321C25AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6D93C16-5976-4F95-A8B5-6A32D65F00F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A760F7C2-A845-4836-9D56-92DFFA4AC4ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A7C428A2-3160-4DF2-BBA1-2AB2FD45FBEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9B07034-0AE4-49CB-B2A5-C70D19BED1B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA637E72-4806-4351-94ED-89D9B74F7694}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AACE98C9-1F1A-4BE8-9609-9D56E6CE7D84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAD65875-2D64-4471-A269-C7893CE4C716}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACC3D864-7ACB-4825-B0EE-B8D5EF5456FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD38D988-57E6-49E1-A1E2-15A48CE8D27F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADE09D17-FC4A-4BF4-AB38-C5F11E62EE18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2CC558E-5EF7-45BC-806C-F5D1FA7759F5}" = protocol=17 | dir=in | app=c:\spiele\hellgate london\launcher.exe |
"{B344C6DF-43FC-4066-A2A1-C1F8911ACB40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3FF359F-487B-4ED9-BECD-6B0CFA60F5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B427DC65-B149-4B84-BE57-488D32B2AC3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B475798D-8952-4095-A3AF-6716A74EFC92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4F8C158-4706-476D-A22C-8433166E3DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5133D3B-DF45-4DB9-90FE-0C297E2488B3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B51F2910-5E55-46AF-9D6E-DE63D7A9A62F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5562BD9-2200-461A-87C2-97FB058FD082}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B5F6A7FB-7819-4716-B1FF-DE575A643F62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B61017AF-9DDF-42D1-B389-921980B73A45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B62B0C5C-050F-4A30-9B48-E063BE52A0DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6748994-8A43-458D-BAC6-2A76D3ECF637}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8CBA12C-258F-4FD7-908D-A9676656B9B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8E9E8C3-3548-4454-9992-10F9B4D847D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B945ABD3-F601-43B1-A3BF-C231359959B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B94FEB95-3BEB-4080-8A7B-417B5F49FD98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BAB61AB0-35E5-454B-AA83-78DB6DA497B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB590BC1-3FAF-407C-81C2-D93D7DB520DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB724666-BE74-4975-8417-8C8482EEA48C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC93961D-DCB1-456C-9BCE-CCD38715BF55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDBFD2DB-D5E1-43F3-8A8E-BFB96396C386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDEBB466-D436-4AA1-9017-F280EB34EDE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDED2D8F-1F29-4518-B311-5E3F4F37E3AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF203B47-7DA1-4C4B-8545-67DD1EFD3AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF56364D-5F5C-4C38-82CD-76F49F9A35E7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C147F518-9912-457F-BFB3-584B162C9BFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C17167D7-72AD-4D42-B386-FB346882B137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2B750E6-63B0-4D65-91EA-3517FD01A019}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2E8E0A5-AD0E-4D25-B9B3-8A7691ED880F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C50CE0DF-4B53-4F09-8CF8-46B8BFC2DA0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6352DAB-D506-4B9B-875A-E37FD6556651}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6446197-4542-4712-A8D0-287CE293E162}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe |
"{C70510F0-B5CA-49FA-8735-651A254EE53A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C74CEC14-B83E-4640-A9EA-18D323564BE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBEC7E09-6595-4329-BE33-B123C0FB072D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC4433E7-F808-418D-BCFA-2828E1E44ADE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC57ED92-DD00-4F4F-9B04-F0FB033CF976}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC757D75-6D33-482C-A40B-0F7DCA17B5D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC86C210-7631-49C0-AA3D-089283A40099}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD4BF6F9-DE3A-42B4-BF66-04DE3EC52DA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD64BEE1-ED1A-4A4B-87EF-8A73AC8EDD29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF96E47F-3780-4A31-B4DE-322B351B2A5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D148D604-22A4-453C-9337-049255BC3D33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3015268-E542-4AB5-BD38-EAD5F5C88CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3E1E130-B25A-4098-84E9-C9C696858C18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D43AD609-FB35-45F1-9BF2-534D42D79177}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D46C2C90-FA02-4F32-B86F-4778491D38B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5628C2D-57F1-450C-BA4E-05B513610B1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D760E3B1-91B8-460D-8407-328148B3EFDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D82B1409-6690-4F14-A844-285F17E52A86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D830E364-F8FD-477A-B9D5-294817341CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D83ABEC8-B15F-491C-9A75-1D231F275A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8797E7D-46F9-4EE5-A685-98CA124457B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA235F73-3DF5-4747-80AA-A6DFAAD989BE}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{DA38A0C0-E684-47C8-862D-9C4C4D5A94FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB152747-19E7-4956-B2C7-3660CBF6C63B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB165415-B26B-4190-8865-84C1934446A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC225148-4A00-4EC5-9F92-FFD533ECC5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC2C67BE-8762-4D7A-BA78-B9DF3404439D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC6B7AD9-34FF-45C3-B67C-C68F8C6A38E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC7DBE5B-B5C7-4D33-8084-A2B8C49B02C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD463BB1-3B61-4660-B805-B256B08A87F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE122E86-16A4-4428-A007-E2718AF11458}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEBB9287-671B-41FC-9EA6-523AC4C9CC0B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DF34B54C-FA4A-4154-BC04-A3203988439C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFFA0E2B-A780-48C6-91B4-BCC0840ECE57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0335049-6C66-4777-B23A-B862F2868807}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1DA5CA2-9408-4FBE-B38E-7558A8E87AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4538B0F-FB48-40DF-9A29-0EC5E32F8D4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4DFA4AD-483F-4FE4-94D4-D11E819DF2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5829D77-E080-4EF9-A497-3EDD025E6A8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E61744E0-97E9-4923-A0FE-6BF56E6C69D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6B89C9B-8260-4607-B589-2528D1F05EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6FAA65C-D1C8-4458-811E-B0D844DA021B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7F10DC4-90BF-495A-BD5D-A747E7013013}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E88E2F9D-EE41-429F-A7D8-C64EDEB66CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9E151E9-AB4F-466A-9BF3-567ECC94500F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA70EA62-A7DD-4108-9B3A-6E5791C9C3B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC21A141-91D7-447C-AFDE-5972EFE15737}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED0B973A-9748-460F-B665-CA263C3C431B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED8A4257-5770-436D-8ED5-00675A534A15}" = protocol=6 | dir=in | app=c:\spiele\battlefield2\bf2.exe |
"{EDD87CFE-0399-49E5-A50C-D46F0F885D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDEB9B1A-D26D-499E-9B32-83BDD72A9872}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3852A3-27E4-421C-8704-7AF4D80BAE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE3AE5E2-0E74-42A4-9417-18F13D59ACF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEBC6C6D-7CE1-4E10-BC37-E1FBA6A55663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF2B9B12-A987-4A67-AA41-EB1C98204E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F08A5A63-AE6F-44E4-B919-BFA469DB7741}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F154C081-222F-4F18-B0C3-DAA2A07AE735}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F207EF09-E628-485D-88A2-71D2E867985F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3AE77E0-6E35-4171-9BCB-98DA9A058B48}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{F3B7EFB8-BB1A-4463-85AC-13EE53C9C3A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F440FBD0-1FA2-47E8-976A-7F145C8C8B6E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F452C321-E555-4058-8DD5-DD4EE2F10152}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6348E3A-606D-4F0D-A815-8FF7394D1D09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F674F7C9-D16C-45F6-A1AF-0D99D077B198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7B72E7C-71AA-46A7-BB15-97BF6A40A7E7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F833C534-B5BD-452C-9FC8-19FD81BF655E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F846DAE9-8177-4AC6-95FA-891A59A9CBF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD8840CD-B0B2-40C1-A93A-D3694D0C43A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDBCA210-A1CD-4D94-8D3E-F08834C6DE79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDC661AE-798D-4E70-B9AC-BA3CE2E9946E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF1E9516-A2A6-452B-86A6-7CCE1FBEF099}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF5539C6-7652-43C9-8E46-72C3DE937A9D}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe |
"TCP Query User{0FDC54C3-2D05-45A8-A838-049209227863}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe |
"TCP Query User{245541FB-981C-41FD-8226-97844CC4BC39}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=6 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe |
"TCP Query User{2F153825-4A10-46AC-B741-CFBE2917D150}C:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii\war3.exe |
"TCP Query User{309BC946-2486-4945-B1F0-B524AA01B69B}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe |
"TCP Query User{53AF4A54-46E8-4642-8F1E-8E6CEBC85BB5}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe |
"TCP Query User{5F85C172-8865-434E-91CC-A6BB5CE8EC8A}C:\spiele\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\repair.exe |
"TCP Query User{689E4F99-ABBF-4FB2-AF2C-E1F36A97302D}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe |
"TCP Query User{7BAD17EE-759A-4F1E-B53B-CE9F6058E060}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{8D89BAA1-8F07-4A83-B7F2-8A1C2BB30556}C:\spiele\aoe2 kings\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe |
"TCP Query User{97FC0374-FF43-4042-B34F-8B7E96DAAF18}C:\spiele\cnc 4\data\rts-final.exe" = protocol=6 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe |
"TCP Query User{9AC33C66-D760-4383-9F2F-C71CAA019AB2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9B602ECB-D420-4DB9-97A6-2645386AD4B1}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{A571EDA3-4B81-4E1D-B799-BAD96B606418}C:\d)\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe |
"TCP Query User{BCAE8201-8BD9-46EF-8CDA-A234243A1883}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{BCB3564E-5563-4833-820F-CCAAEC93D7D3}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe |
"TCP Query User{BD1B1463-7DCC-44B3-BA06-AE404BE3C634}C:\kav\kis7.0\german\setup.exe" = protocol=6 | dir=in | app=c:\kav\kis7.0\german\setup.exe |
"TCP Query User{C572B728-BF01-43FC-94AE-0F714FB2DAAD}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{C57FCC0C-A874-4B6B-91A4-765025E11283}C:\spiele\cnc4\data\cnc4.game" = protocol=6 | dir=in | app=c:\spiele\cnc4\data\cnc4.game |
"TCP Query User{D693C640-8B70-4051-8BC3-58E1B8297B60}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{0225931A-C5D9-479C-B750-999BA301E1DF}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe |
"UDP Query User{099AC4AC-832B-41F9-BD4F-D962CC3AF522}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=17 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe |
"UDP Query User{12AD07E3-BA42-40C7-A2BF-D917FC935E5E}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe |
"UDP Query User{22973E21-E778-4363-98CD-8605E937B33D}C:\kav\kis7.0\german\setup.exe" = protocol=17 | dir=in | app=c:\kav\kis7.0\german\setup.exe |
"UDP Query User{3266FDA8-EC61-4DB7-B895-22CA1C25C961}C:\spiele\cnc 4\data\rts-final.exe" = protocol=17 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe |
"UDP Query User{3A05E879-42B2-4DCE-9D41-F52C26F71DB4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{3F99AC85-E135-4084-A74F-245E0B8D7A66}C:\spiele\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\repair.exe |
"UDP Query User{5D25F1B9-4DC7-4C24-821E-C88F0D13ED16}C:\spiele\cnc4\data\cnc4.game" = protocol=17 | dir=in | app=c:\spiele\cnc4\data\cnc4.game |
"UDP Query User{80746C14-879B-4CA6-9D17-18D5DF4E6EE3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8DFA14F1-DD7E-4E6C-A0AE-2EA55ACF49E6}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{8F2C81FE-55A0-4835-A864-37E8DF9BCE67}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe |
"UDP Query User{A36AE038-7046-4A74-ACEA-64732D8EFEDC}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe |
"UDP Query User{A67991F4-A9C5-4590-B58E-3E52A3A73968}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C0ABA020-EA92-446D-A43F-6E295534CB28}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{D9B7B04A-F785-4CA9-8C93-34BA52353AA4}C:\spiele\aoe2 kings\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe |
"UDP Query User{DCCCE2C4-AACD-4D62-BB50-5D11425FE76E}C:\d)\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe |
"UDP Query User{DE208A4C-2D46-4921-8193-9FDAAC997644}C:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii\war3.exe |
"UDP Query User{E2EEEB30-963D-4D91-BD44-387F24D2E3F7}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{EA4334F1-EDA5-4FCF-B06D-A61BBBC271FA}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5CC68528-24FF-4DF8-91C9-AF540F98505A}" = Sony Ericsson Drivers
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B192E1BB-98A4-4369-9271-96117A57F546}" = Sony Ericsson PC Suite
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"Download Manager" = Download Manager 2.3.7
"DPP" = Canon Utilities Digital Photo Professional 3.8
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"EOS Utility" = Canon Utilities EOS Utility
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MyFreeCodec" = MyFreeCodec
"Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè._is1" = Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè.
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RealPlayer 6.0" = RealPlayer
"Red Alert" = Red Alert Windows 95
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VKMusic 4_is1" = VKMusic 4
"VLC media player" = VLC media player 1.1.7
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2011 12:02:39 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:02:40 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:05:14 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:05:15 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:05:16 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:05:16 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:05:18 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:05:18 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:06:42 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2011 12:06:42 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 10.08.2011 16:34:06 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 10.08.2011 16:40:05 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 10.08.2011 16:46:28 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 10.08.2011 16:52:55 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 10.08.2011 16:58:33 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 10.08.2011 17:04:46 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 10.08.2011 17:10:20 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 11.08.2011 11:35:16 | Computer Name = juma-PC | Source = HTTP | ID = 15016
Description =
Error - 11.08.2011 18:07:30 | Computer Name = juma-PC | Source = Service Control Manager | ID = 7016
Description =
Error - 12.08.2011 10:53:28 | Computer Name = juma-PC | Source = HTTP | ID = 15016
Description =
< End of report >
|
|
12.08.2011, 19:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Scareware Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.08.2011, 14:57
| #5 |
| | BKA Scareware hier der mbam log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7454
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
13.08.2011 15:48:15
mbam-log-2011-08-13 (15-48-15).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 380511
Laufzeit: 1 Stunde(n), 3 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\F)\zeug für spiele\updates\patches, updates\x2update\handelssoftwaremk3de.exe (Virus.Kate) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
|
|
15.08.2011, 10:56
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA ScarewareZitat:
__________________ --> BKA Scareware |
|
16.08.2011, 16:31
| #7 |
| | BKA Scareware weiß ich gar nicht mehr, da es aber durchaus nen inoffizielles update sein kann, habe ich es schon mal gelöscht. |
|
16.08.2011, 18:37
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Scareware Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.08.2011, 17:54
| #9 |
| | BKA Scareware sry das ich den log erst jetzt postet. hier der eset log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=470901c393db6a4097c703276f68bb68
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-21 04:48:54
# local_time=2011-08-21 06:48:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 250227 89450736 64706 0
# compatibility_mode=5892 16776573 100 100 164503 151468157 0 0
# compatibility_mode=8192 67108863 100 0 674 674 0 0
# scanned=232694
# found=2
# cleaned=0
# scan_time=9918
C:\F)\Zeug für Spiele\EMULATOR\neogeo\neogeo.ace a variant of Win32/Packed.PECrypt32.A application (unable to clean) 00000000000000000000000000000000 I
D:\sicherung usb stick\emulator\ds\No_gba_2.6a\myZoomSoft.exe probably a variant of Win32/Agent.CLDLOFD trojan (unable to clean) 00000000000000000000000000000000 I
|
|
21.08.2011, 18:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Scareware CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.08.2011, 21:23
| #11 |
| | BKA Scareware nochmal danke für die vielen mühen. hier der otl log: Code:
ATTFilter OTL logfile created on: 22.08.2011 22:04:59 - Run 3 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\juma\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 64,51% Memory free 11,44 Gb Paging File | 10,25 Gb Available in Paging File | 89,64% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 70,65 Gb Free Space | 15,17% Space Free | Partition Type: NTFS Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32 Drive K: | 232,88 Gb Total Space | 18,30 Gb Free Space | 7,86% Space Free | Partition Type: NTFS Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\vVX6000.exe (Microsoft Corporation ) PRC - C:\Programme\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Users\juma\AppData\Local\Temp\CmdLineExt02.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Framework\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Framework.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Interfaces\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Interfaces.dll () MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2009 Advanced\ContextHandler.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation ) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation) DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation) DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.) DRV - (PRISM_USB) -- C:\Windows\System32\drivers\PRISMUSB.sys (GlobespanVirata, Inc.) DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\juma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 17:37:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.18 17:37:15 | 000,000,000 | ---D | M] [2009.02.14 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Extensions [2011.08.22 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions [2009.12.23 12:09:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.03.09 02:28:36 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2009.05.30 01:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\moveplayer@movenetworks.com [2011.08.21 16:03:49 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml [2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml [2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml [2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml [2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml [2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml [2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml [2011.08.18 17:37:30 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml [2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif [2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src [2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml [2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [avupdate] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [Eraser] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Office XP\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: 4E3E0230AEBB4E96 - hkey= - key= - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.22 21:59:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe [2011.08.21 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.18 17:39:27 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Local\Solid State Networks [2011.08.14 18:11:15 | 000,000,000 | ---D | C] -- C:\Users\juma\Desktop\COMI [2011.08.13 21:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airline Tycoon Evolution [2011.08.13 14:35:49 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Roaming\Malwarebytes [2011.08.13 14:35:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.13 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.13 14:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.13 14:35:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.13 14:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.10 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.08.10 23:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.10 23:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.10 20:37:03 | 001,982,224 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe [2011.08.10 20:25:47 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4 [2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4 [2011.07.30 17:11:07 | 009,863,516 | ---- | C] ( ) -- C:\Users\juma\Desktop\VKMusic_4.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.22 21:59:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe [2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.22 21:21:03 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.22 21:21:03 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.22 21:21:03 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.22 21:21:03 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.08.22 17:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.22 17:21:23 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys [2011.08.21 20:26:23 | 000,131,584 | ---- | M] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.17 22:26:45 | 002,143,922 | ---- | M] () -- C:\Users\juma\Desktop\DSC07936.JPG [2011.08.17 22:26:44 | 002,058,952 | ---- | M] () -- C:\Users\juma\Desktop\DSC07938.JPG [2011.08.17 22:26:42 | 002,016,710 | ---- | M] () -- C:\Users\juma\Desktop\DSC07939.JPG [2011.08.13 21:15:25 | 000,001,367 | ---- | M] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk [2011.08.13 14:35:37 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.10 20:37:20 | 001,982,224 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe [2011.08.10 20:26:25 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.09 21:46:12 | 000,000,848 | ---- | M] () -- C:\Users\juma\Desktop\VKMusic 4.lnk [2011.07.30 17:11:12 | 009,863,516 | ---- | M] ( ) -- C:\Users\juma\Desktop\VKMusic_4.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.17 22:25:09 | 002,143,922 | ---- | C] () -- C:\Users\juma\Desktop\DSC07936.JPG [2011.08.17 22:25:09 | 002,058,952 | ---- | C] () -- C:\Users\juma\Desktop\DSC07938.JPG [2011.08.17 22:25:09 | 002,016,710 | ---- | C] () -- C:\Users\juma\Desktop\DSC07939.JPG [2011.08.13 21:15:25 | 000,001,367 | ---- | C] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk [2011.08.13 14:35:37 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.09 21:46:12 | 000,000,848 | ---- | C] () -- C:\Users\juma\Desktop\VKMusic 4.lnk [2011.04.22 14:00:52 | 000,000,092 | ---- | C] () -- C:\Users\juma\AppData\Local\fusioncache.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll [2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini [2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.24 00:18:36 | 000,131,584 | ---- | C] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI [2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI [2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini [2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI [2007.01.01 02:01:13 | 000,000,680 | ---- | C] () -- C:\Users\juma\AppData\Local\d3d9caps.dat [2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL [1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI [1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI [1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI [1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL [1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL ========== LOP Check ========== [2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon [2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 [2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta [2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools [2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast [2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog [2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ [2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech [2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World [2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 [2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta [2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars [2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca [2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client [2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle [2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft [2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity [2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent [2011.08.22 00:11:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.19 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Adobe [2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon [2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 [2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta [2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools [2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast [2010.08.09 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DivX [2011.02.15 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\dvdcss [2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog [2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ [2007.01.01 02:01:16 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Identities [2008.09.19 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\IGN_DLM [2007.01.01 02:11:18 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\InstallShield [2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech [2008.01.18 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Macromedia [2011.08.13 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Media Center Programs [2011.08.10 23:16:48 | 000,000,000 | --SD | M] -- C:\Users\juma\AppData\Roaming\Microsoft [2009.05.30 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Move Networks [2011.04.23 01:10:56 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Mozilla [2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World [2009.12.22 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Real [2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 [2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta [2008.09.19 21:50:24 | 000,000,000 | RH-D | M] -- C:\Users\juma\AppData\Roaming\SecuROM [2011.08.22 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Skype [2011.08.22 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\skypePM [2008.09.18 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Sony Ericsson [2011.02.05 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\teamspeak2 [2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars [2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca [2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client [2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle [2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft [2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity [2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent [2011.08.14 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\vlc [2011.08.10 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Winamp [2008.08.07 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.04 16:50:23 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\juma\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2009.05.30 01:19:47 | 000,034,062 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Move Networks\ie_bin\Uninst.exe [2010.02.21 16:14:51 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.03.28 15:39:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.10\setup.exe [2011.01.26 13:59:14 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.13\setup.exe [2011.08.17 17:28:49 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.16 13:42:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.04.10 13:12:58 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Files - Unicode (All) ========== [2011.08.02 20:38:37 | 000,536,910 | ---- | M] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg [2011.08.02 20:38:36 | 000,501,039 | ---- | M] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg [2011.08.02 20:38:22 | 000,536,910 | ---- | C] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg [2011.08.02 20:38:22 | 000,501,039 | ---- | C] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg < End of report > |
|
23.08.2011, 09:39
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Scareware Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
[2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.21 16:03:49 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml
[2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml
[2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml
[2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml
[2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml
[2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml
[2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml
[2011.08.18 17:37:30 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml
[2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif
[2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src
[2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [Eraser] File not found
O4 - HKCU..\Run: [ICQ] File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.08.2011, 19:58
| #13 |
| | BKA Scareware schuldigung, hatte das posten vergessen... ich dachte der custom scan/fix entfernt was, aber war ja doch ein scan... hier der otl log: Code:
ATTFilter OTL logfile created on: 22.08.2011 22:04:59 - Run 3 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\juma\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 64,51% Memory free 11,44 Gb Paging File | 10,25 Gb Available in Paging File | 89,64% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 70,65 Gb Free Space | 15,17% Space Free | Partition Type: NTFS Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32 Drive K: | 232,88 Gb Total Space | 18,30 Gb Free Space | 7,86% Space Free | Partition Type: NTFS Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\vVX6000.exe (Microsoft Corporation ) PRC - C:\Programme\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Users\juma\AppData\Local\Temp\CmdLineExt02.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Framework\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Framework.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Interfaces\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Interfaces.dll () MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2009 Advanced\ContextHandler.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation ) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation) DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation) DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.) DRV - (PRISM_USB) -- C:\Windows\System32\drivers\PRISMUSB.sys (GlobespanVirata, Inc.) DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\juma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 17:37:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.18 17:37:15 | 000,000,000 | ---D | M] [2009.02.14 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Extensions [2011.08.22 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions [2009.12.23 12:09:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.03.09 02:28:36 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2009.05.30 01:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\moveplayer@movenetworks.com [2011.08.21 16:03:49 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml [2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml [2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml [2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml [2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml [2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml [2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml [2011.08.18 17:37:30 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml [2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif [2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src [2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml [2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [avupdate] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [Eraser] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Office XP\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: 4E3E0230AEBB4E96 - hkey= - key= - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.22 21:59:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe [2011.08.21 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.18 17:39:27 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Local\Solid State Networks [2011.08.14 18:11:15 | 000,000,000 | ---D | C] -- C:\Users\juma\Desktop\COMI [2011.08.13 21:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airline Tycoon Evolution [2011.08.13 14:35:49 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Roaming\Malwarebytes [2011.08.13 14:35:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.13 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.13 14:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.13 14:35:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.13 14:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.10 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.08.10 23:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.10 23:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.10 20:37:03 | 001,982,224 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe [2011.08.10 20:25:47 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4 [2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4 [2011.07.30 17:11:07 | 009,863,516 | ---- | C] ( ) -- C:\Users\juma\Desktop\VKMusic_4.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.22 21:59:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe [2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.22 21:21:03 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.22 21:21:03 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.22 21:21:03 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.22 21:21:03 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.08.22 17:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.22 17:21:23 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys [2011.08.21 20:26:23 | 000,131,584 | ---- | M] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.17 22:26:45 | 002,143,922 | ---- | M] () -- C:\Users\juma\Desktop\DSC07936.JPG [2011.08.17 22:26:44 | 002,058,952 | ---- | M] () -- C:\Users\juma\Desktop\DSC07938.JPG [2011.08.17 22:26:42 | 002,016,710 | ---- | M] () -- C:\Users\juma\Desktop\DSC07939.JPG [2011.08.13 21:15:25 | 000,001,367 | ---- | M] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk [2011.08.13 14:35:37 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.10 20:37:20 | 001,982,224 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe [2011.08.10 20:26:25 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.09 21:46:12 | 000,000,848 | ---- | M] () -- C:\Users\juma\Desktop\VKMusic 4.lnk [2011.07.30 17:11:12 | 009,863,516 | ---- | M] ( ) -- C:\Users\juma\Desktop\VKMusic_4.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.17 22:25:09 | 002,143,922 | ---- | C] () -- C:\Users\juma\Desktop\DSC07936.JPG [2011.08.17 22:25:09 | 002,058,952 | ---- | C] () -- C:\Users\juma\Desktop\DSC07938.JPG [2011.08.17 22:25:09 | 002,016,710 | ---- | C] () -- C:\Users\juma\Desktop\DSC07939.JPG [2011.08.13 21:15:25 | 000,001,367 | ---- | C] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk [2011.08.13 14:35:37 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.09 21:46:12 | 000,000,848 | ---- | C] () -- C:\Users\juma\Desktop\VKMusic 4.lnk [2011.04.22 14:00:52 | 000,000,092 | ---- | C] () -- C:\Users\juma\AppData\Local\fusioncache.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll [2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini [2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.24 00:18:36 | 000,131,584 | ---- | C] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI [2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI [2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini [2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI [2007.01.01 02:01:13 | 000,000,680 | ---- | C] () -- C:\Users\juma\AppData\Local\d3d9caps.dat [2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL [1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI [1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI [1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI [1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL [1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL ========== LOP Check ========== [2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon [2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 [2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta [2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools [2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast [2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog [2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ [2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech [2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World [2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 [2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta [2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars [2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca [2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client [2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle [2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft [2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity [2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent [2011.08.22 00:11:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.19 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Adobe [2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon [2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 [2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta [2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools [2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast [2010.08.09 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DivX [2011.02.15 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\dvdcss [2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog [2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ [2007.01.01 02:01:16 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Identities [2008.09.19 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\IGN_DLM [2007.01.01 02:11:18 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\InstallShield [2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech [2008.01.18 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Macromedia [2011.08.13 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Media Center Programs [2011.08.10 23:16:48 | 000,000,000 | --SD | M] -- C:\Users\juma\AppData\Roaming\Microsoft [2009.05.30 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Move Networks [2011.04.23 01:10:56 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Mozilla [2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World [2009.12.22 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Real [2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 [2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta [2008.09.19 21:50:24 | 000,000,000 | RH-D | M] -- C:\Users\juma\AppData\Roaming\SecuROM [2011.08.22 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Skype [2011.08.22 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\skypePM [2008.09.18 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Sony Ericsson [2011.02.05 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\teamspeak2 [2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars [2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca [2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client [2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle [2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft [2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity [2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent [2011.08.14 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\vlc [2011.08.10 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Winamp [2008.08.07 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.04 16:50:23 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\juma\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2009.05.30 01:19:47 | 000,034,062 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Move Networks\ie_bin\Uninst.exe [2010.02.21 16:14:51 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.03.28 15:39:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.10\setup.exe [2011.01.26 13:59:14 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.13\setup.exe [2011.08.17 17:28:49 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.16 13:42:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.04.10 13:12:58 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Files - Unicode (All) ========== [2011.08.02 20:38:37 | 000,536,910 | ---- | M] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg [2011.08.02 20:38:36 | 000,501,039 | ---- | M] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg [2011.08.02 20:38:22 | 000,536,910 | ---- | C] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg [2011.08.02 20:38:22 | 000,501,039 | ---- | C] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg < End of report > |
|
29.08.2011, 20:30
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Scareware Nö, du hast meine Anweisung falsch befolgt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2011, 17:42
| #15 |
| | BKA Scareware da hatte ich irgendwie nicht aufgepasst... hier aber nun die richtige logdatei: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "LEO Eng-Deu" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Programme\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Eraser deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\igndlm.exe deleted successfully.
C:\Programme\Download Manager\DLM.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ not found.
File D:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ not found.
File D:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f865b1da-25a0-11dd-9024-001a4d55213b}\ not found.
File G:\setupSNK.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.5 log created on 09012011_183710
|
|
| Themen zu BKA Scareware |
| 0x00000001, antivir, autorun, avira, bho, converter, error, firefox, flash player, home, install.exe, kaspersky, kis, logfile, mozilla, mp3, msvcrt, object, plug-in, problem, rarsfx0, realtek, registry, rundll, security, shell32.dll, shortcut, software, start menu, svchost.exe, teamspeak, usb, vista |
Textbox.
.
Linear-Darstellung
