|
Log-Analyse und Auswertung: Windows wurde aus Sicherheitsgründen blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.12.2011, 05:58 | #1 |
| Windows wurde aus Sicherheitsgründen blockiert hallo liebes trojaner board team, auch ich habe mir dieses virus eingefangen, der das system "abschaltet". Es kommt nur die meldung, dass windows blockiert wurde und ich 50 eur per paypal bezahlen soll und irgendwas downloaden soll. im abgescherten modus habe ich mit Malwarebytes gescannt und die funde geloescht, dann neustart. laueft gerade wieder alles normal. (so wie es scheint.) wie schoen, dass sowas immer kurz vor abgabe terminen von hausarbeiten passiert.. grgrgr.. anbei der otl log file und der Malwarebytes logfile. vorab schon mal vielen dank fuer eure hilfe! OTL logfile created on: 12.12.2011 05:53:17 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Seba\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 55,13% Memory free 4,10 Gb Paging File | 3,09 Gb Available in Paging File | 75,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,04 Gb Total Space | 16,33 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Drive D: | 337,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SEBASRECHNER | User Name: Seba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Seba\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Seba\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe () MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_net_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_core_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_adv_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_html_vc.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0409&m=e525 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {14245918-F442-4E68-BF00-8F0A0BEC18C0}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{14245918-F442-4E68-BF00-8F0A0BEC18C0}: C:\Users\Seba\AppData\Local\{14245918-F442-4E68-BF00-8F0A0BEC18C0} FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 12:47:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.25 20:53:39 | 000,000,000 | ---D | M] [2009.06.13 19:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seba\AppData\Roaming\Mozilla\Extensions [2009.06.13 19:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seba\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011.11.02 12:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions [2010.11.07 22:17:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.28 20:18:24 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.02 12:06:59 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions\foxyproxy-basic@eric.h.jung [2010.05.26 21:21:53 | 000,002,055 | ---- | M] () -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\searchplugins\daemon-search.xml [2011.12.07 09:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\searchplugins\icqplugin.xml [2011.11.09 12:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.02.13 19:07:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\USERS\SEBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y0WRG1VM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.09 12:47:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006.09.26 10:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.11.09 12:47:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.09 12:47:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.09 12:47:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.09 12:47:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.09 12:47:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.09 12:47:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.03 19:05:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Seba\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55CED7BB-9F79-4238-B407-6C57EA4E2374}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C625BCC-AAF1-484C-9357-3BEDC1A9CAA5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Seba\Desktop\Bilder\Brasilien\100OLYMP\PC060378.JPG O24 - Desktop BackupWallPaper: C:\Users\Seba\Desktop\Bilder\Brasilien\100OLYMP\PC060378.JPG O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1997.08.15 12:17:24 | 000,147,980 | R--- | M] () - D:\AUTORUN.BMP -- [ CDFS ] O32 - AutoRun File - [1997.08.15 11:53:38 | 000,128,512 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [1997.07.14 15:40:24 | 000,000,044 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.12 05:40:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Seba\Desktop\OTL.exe [2011.12.12 04:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.12 04:31:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.03 17:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2011.12.03 17:58:13 | 000,311,296 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2011.12.03 17:58:11 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL [2011.12.03 17:58:11 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PICCLP32.OCX [2011.12.03 17:58:10 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomctl.ocx [2011.12.03 17:58:10 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX [2011.12.03 17:58:10 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL [2011.12.03 17:58:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL [2011.12.03 17:58:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCCLPFR.DLL [2011.12.03 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\Seba\AppData\Roaming\FreeFLVConverter [2011.12.03 17:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2011.11.23 09:47:55 | 000,000,000 | ---D | C] -- C:\Users\Seba\Desktop\los angeles [2011.11.21 13:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011.12.12 05:46:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.12 05:46:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.12 05:40:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Seba\Desktop\OTL.exe [2011.12.12 05:39:17 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.12 05:39:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.12 05:39:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.12 05:39:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.12 05:38:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.12 05:38:28 | 2074,066,944 | -HS- | M] () -- C:\hiberfil.sys [2011.12.12 04:31:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.12 03:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.11 17:29:25 | 001,848,035 | ---- | M] () -- C:\Users\Seba\Documents\LA_praese.odp_43.odp [2011.12.07 14:59:25 | 183,867,698 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.03 18:13:54 | 000,154,624 | ---- | M] () -- C:\Users\Seba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.03 18:05:19 | 011,526,999 | ---- | M] () -- C:\Users\Seba\Desktop\Discover Los Angeles - A Visual Tour.wmv [2011.12.03 17:58:15 | 000,000,876 | ---- | M] () -- C:\Users\Seba\Desktop\Free FLV Converter.lnk [2011.12.02 00:46:00 | 000,062,398 | ---- | M] () -- C:\Users\Seba\Desktop\uae.jpeg [2011.11.21 13:39:39 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.20 04:56:13 | 000,000,680 | ---- | M] () -- C:\Users\Seba\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2011.12.12 05:38:28 | 2074,066,944 | -HS- | C] () -- C:\hiberfil.sys [2011.12.12 04:31:16 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.12 04:11:14 | 001,848,035 | ---- | C] () -- C:\Users\Seba\Documents\LA_praese.odp_43.odp [2011.12.03 18:04:39 | 011,526,999 | ---- | C] () -- C:\Users\Seba\Desktop\Discover Los Angeles - A Visual Tour.wmv [2011.12.03 17:58:15 | 000,000,876 | ---- | C] () -- C:\Users\Seba\Desktop\Free FLV Converter.lnk [2011.12.03 17:58:11 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2011.12.03 17:58:11 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2011.12.03 17:58:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2011.12.02 00:45:56 | 000,062,398 | ---- | C] () -- C:\Users\Seba\Desktop\uae.jpeg [2011.11.21 13:39:39 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.10.07 13:32:59 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2011.04.03 20:02:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.03 20:02:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.03 20:02:31 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.03 20:02:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.03 20:02:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2009.09.26 22:20:57 | 000,029,239 | ---- | C] () -- C:\Users\Seba\AppData\Roaming\UserTile.png [2009.08.28 22:26:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.08.21 19:43:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.08.03 12:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 12:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.16 20:48:22 | 000,000,680 | ---- | C] () -- C:\Users\Seba\AppData\Local\d3d9caps.dat [2009.06.23 16:07:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2009.06.15 11:35:45 | 000,000,591 | ---- | C] () -- C:\Windows\WININIT.INI [2009.06.14 22:05:31 | 000,154,624 | ---- | C] () -- C:\Users\Seba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.13 17:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.04.03 10:32:43 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.04.03 10:32:43 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.04.03 10:32:43 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe [2009.04.03 10:32:43 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.02.27 04:50:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.02.27 04:50:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.02.27 04:50:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.02.27 04:50:49 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.02.27 03:47:45 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.27 03:47:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.27 03:08:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll [2009.02.27 03:08:20 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 000,328,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.07.27 13:44:59 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Amazon [2010.04.28 10:16:45 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.05.26 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\DAEMON Tools Lite [2010.10.28 20:22:58 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.22 14:27:51 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\elsterformular [2011.12.03 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\FreeFLVConverter [2010.01.10 12:48:03 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\gtk-2.0 [2009.06.15 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\InterVideo [2011.09.20 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\IrfanView [2010.10.27 19:16:38 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\LimeWire [2009.07.08 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Ludia [2010.03.23 15:31:30 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\OpenOffice.org [2011.04.02 20:51:33 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Opera [2009.09.26 22:20:57 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\PeerNetworking [2010.09.12 17:00:44 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\PlayFirst [2011.02.23 19:05:21 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\temp [2009.08.18 13:46:09 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Windows Live Writer [2009.09.05 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Zylom [2011.12.12 04:05:02 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9DB67071 < End of report > OTL Extras logfile created on: 12.12.2011 05:53:17 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Seba\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 55,13% Memory free 4,10 Gb Paging File | 3,09 Gb Available in Paging File | 75,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,04 Gb Total Space | 16,33 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Drive D: | 337,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SEBASRECHNER | User Name: Seba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-495979994-2319577649-2858353153-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D99BB12-E994-42FC-BA99-15BB7F1CB89D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{13080EE3-0D57-4F4C-8F80-CBDA537C521C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4BD71F80-2A0D-442E-A3BF-CD96DD7B3D91}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{50DC3F1A-882F-4C1B-8B4F-53065DB41C3F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{62EB9D4B-F156-4B2A-BD50-B4A2C3655014}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D026367-2AFC-4856-9C7A-3A5C955D95E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8C07DC5C-3F07-42D6-96F0-CBAA343A5349}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98CFFFCF-09E8-49B7-8FC8-06D366BF3D52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C80CB0C3-1266-471B-A934-41426F21D124}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E64D1BBC-1B1F-4C66-8139-EE5B9EF92AA5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{015276F5-02CB-4D48-99D3-A84C8CC74019}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{02CE53CE-7271-4AA8-88B5-A31B32B3D870}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{032D02B6-58C3-4F84-95BB-E9D4D1D0D5E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{03A62079-E252-4678-BF50-828420EF5A81}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{07C73719-8916-4E29-912B-493339AEBC81}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{09E630F3-761F-483A-8E93-C47F4BC82A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0BD9A760-025B-4BD6-9C97-397DEFA23838}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0FED3314-E0A3-407D-8844-85972D847146}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{11EADF23-983A-434A-9C8B-194BFD640148}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{151191C8-03F2-423F-AF62-F8E40485A8BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1637774B-408B-48DA-99BA-0EEABC5F4F55}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{165C6654-38C4-4F9D-A623-74B0A13DCE98}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{16963BA4-F0CA-4269-86B2-2B8404CEF683}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2084663C-ABE5-40CB-A773-523EE63202D0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{2145213F-D2C9-4B68-B012-6A9D1335FF08}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2BBDAD00-C107-4061-AA96-54F718AA9F3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2CD5B34F-0EEF-47C8-91DF-8E4EFE5361A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{30AA86DA-6486-4B15-930F-370A5ADC34B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{313959C2-3164-428B-9C41-4AE9DF82FC0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33D4AE89-4C13-47B0-A25A-AA9DF1A3E22D}" = dir=in | app=c:\program files\itunes\itunes.exe | "{39A5021D-C477-4F0F-8EF7-097276F5B6D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3B9C44FA-6091-4BAF-B2D8-69B889350DF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E11158A-4C5F-438F-AC37-9C52D982FA72}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{3E3B84C1-2BEA-4C04-8527-DCB3CB4E9AD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{440D00E2-E878-4D91-8C47-FFA5AF1F1738}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{46BCC4C6-FBD0-44EF-B727-B76F414225BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{498A6C11-29F8-4CF5-934B-0714279A0CCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A36B304-916F-4407-8CF6-3C19909DDF14}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{4B579B6A-18E2-4AE9-9EC6-7AD892FA6CC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5375FDD4-3176-40B9-97AE-4E931698D4B4}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{549C69D9-C5AC-435E-899D-2352C4100A2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{57BCB136-D843-410A-8290-CE4E902ACA4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5BC6DBCC-E7DB-4765-92FF-F92F123AA394}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{5C3DC91D-C2E4-4CE1-B108-8770A46DE43E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6751393F-36B6-4C14-928E-A023C3860443}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6B51D8F2-9E0D-4FFA-B883-A9F8A55DC0F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D70393A-5916-4644-958C-DD1C38DAAFBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6F927DB1-9734-45CC-A362-390F90C35553}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{71BFF597-89AB-44BB-BB89-77C7CF202A64}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{784651A4-3C17-4A00-874D-920692E08DDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{79794FC6-05C4-4DC2-A292-370436B4A21E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7B97CA54-7748-4E1E-A6E1-EADAD6787CA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8AB26480-303E-4852-BCCC-739E639614B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8CEEE876-1E91-478B-849F-3EB4B9595A81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8F05251B-B03F-4A95-AF75-8494EEC83E85}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{92659E8A-B748-400B-8009-4665FECAF721}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{940CDD25-865F-423C-84F6-7AB3EE7DD1E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9884C77F-AEA7-4E8B-AF62-1CA87FD24BCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{991EE91C-6DBD-4129-B4DD-9673384C0443}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9B142EE9-4A73-486B-ACF7-EA896C80E765}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9CA4E6DD-E9C2-48C0-9C30-D7C34711DF7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A2031DB4-F81A-452F-84B7-85EF2912B30B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A4708CFF-C5FC-437E-BE33-E380F4B2EE48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A52F5D22-2A80-4C0C-9DA0-17FC95DDC1C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A8A13401-F07B-4958-9645-BD7BE240E153}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE7FEEA6-F72C-42EE-8F78-97116BD09A1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4ED32E8-8B02-4D66-BD9A-4EE84A75550A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BC0B06CD-17E2-454A-AD6A-5458AD08CB82}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BFC3117F-BCE4-4565-984A-D4E63F156170}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{C951C658-F047-445B-851C-018E5342E089}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CAE1FED8-1376-40B0-8064-9537153D0608}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CC2700DC-2238-4280-A231-A1C0B350CD9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CC9625F5-79BA-43AD-A734-951B03CBB410}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CCC41D59-9A7B-4C65-865F-6C78911BC1E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CD6774B8-EC55-49DC-8EDA-8A87119778EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CD82C5E2-2B7C-484B-BCFA-D7BA11EDBC62}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{D031869A-11C2-478C-933D-AB82C22FA2A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D0BC6089-291E-4FBD-B8BE-A771C59BA8BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D83046B5-639C-42D3-A215-C79562ACB651}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E2F8D46D-48F9-4C74-A8BA-DEEE07513E99}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E4DA464E-1F23-41AF-ABCE-CE8C9B81D604}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E5DA7D00-E9EE-42A5-ADBE-6802A1BFB35D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9113217-7B1D-4C22-B03A-C278BC07D34D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E92709FA-A6E2-4F79-9361-FE767839BA0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F4164543-053D-4771-BA3E-23E757BE7FC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F4752B10-7DDC-4F97-9013-93A1B9D43D9C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{FE4BC684-39CC-48A8-8FD6-D31A9DF6F7B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{0152E775-79BD-4EA2-935E-EB226E7EF861}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{0AF056F4-9E8F-457E-8912-5C1DAA16393E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{37D840EC-6F5A-4C23-8057-C88270C8CA2C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{607F4160-0005-42C5-8BD4-1963B2C19BC7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{6DE33D66-0D2D-40BD-9EBB-EE088E70469A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{71B09EA7-CEF1-4F1B-94D5-5BA0774A0697}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{8E8799A5-5CAF-4328-B3E7-CB7812E4F73F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{26D12258-6BDC-4DD8-BEE3-62D6B17BE297}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{393A7D7B-16C9-4C14-BEC8-B2203513C2AB}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{A25E615C-94A2-4F6B-8C53-906C98958BC9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{A32BA6DA-6E76-4814-BA44-863F42789004}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{C9B8B714-7992-416A-A368-F2B04FAFA9E4}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{E443D2AA-8365-44EE-94FE-3E851AEEBE66}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{EF59BC37-B949-4FDB-AF01-C90809B9BB62}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM "{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Beach Life_is1" = Beach Life "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender "eMachines Screensaver" = eMachines ScreenSaver "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free FLV Converter_is1" = Free FLV Converter V 7.2.0 "Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.9.25 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9 "Google Updater" = Google Updater "Governor of Poker1.0" = Governor of Poker "HDMI" = Intel(R) Graphics Media Accelerator Driver "Imperialismus" = Imperialismus "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "Opera 11.01.1190" = Opera 11.01 "ST6UNST #1" = Der Restaurant-Manager 1.5 Vollversion.de Edition "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.9 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8354 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 7.0.6001.18000 12.12.2011 05:37:13 mbam-log-2011-12-12 (05-37-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 359270 Laufzeit: 1 Stunde(n), 4 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{BAA8AC22-2031-11DE-9E75-806E6F6E6963} (Trojan.Agent) -> Value: {BAA8AC22-2031-11DE-9E75-806E6F6E6963} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\steganos safe oem\dllregister.exe (Adware.Agent.ZGen) -> No action taken. c:\Users\Seba\downloads\installer_x-vcd_player_1_4_deutsch_deutsch.exe (PUP.SmsPay.pns) -> No action taken. c:\Users\Seba\AppData\Local\temp\0.5137354853874749.exe (Exploit.Drop.2) -> No action taken. c:\Users\Seba\AppData\Roaming\microsoft\hostrun.exe (Trojan.Agent) -> No action taken. |
12.12.2011, 12:17 | #2 |
| Windows wurde aus Sicherheitsgründen blockiert achso, mir faellt gerade auf, dass man die files als code posten soll. deswegen hier nochmal:
__________________Code:
ATTFilter OTL logfile created on: 12.12.2011 05:53:17 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Seba\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 55,13% Memory free 4,10 Gb Paging File | 3,09 Gb Available in Paging File | 75,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,04 Gb Total Space | 16,33 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Drive D: | 337,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SEBASRECHNER | User Name: Seba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Seba\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Seba\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe () MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_net_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_core_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_adv_vc.dll () MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_html_vc.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0409&m=e525 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {14245918-F442-4E68-BF00-8F0A0BEC18C0}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{14245918-F442-4E68-BF00-8F0A0BEC18C0}: C:\Users\Seba\AppData\Local\{14245918-F442-4E68-BF00-8F0A0BEC18C0} FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 12:47:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.25 20:53:39 | 000,000,000 | ---D | M] [2009.06.13 19:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seba\AppData\Roaming\Mozilla\Extensions [2009.06.13 19:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seba\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011.11.02 12:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions [2010.11.07 22:17:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.28 20:18:24 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.02 12:06:59 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\extensions\foxyproxy-basic@eric.h.jung [2010.05.26 21:21:53 | 000,002,055 | ---- | M] () -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\searchplugins\daemon-search.xml [2011.12.07 09:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\searchplugins\icqplugin.xml [2011.11.09 12:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.02.13 19:07:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\USERS\SEBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y0WRG1VM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.09 12:47:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006.09.26 10:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.11.09 12:47:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.09 12:47:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.09 12:47:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.09 12:47:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.09 12:47:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.09 12:47:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.03 19:05:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Seba\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55CED7BB-9F79-4238-B407-6C57EA4E2374}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C625BCC-AAF1-484C-9357-3BEDC1A9CAA5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Seba\Desktop\Bilder\Brasilien\100OLYMP\PC060378.JPG O24 - Desktop BackupWallPaper: C:\Users\Seba\Desktop\Bilder\Brasilien\100OLYMP\PC060378.JPG O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1997.08.15 12:17:24 | 000,147,980 | R--- | M] () - D:\AUTORUN.BMP -- [ CDFS ] O32 - AutoRun File - [1997.08.15 11:53:38 | 000,128,512 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [1997.07.14 15:40:24 | 000,000,044 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.12 05:40:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Seba\Desktop\OTL.exe [2011.12.12 04:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.12 04:31:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.03 17:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2011.12.03 17:58:13 | 000,311,296 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2011.12.03 17:58:11 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL [2011.12.03 17:58:11 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PICCLP32.OCX [2011.12.03 17:58:10 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomctl.ocx [2011.12.03 17:58:10 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX [2011.12.03 17:58:10 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL [2011.12.03 17:58:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL [2011.12.03 17:58:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCCLPFR.DLL [2011.12.03 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\Seba\AppData\Roaming\FreeFLVConverter [2011.12.03 17:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2011.11.23 09:47:55 | 000,000,000 | ---D | C] -- C:\Users\Seba\Desktop\los angeles [2011.11.21 13:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011.12.12 05:46:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.12 05:46:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.12 05:40:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Seba\Desktop\OTL.exe [2011.12.12 05:39:17 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.12 05:39:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.12 05:39:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.12 05:39:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.12 05:38:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.12 05:38:28 | 2074,066,944 | -HS- | M] () -- C:\hiberfil.sys [2011.12.12 04:31:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.12 03:37:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.11 17:29:25 | 001,848,035 | ---- | M] () -- C:\Users\Seba\Documents\LA_praese.odp_43.odp [2011.12.07 14:59:25 | 183,867,698 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.03 18:13:54 | 000,154,624 | ---- | M] () -- C:\Users\Seba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.03 18:05:19 | 011,526,999 | ---- | M] () -- C:\Users\Seba\Desktop\Discover Los Angeles - A Visual Tour.wmv [2011.12.03 17:58:15 | 000,000,876 | ---- | M] () -- C:\Users\Seba\Desktop\Free FLV Converter.lnk [2011.12.02 00:46:00 | 000,062,398 | ---- | M] () -- C:\Users\Seba\Desktop\uae.jpeg [2011.11.21 13:39:39 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.20 04:56:13 | 000,000,680 | ---- | M] () -- C:\Users\Seba\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2011.12.12 05:38:28 | 2074,066,944 | -HS- | C] () -- C:\hiberfil.sys [2011.12.12 04:31:16 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.12 04:11:14 | 001,848,035 | ---- | C] () -- C:\Users\Seba\Documents\LA_praese.odp_43.odp [2011.12.03 18:04:39 | 011,526,999 | ---- | C] () -- C:\Users\Seba\Desktop\Discover Los Angeles - A Visual Tour.wmv [2011.12.03 17:58:15 | 000,000,876 | ---- | C] () -- C:\Users\Seba\Desktop\Free FLV Converter.lnk [2011.12.03 17:58:11 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2011.12.03 17:58:11 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2011.12.03 17:58:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2011.12.02 00:45:56 | 000,062,398 | ---- | C] () -- C:\Users\Seba\Desktop\uae.jpeg [2011.11.21 13:39:39 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.10.07 13:32:59 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2011.04.03 20:02:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.03 20:02:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.03 20:02:31 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.03 20:02:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.03 20:02:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2009.09.26 22:20:57 | 000,029,239 | ---- | C] () -- C:\Users\Seba\AppData\Roaming\UserTile.png [2009.08.28 22:26:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.08.21 19:43:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.08.03 12:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 12:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.16 20:48:22 | 000,000,680 | ---- | C] () -- C:\Users\Seba\AppData\Local\d3d9caps.dat [2009.06.23 16:07:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2009.06.15 11:35:45 | 000,000,591 | ---- | C] () -- C:\Windows\WININIT.INI [2009.06.14 22:05:31 | 000,154,624 | ---- | C] () -- C:\Users\Seba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.13 17:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.04.03 10:32:43 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.04.03 10:32:43 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.04.03 10:32:43 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe [2009.04.03 10:32:43 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.02.27 04:50:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.02.27 04:50:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.02.27 04:50:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.02.27 04:50:49 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.02.27 03:47:45 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.27 03:47:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.27 03:08:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll [2009.02.27 03:08:20 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 000,328,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.07.27 13:44:59 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Amazon [2010.04.28 10:16:45 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.05.26 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\DAEMON Tools Lite [2010.10.28 20:22:58 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.22 14:27:51 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\elsterformular [2011.12.03 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\FreeFLVConverter [2010.01.10 12:48:03 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\gtk-2.0 [2009.06.15 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\InterVideo [2011.09.20 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\IrfanView [2010.10.27 19:16:38 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\LimeWire [2009.07.08 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Ludia [2010.03.23 15:31:30 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\OpenOffice.org [2011.04.02 20:51:33 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Opera [2009.09.26 22:20:57 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\PeerNetworking [2010.09.12 17:00:44 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\PlayFirst [2011.02.23 19:05:21 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\temp [2009.08.18 13:46:09 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Windows Live Writer [2009.09.05 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\Seba\AppData\Roaming\Zylom [2011.12.12 04:05:02 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9DB67071 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.12.2011 05:53:17 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Seba\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 55,13% Memory free 4,10 Gb Paging File | 3,09 Gb Available in Paging File | 75,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,04 Gb Total Space | 16,33 Gb Free Space | 11,75% Space Free | Partition Type: NTFS Drive D: | 337,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SEBASRECHNER | User Name: Seba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-495979994-2319577649-2858353153-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0D99BB12-E994-42FC-BA99-15BB7F1CB89D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{13080EE3-0D57-4F4C-8F80-CBDA537C521C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4BD71F80-2A0D-442E-A3BF-CD96DD7B3D91}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{50DC3F1A-882F-4C1B-8B4F-53065DB41C3F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{62EB9D4B-F156-4B2A-BD50-B4A2C3655014}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D026367-2AFC-4856-9C7A-3A5C955D95E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8C07DC5C-3F07-42D6-96F0-CBAA343A5349}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98CFFFCF-09E8-49B7-8FC8-06D366BF3D52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C80CB0C3-1266-471B-A934-41426F21D124}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E64D1BBC-1B1F-4C66-8139-EE5B9EF92AA5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{015276F5-02CB-4D48-99D3-A84C8CC74019}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{02CE53CE-7271-4AA8-88B5-A31B32B3D870}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{032D02B6-58C3-4F84-95BB-E9D4D1D0D5E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{03A62079-E252-4678-BF50-828420EF5A81}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{07C73719-8916-4E29-912B-493339AEBC81}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{09E630F3-761F-483A-8E93-C47F4BC82A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0BD9A760-025B-4BD6-9C97-397DEFA23838}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0FED3314-E0A3-407D-8844-85972D847146}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{11EADF23-983A-434A-9C8B-194BFD640148}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{151191C8-03F2-423F-AF62-F8E40485A8BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1637774B-408B-48DA-99BA-0EEABC5F4F55}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{165C6654-38C4-4F9D-A623-74B0A13DCE98}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{16963BA4-F0CA-4269-86B2-2B8404CEF683}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2084663C-ABE5-40CB-A773-523EE63202D0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{2145213F-D2C9-4B68-B012-6A9D1335FF08}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2BBDAD00-C107-4061-AA96-54F718AA9F3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2CD5B34F-0EEF-47C8-91DF-8E4EFE5361A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{30AA86DA-6486-4B15-930F-370A5ADC34B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{313959C2-3164-428B-9C41-4AE9DF82FC0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{33D4AE89-4C13-47B0-A25A-AA9DF1A3E22D}" = dir=in | app=c:\program files\itunes\itunes.exe | "{39A5021D-C477-4F0F-8EF7-097276F5B6D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3B9C44FA-6091-4BAF-B2D8-69B889350DF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E11158A-4C5F-438F-AC37-9C52D982FA72}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{3E3B84C1-2BEA-4C04-8527-DCB3CB4E9AD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{440D00E2-E878-4D91-8C47-FFA5AF1F1738}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{46BCC4C6-FBD0-44EF-B727-B76F414225BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{498A6C11-29F8-4CF5-934B-0714279A0CCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A36B304-916F-4407-8CF6-3C19909DDF14}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{4B579B6A-18E2-4AE9-9EC6-7AD892FA6CC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5375FDD4-3176-40B9-97AE-4E931698D4B4}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{549C69D9-C5AC-435E-899D-2352C4100A2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{57BCB136-D843-410A-8290-CE4E902ACA4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5BC6DBCC-E7DB-4765-92FF-F92F123AA394}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{5C3DC91D-C2E4-4CE1-B108-8770A46DE43E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6751393F-36B6-4C14-928E-A023C3860443}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6B51D8F2-9E0D-4FFA-B883-A9F8A55DC0F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D70393A-5916-4644-958C-DD1C38DAAFBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6F927DB1-9734-45CC-A362-390F90C35553}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{71BFF597-89AB-44BB-BB89-77C7CF202A64}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{784651A4-3C17-4A00-874D-920692E08DDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{79794FC6-05C4-4DC2-A292-370436B4A21E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7B97CA54-7748-4E1E-A6E1-EADAD6787CA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8AB26480-303E-4852-BCCC-739E639614B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8CEEE876-1E91-478B-849F-3EB4B9595A81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8F05251B-B03F-4A95-AF75-8494EEC83E85}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{92659E8A-B748-400B-8009-4665FECAF721}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{940CDD25-865F-423C-84F6-7AB3EE7DD1E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9884C77F-AEA7-4E8B-AF62-1CA87FD24BCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{991EE91C-6DBD-4129-B4DD-9673384C0443}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9B142EE9-4A73-486B-ACF7-EA896C80E765}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9CA4E6DD-E9C2-48C0-9C30-D7C34711DF7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A2031DB4-F81A-452F-84B7-85EF2912B30B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A4708CFF-C5FC-437E-BE33-E380F4B2EE48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A52F5D22-2A80-4C0C-9DA0-17FC95DDC1C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A8A13401-F07B-4958-9645-BD7BE240E153}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE7FEEA6-F72C-42EE-8F78-97116BD09A1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4ED32E8-8B02-4D66-BD9A-4EE84A75550A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BC0B06CD-17E2-454A-AD6A-5458AD08CB82}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BFC3117F-BCE4-4565-984A-D4E63F156170}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{C951C658-F047-445B-851C-018E5342E089}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CAE1FED8-1376-40B0-8064-9537153D0608}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CC2700DC-2238-4280-A231-A1C0B350CD9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CC9625F5-79BA-43AD-A734-951B03CBB410}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CCC41D59-9A7B-4C65-865F-6C78911BC1E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CD6774B8-EC55-49DC-8EDA-8A87119778EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CD82C5E2-2B7C-484B-BCFA-D7BA11EDBC62}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{D031869A-11C2-478C-933D-AB82C22FA2A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D0BC6089-291E-4FBD-B8BE-A771C59BA8BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D83046B5-639C-42D3-A215-C79562ACB651}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E2F8D46D-48F9-4C74-A8BA-DEEE07513E99}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E4DA464E-1F23-41AF-ABCE-CE8C9B81D604}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E5DA7D00-E9EE-42A5-ADBE-6802A1BFB35D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9113217-7B1D-4C22-B03A-C278BC07D34D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E92709FA-A6E2-4F79-9361-FE767839BA0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F4164543-053D-4771-BA3E-23E757BE7FC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F4752B10-7DDC-4F97-9013-93A1B9D43D9C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{FE4BC684-39CC-48A8-8FD6-D31A9DF6F7B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{0152E775-79BD-4EA2-935E-EB226E7EF861}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{0AF056F4-9E8F-457E-8912-5C1DAA16393E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{37D840EC-6F5A-4C23-8057-C88270C8CA2C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{607F4160-0005-42C5-8BD4-1963B2C19BC7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{6DE33D66-0D2D-40BD-9EBB-EE088E70469A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{71B09EA7-CEF1-4F1B-94D5-5BA0774A0697}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{8E8799A5-5CAF-4328-B3E7-CB7812E4F73F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{26D12258-6BDC-4DD8-BEE3-62D6B17BE297}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{393A7D7B-16C9-4C14-BEC8-B2203513C2AB}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{A25E615C-94A2-4F6B-8C53-906C98958BC9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{A32BA6DA-6E76-4814-BA44-863F42789004}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{C9B8B714-7992-416A-A368-F2B04FAFA9E4}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{E443D2AA-8365-44EE-94FE-3E851AEEBE66}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{EF59BC37-B949-4FDB-AF01-C90809B9BB62}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM "{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Beach Life_is1" = Beach Life "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender "eMachines Screensaver" = eMachines ScreenSaver "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free FLV Converter_is1" = Free FLV Converter V 7.2.0 "Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.9.25 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9 "Google Updater" = Google Updater "Governor of Poker1.0" = Governor of Poker "HDMI" = Intel(R) Graphics Media Accelerator Driver "Imperialismus" = Imperialismus "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "Opera 11.01.1190" = Opera 11.01 "ST6UNST #1" = Der Restaurant-Manager 1.5 Vollversion.de Edition "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.9 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > und malwarebyte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8354 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 7.0.6001.18000 12.12.2011 05:37:13 mbam-log-2011-12-12 (05-37-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 359270 Laufzeit: 1 Stunde(n), 4 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{BAA8AC22-2031-11DE-9E75-806E6F6E6963} (Trojan.Agent) -> Value: {BAA8AC22-2031-11DE-9E75-806E6F6E6963} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\steganos safe oem\dllregister.exe (Adware.Agent.ZGen) -> No action taken. c:\Users\Seba\downloads\installer_x-vcd_player_1_4_deutsch_deutsch.exe (PUP.SmsPay.pns) -> No action taken. c:\Users\Seba\AppData\Local\temp\0.5137354853874749.exe (Exploit.Drop.2) -> No action taken. c:\Users\Seba\AppData\Roaming\microsoft\hostrun.exe (Trojan.Agent) -> No action taken. |
Themen zu Windows wurde aus Sicherheitsgründen blockiert |
adware.agent.zgen, alternate, antivir, avira, bho, blockiert, bonjour, converter, error, exploit.drop.2, firefox, flash player, google, google earth, home, launch, log file, mp3, neustart., nodrives, plug-in, popup, realtek, registry, sched.exe, security, svchost.exe, system, trojaner, trojaner board, usb 2.0, version=1.0, virus, vista, windows |