| |
| |||||||
Log-Analyse und Auswertung: 100 Euro Windows Security Center-VerzweiflungsscheisseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.02.2012, 18:37
| #1 |
| |  100 Euro Windows Security Center-Verzweiflungsscheisse Hallo, ich habe mir soeben ein Trojaner/Virus eingefangen. Während des Surfens poppte ein Fenster auf mit obigen Titel. Per Ukash soll ich 100€ via Ukash überweisen, da ich meine Windows Lizenz nicht gültig sei. Ich wäre euch dankbar, wenn Ihr mir in diese Misere helfen könntet. Hier meine OTL-Logfile: OTL logfile created on: 03.02.2012 18:24:13 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\S\Downloads Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 9,05 Gb Free Space | 12,99% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 23,65 Gb Free Space | 33,97% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: S1 Current User Name: S Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2012.02.03 18:23:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\S\Downloads\OTL.exe PRC - [2011.12.21 08:42:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2008.01.21 03:25:56 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (SafeList) ========== MOD - [2012.02.03 18:23:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\S\Downloads\OTL.exe MOD - [2008.01.21 03:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.03.29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.14 20:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.04.06 21:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008.04.04 02:03:14 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008.03.03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash) SRV - [2007.01.17 10:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.11.29 01:44:58 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2006.11.02 10:46:05 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\irmon.dll -- (Irmon) SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.04.14 09:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2006.04.14 09:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2006.04.14 09:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) ========== Driver Services (SafeList) ========== DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.12.08 20:04:55 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.06.13 03:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008.06.05 02:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008.05.21 03:01:00 | 002,143,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.15 19:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.04.08 19:46:02 | 000,043,736 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.04.06 03:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.28 12:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.02.01 08:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.01.31 02:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008.01.31 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:47 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.12.26 07:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.12.22 20:50:24 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 20:49:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2006.12.22 20:48:54 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006.11.30 15:14:22 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45unic.sys -- (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM) DRV - [2006.11.30 15:14:14 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45obex.sys -- (se45obex) DRV - [2006.11.30 15:14:10 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM) DRV - [2006.11.30 15:14:10 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45nd5.sys -- (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS) DRV - [2006.11.30 15:14:04 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdm.sys -- (se45mdm) DRV - [2006.11.30 15:14:04 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdfl.sys -- (se45mdfl) DRV - [2006.11.30 15:13:56 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.03 06:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006.06.19 23:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010.04.11 23:45:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.04.11 23:45:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 14:15:40 | 000,000,000 | ---D | M] [2012.01.01 13:54:54 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\mozilla\Extensions [2012.01.01 14:15:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [vasja] C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe (Orb Networks) O4 - Startup: C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{65852047-1d6f-11de-9da3-001d72cf2d4c}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\swfmgr.exe O33 - MountPoints2\{65852047-1d6f-11de-9da3-001d72cf2d4c}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\swfmgr.exe O33 - MountPoints2\{66df40f5-9f03-11e0-b4a4-001d72cf2d4c}\Shell - "" = AutoRun O33 - MountPoints2\{66df40f5-9f03-11e0-b4a4-001d72cf2d4c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{7c9fb2b5-4673-11df-bb1c-001d72cf2d4c}\Shell\AutoRun\command - "" = G:\svchost.exe -- File not found O33 - MountPoints2\{9b6acca6-3ec0-11de-a1d2-001d72cf2d4c}\Shell - "" = AutoRun O33 - MountPoints2\{9b6acca6-3ec0-11de-a1d2-001d72cf2d4c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.01 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Spanisch [2012.02.01 19:37:42 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Marketing [2012.02.01 19:36:40 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Finanzierung [2012.02.01 19:36:17 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Harlem Renaissance [2012.01.17 21:53:00 | 000,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL [2012.01.17 21:52:59 | 000,076,800 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBBZE.DLL [2012.01.17 21:52:59 | 000,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BBZE.DLL [2012.01.17 21:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2008.09.13 12:01:55 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\S\Desktop\*.tmp files -> C:\Users\S\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.03 18:21:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.03 18:20:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012.02.03 18:20:04 | 004,194,304 | -HS- | M] () -- C:\Users\S\ntuser.dat [2012.02.03 18:20:04 | 000,524,288 | -HS- | M] () -- C:\Users\S\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms [2012.02.03 18:20:04 | 000,065,536 | -HS- | M] () -- C:\Users\S\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf [2012.02.03 18:18:50 | 000,568,998 | -H-- | M] () -- C:\Users\S\AppData\Local\IconCache.db [2012.02.03 18:18:38 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2012.02.03 18:18:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.03 18:18:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.02 18:29:27 | 000,026,624 | ---- | M] () -- C:\Users\S\Desktop\Questionaire Sebastian.doc [2012.02.02 17:33:52 | 000,013,008 | ---- | M] () -- C:\Users\S\Desktop\Shopping in Freiburg.docx [2012.02.02 16:04:28 | 000,012,704 | ---- | M] () -- C:\Users\S\Desktop\Background and issue.docx [2012.02.01 19:23:01 | 000,036,452 | ---- | M] () -- C:\Users\S\Desktop\Bildende Kunst während der Harlem Renaissance.docx [2012.02.01 19:17:54 | 001,696,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012.02.01 19:17:54 | 000,724,144 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.01 19:17:54 | 000,675,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.01 19:17:54 | 000,166,992 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.01 19:17:54 | 000,135,510 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.01 17:00:42 | 209,755,137 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.30 08:49:26 | 000,000,162 | -H-- | M] () -- C:\Users\S\Desktop\~$sayLisaBaldischwiler.docx [2012.01.29 06:49:44 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.01.24 00:15:42 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.01.23 08:47:07 | 000,000,162 | -H-- | M] () -- C:\Users\S\Desktop\~$ldende Kunst während der Harlem Renaissance.docx [2012.01.17 20:58:53 | 004,704,223 | ---- | M] () -- C:\Users\S\Desktop\Philipp Poisel - Eiserner Steg (Klavier Version) - Offizielles Video.mp3 [2012.01.15 16:46:39 | 000,072,815 | ---- | M] () -- C:\Users\S\Desktop\259884_1852968013360_1515593326_31735813_2948712_n.jpg [2012.01.14 09:46:04 | 000,031,744 | ---- | M] () -- C:\Users\S\Desktop\Tolstoi_Kreutzersonate_Arbeitsblätter.doc [2012.01.14 09:45:42 | 000,177,152 | ---- | M] () -- C:\Users\S\Desktop\Steltner_Tolstoi.doc [2012.01.13 08:03:37 | 000,029,696 | ---- | M] () -- C:\Users\S\Desktop\Lebenslauf3.doc [2012.01.11 15:53:06 | 000,000,680 | ---- | M] () -- C:\Users\S\AppData\Local\d3d9caps.dat [2012.01.09 17:40:13 | 000,000,162 | -H-- | M] () -- C:\Users\S\Desktop\~$rketing.docx [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\S\Desktop\*.tmp files -> C:\Users\S\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.02 18:29:26 | 000,026,624 | ---- | C] () -- C:\Users\S\Desktop\Questionaire Sebastian.doc [2012.02.02 17:33:21 | 000,013,008 | ---- | C] () -- C:\Users\S\Desktop\Shopping in Freiburg.docx [2012.02.02 16:04:27 | 000,012,704 | ---- | C] () -- C:\Users\S\Desktop\Background and issue.docx [2012.01.30 08:49:26 | 000,000,162 | -H-- | C] () -- C:\Users\S\Desktop\~$sayLisaBaldischwiler.docx [2012.01.23 08:47:07 | 000,000,162 | -H-- | C] () -- C:\Users\S\Desktop\~$ldende Kunst während der Harlem Renaissance.docx [2012.01.18 17:49:01 | 000,036,452 | ---- | C] () -- C:\Users\S\Desktop\Bildende Kunst während der Harlem Renaissance.docx [2012.01.17 20:58:11 | 004,704,223 | ---- | C] () -- C:\Users\S\Desktop\Philipp Poisel - Eiserner Steg (Klavier Version) - Offizielles Video.mp3 [2012.01.15 16:46:35 | 000,072,815 | ---- | C] () -- C:\Users\S\Desktop\259884_1852968013360_1515593326_31735813_2948712_n.jpg [2012.01.14 09:46:03 | 000,031,744 | ---- | C] () -- C:\Users\S\Desktop\Tolstoi_Kreutzersonate_Arbeitsblätter.doc [2012.01.14 09:45:41 | 000,177,152 | ---- | C] () -- C:\Users\S\Desktop\Steltner_Tolstoi.doc [2012.01.13 08:03:35 | 000,029,696 | ---- | C] () -- C:\Users\S\Desktop\Lebenslauf3.doc [2012.01.09 17:40:13 | 000,000,162 | -H-- | C] () -- C:\Users\S\Desktop\~$rketing.docx [2011.02.13 20:40:04 | 000,600,142 | ---- | C] () -- C:\Users\S\AppData\Roaming\igxpgd32.dat [2010.05.06 17:11:20 | 000,000,680 | ---- | C] () -- C:\Users\S\AppData\Local\d3d9caps.dat [2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.01.28 01:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.10.28 16:40:44 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.28 16:40:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.05.30 00:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.30 00:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.05.06 16:31:27 | 000,219,136 | ---- | C] () -- C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.25 20:49:16 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.03.30 16:59:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.09.13 11:50:36 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008.09.13 11:50:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.09.13 02:22:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.09.13 02:14:53 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.09.12 14:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.05.21 00:16:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.05.21 00:16:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.05.13 07:32:45 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.05.13 07:32:45 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.05.13 07:32:44 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.09.04 10:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 18:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll < End of report > |
|
03.02.2012, 18:49
| #2 |
| | 100 Euro Windows Security Center-Verzweiflungsscheisse Meine Extras-Logfile:OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 03.02.2012 18:24:13 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\S\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 9,05 Gb Free Space | 12,99% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 23,65 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: S1
Current User Name: S
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1207580324-1291616810-1147902704-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017C0ECC-D19E-451E-9CBB-81800060D972}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1640D962-B263-4975-8B7A-2A60EB89A4B7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5D2E6801-8691-4961-83BA-B6F3B58D14D7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{949EF634-DCD9-4A0F-912A-548A5D5E9341}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A109AE99-F873-42CE-98BF-7CA37040E5D4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BD9C1B4A-328E-4622-AFB4-E275F04B8EF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0D0691F-BB87-48CF-B7B9-5518823F52AA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D1ECF293-498A-4E04-B22D-5F8FF94B4521}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D929A933-8556-4C34-B74F-43CD7BF843F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021AA4D4-ED11-438B-92F7-59B05B8A09AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0521FAF7-B230-4BDC-9E5C-008485327BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06717E8C-FF78-411A-BD5B-D678F545F73A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0A5A9F34-5B8C-4730-B1A6-7C0E7AAE5EB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ABE7810-AADD-42D7-B361-94DA8DFBE85A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0FE47A20-701A-4FC3-A330-57AE122AB546}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1180BEC5-BC97-4BB2-80E6-82467282BFCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{118B2645-9E05-43B8-98F1-7506215A42D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11B3AFAE-D2C3-4BEB-A8EC-77FAF0DEC3A5}" = protocol=6 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"{15DAE434-EE15-4EE5-9543-7865B01EADB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16196C59-89D3-4AC6-8554-28ABEE9B4CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1789FD5F-82A0-4767-9BE8-801697DA3DC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{179703E6-5788-4F21-A66A-8C29E999670F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18E0B7C3-966D-4433-A5C2-C929DF6B7FFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18F30FD1-0833-42F2-8ED8-5D052779BEB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F196F32-0C69-40A3-9952-F76EE23D3F8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F5865F8-D3BD-4EAF-84BA-B1052E3F4F12}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{203CE903-C4D0-4357-96B4-80FAF221538E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{20923879-D8EF-400A-91E7-839589ED5584}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{21ACECC8-C509-4994-A1F8-3965AA914AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{233357BB-03FD-4380-8C78-4A7E4E99E3F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{259A0493-AEAD-4DCB-95D6-6030A020EE54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{259C9CF7-7BCC-4B10-9718-D96623AFDBE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2640F8F3-B172-4A3A-A6CD-51A9192DFA4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29B55528-8201-4CE4-A45D-078246481EDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2ACF4443-55CE-458A-AC3C-0DA24A616EA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B507AF7-4367-4D2B-8477-FEF3E6FDDA65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C2B8D3F-AFB1-4131-9199-32306E86D5EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C94F75A-3E69-43C5-85FE-452F522D630E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D7C78A2-69B0-47F8-BCDF-189E2F94FAAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E936FBF-00AE-4678-9DBA-4E3566041137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{327C392C-1ADA-4C2C-B571-5F0E08208CF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3348E915-2174-46D5-91EB-33F8D5DEA01C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35868C42-996A-4745-BC86-B1757327DDC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{376350F3-F53D-4F8F-B2BD-48EA3B3D9F10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{376A3115-91DF-4417-B902-B29ECCFF3FBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38273B6E-9660-44C6-B3C2-4C40A5E84D01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B9A3C6-B8CA-4AF6-BA2F-E3EDEEF82B9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39963476-AFB5-4997-B0D4-BAEEA3449EF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AFA65A2-FA56-4814-A0FA-92F6EE436518}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3D406E93-5993-4ABB-AB66-D29688F0E85C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D5BC71A-8F1D-4B2D-B7C4-7F9288850F3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DA6EE21-CB70-4336-B4D0-82CEF2292EAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E7E332B-8E22-45D4-BC95-B9355B782ACE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E83C264-BB83-49DE-96E2-695D96510565}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40465FF1-CA4A-4CF7-8842-CEE014E8DAB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4066DC91-2D49-496A-833A-F1C616CD5194}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40B178BE-76F0-4501-8A03-0FC8FFE235CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40E0FA8F-80B5-4EE6-826C-44A9E9DDF477}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{417CB842-DD43-433B-B6FB-6B9CFC3B36EA}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{41A87BC2-C6FD-4207-94AA-A44D9E2D8C16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42A4574B-50C9-4EFB-A4A6-2699786F60FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{438082EA-39C1-4676-97D0-2C966AB87956}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{459F15E2-72AA-4D11-B5A8-169748A5CA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{464D4D58-FE80-4DFE-93F8-A14611AE7D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4696272E-70CC-46FD-928E-172B33FDDD6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46C4406F-9A3E-4104-9452-5B36A0D01D80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C2CCA5B-8314-4224-8105-6D8B41AE7626}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F3D40BC-77E3-4330-AA45-5167CA22CF72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5010D3DC-E165-4DF7-82F2-84A486B4127B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5079FB08-BEE1-4440-AB41-5B44AA9523FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E909B5-3318-4309-BC40-DAF81D259AAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52B89301-F711-402F-BD9E-1B754E28BC28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57FE1DFD-94DF-4E8A-B486-170C64DD1D40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5920976E-8B3C-4EDF-B660-0187DC52F454}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5995DD65-C23F-41CE-9408-B6EE33364233}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5ADA60AA-5D90-4A03-94C1-FC97E984BD2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B17C1C6-1CB2-4B18-ACB5-64F347E5A976}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BA51795-75D8-4208-92A1-483D48228922}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CCD52B3-E5EE-4D5B-89ED-93DEC2D77FA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DD9B9C3-125C-48CF-8246-8F394C6600BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E83DB0F-5853-4F43-B196-FDE7F15F856F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5ECC8C39-3EA1-4874-89C0-8B1C677F2976}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{610157C1-C7FA-4F79-95E4-7CB7D5AA9CFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61035F16-F3E9-4C76-9E1F-8D27955A7201}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6409B6C5-AD50-4799-AD6B-C77BD4E23F9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{647054EB-2A9C-4214-A4D0-D1E94FE4AF1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{658AC1A7-6033-4985-9BBB-46664D82F7E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65CEBDE0-FFF5-44FB-AE60-8174B1A8BB66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67B72B54-E57F-4BB2-9EC3-5E3E7E0FB330}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{686862D5-138D-4B82-8C7F-04306C376B04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69040396-A552-4E5B-A75F-62063A924F84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A3CF8C8-0BBE-4D50-B6B8-C355E2BAB24D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ABB3232-7F7B-4863-94B5-8F74B017C50F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C0DCF00-F952-4A39-A8AA-456E8533CC97}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D83A301-94E9-454B-A830-543063F23E6E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E537DE4-ED1B-4DD5-BAA8-27F5E963F87A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F844958-8864-4FFA-A96C-FABA042FA5E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FDA14D3-7E3C-415F-8823-79A04F2DE1D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71A88EDD-8D2D-43EA-9001-D6B53F26B8F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{724EBD9E-7CBB-45E9-B86A-5E75E2947223}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74C08FC4-BFDA-45BD-B5D6-E75E44EF5543}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{752B8196-4B46-47F3-8A7C-DED80D552C7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7781B42A-A5F7-41DD-A335-B7B261125C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77BECACB-8B8F-4D8A-8494-520BF2904C28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78259597-CAE2-4F5A-99F2-2201C9158273}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78747040-86C1-4393-B914-F178F458742D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B2BFDFC-2998-4FA7-8375-12C72763056A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BC8676F-FE67-4933-97A7-310DEA0525E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BE420A3-A979-4C0C-8E73-64ED76F0525B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C4E1E63-D7BE-4289-9E75-CD86EA785DA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CD67C7A-7AE7-4130-9B35-E0ABFF0D9CCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DD8804F-5826-4735-868F-0FBF7B2502FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E1ED820-CE06-4287-BA06-999C9CB62EAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E96828A-AD2D-412B-961C-9D67FC447636}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8046A7CE-07BE-4E35-BD69-00F1F68C05F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8046BFAA-1433-42EF-ABFC-1F7EC1F2348D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{807CD7D2-140C-470A-810D-312F0B2090A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80BCA514-8C82-44AE-8F84-066882CBB63A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80C7AA11-CBB4-4660-82E5-FFB695271450}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80D90790-FD91-4CD3-8D2F-F2A41A9789B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{812CF01B-E05D-4069-90D2-9137847394D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8174AE74-5E5A-4947-8C5F-20D46EA27B4B}" = protocol=17 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"{81ECD2EB-953E-4A18-9E80-218683F3ABFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{824A8235-091A-409D-A0AB-73F8A8B88BBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8448B918-FE85-4EFA-A0CD-C88671CE2350}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8689A120-59F2-455A-A0F1-E39059F08630}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86DC90F0-F29D-4359-A4DA-EA5C5F00A588}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87B7D38A-A9FF-4E32-9D75-8ED77E33070B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{887533A7-01A5-4650-BAD1-64601A46647C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{88BA9253-DC62-4F79-B155-151B85D4F132}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88EA109D-1498-4188-ACBC-959107542CB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8984C9D8-6A77-4DD5-ACF9-45EA8917250A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A462306-0AC0-44CD-95BA-92880CA2AA37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A6D4DC5-5492-4B35-8908-830C7327D174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A7851E0-41DC-4500-BFAF-F14DDB3254EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8AE1B127-BCDA-4B13-B278-081857EA9FAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B3AE051-5DCD-411A-9210-704D0498B820}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B79C82A-93C4-4EDB-8B5A-0BCEFAC682F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C1D3BA8-4A55-44BE-8D2F-5773D5E6899A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8DFB28D9-71E3-4B3D-9D75-05202744EA92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F6947CA-7E1A-4774-AEE0-8F648C4A0530}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9085A433-9D2E-4C73-B1D4-431C62342FC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{932B7AC6-E11C-44AA-97E9-6596754CD80F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{955CA884-EB8E-4064-BA13-47A435644FA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97C0A96B-E2AE-4638-BA54-1C05B90C6657}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{990652FA-C914-4C06-BAAC-14C951B5B7CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{990CFCEB-97A6-4A6C-B451-5AE645650962}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9943CABA-C84A-4860-BB5F-CD28D13FDAF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9984F428-0F1E-4255-AFB4-482A9DD51AC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B442BCE-3F6A-44A4-BD1D-708144069ACA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B537ACA-0019-4094-8BE3-B1BFB8517EA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BFDB65F-B431-46C5-A44B-A07CF4790F4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DD9506A-888F-48A6-87D4-1F721ED291CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A172D828-D3AB-4B4E-936F-8886A796B6ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A201F225-B842-4F88-BA0C-F34CCEA0D18B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D42CE2-25E9-44B4-A929-58F4529785A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A537727D-3883-4F81-8737-3196806FDD37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A53F818A-8A5D-4445-8339-6270446C2DE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6919160-17B9-4253-926E-6BA88A4F1C96}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A6ED0757-0517-4E60-8E6B-3BEC83264A69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A74E5F6D-2653-45CC-B29C-29449DD0986B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8080BC0-A43F-460D-8F51-8C9A825A99E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAEE7188-6C95-495D-9695-40FE1D8F3DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB7E2136-ADF8-4FB3-99D5-03F2F1AFB5C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABBE703B-6FAE-424B-B570-A1967BB57AD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABC8259F-17DF-46D3-9492-96630FC7B334}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AFD4822A-E670-4566-AAAA-153F1A51B4FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1B90EAE-8EE4-499A-99D7-30A54DF312E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2103301-C6C6-4948-88D9-23652AC4A801}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2D9FC65-5C21-472D-8D72-640E9E67CD26}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B30F120F-6845-40F4-A08D-036B2B372492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3362171-2030-4398-9A41-53CEDF535AE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B34F05B9-E327-4EB5-A71C-A65A17324018}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4180332-D6F7-4777-BCD7-ECD798ACCD12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B42609D3-1ED0-4F88-A227-0B5F556BB797}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B562279F-D788-48E2-A800-33F6E8893C64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B68C547F-31B7-4B9F-BF08-13B03DF3B825}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B78DF7FC-B3FC-4959-B980-293E28934FBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA42ABF1-DB8D-42F8-9CB3-9FFB952B46DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BAD5F8D5-2380-41CB-AF8D-0FF6D5123BB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB95215B-E58B-44AA-BBE6-B2A39B231441}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BC820DC9-2806-4BAC-83C4-F4D431813699}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCC04628-997E-4819-BC3D-CF1EB0465D14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD4F6F77-E3C8-4B60-A8F1-04879C801C6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0B2A1BF-7817-449B-9DD4-A8B45484AAEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0D794EA-8C23-4137-B24A-2D93098733C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1B62DB4-F93A-4F16-A8F1-A057371BE040}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1D84E96-31D9-41CE-BA83-C674753EC7BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C22A4A1C-EA90-4E8D-867E-E3026883C851}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C34AB58E-81EC-47CF-951E-AEABAD485406}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C585DAE4-E8A7-4CBB-A839-D3BA20489134}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C69BBD27-ED9A-4F0F-A490-A5142C26A889}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C740EAFE-F21B-4954-A76D-6D2F63B3BFD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7D1ECF3-0DEB-4305-B74A-F356522C2CD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C85E4BF0-3BF7-4FF5-80AB-1A66D8601088}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CB916BFD-9D38-4A6B-A6AC-BA16D60F0ECD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD2734CA-DFF0-4FE0-93AE-45D601D41491}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CED715BF-A308-41DC-A866-FCE5ADF2D5BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF9FFAC1-5862-4EB2-9165-E877F58B0040}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D227D983-589E-4B5D-8150-CA894A68A28F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3DEAB26-09A5-40A1-B19A-0DC520960E21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5611AF2-FAC1-451E-8F47-9FE56D30AB7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D97B47CF-7A13-4704-BAE5-E3F0252916B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA44A980-CD46-4D91-AEB9-EDA0ED80340A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA7D6AD5-BEFA-4668-AF90-15939D3D5387}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA8D91F4-EB4D-4162-A5DF-2D003C0EB076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC16DB26-A6AE-42B3-9170-6B21441D172E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC673B5F-A4D7-439F-B255-27078A27F867}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD6E5D35-57E9-46E8-B414-A0C613F1E9FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE32A7CF-0014-4982-BDA9-6C856A7F0EA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DED6E9AA-97AA-440B-9D5E-FB64910AD46D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF4ABCED-EA1B-402F-AD51-2603BDEBA514}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E022934F-76D5-41DF-90EC-DEDCBD529189}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E089D8D8-9A4E-4B44-A83D-FF183B2A1BF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1534FC5-6EDE-414C-A134-248DB2ECD7A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1E5D3D0-CC04-4399-BA3A-DF6D3682B1CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E690A1B0-7D63-49F7-91D0-A59DE2A8D039}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8EA61B8-DF3B-455B-AB83-F5AD938875C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA277488-BEC0-4B6B-95D8-B227C6D08F35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAA1E54B-5400-45DA-B420-8C10AAE1842F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECAECA0B-AA6D-4069-85F1-DC9F0EDBA3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE010B61-97BC-420B-9768-6A30E8FA0111}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE5AEE9D-CDEF-43DC-8ADF-19743FC36308}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2CF6083-B517-468A-9514-236ABD165DD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5BA96E6-A789-45D8-A7D3-6ADB9B1A413B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7098969-B47B-4DC8-AC53-3490BB9B776E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F72B68F1-28C3-4AE4-B474-96F0A2BF99A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F96CB4B4-8A33-46E8-805B-7BEB08FF7827}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A97E6D-B06A-4869-83A5-0FFBE59C1AB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FA34C770-DE21-44A3-85F3-30A73B448845}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB8C2ADA-4BCD-431D-AD9B-AE724F69859C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCE1279C-FA6B-4F5A-AECC-1EF9804F4580}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF489EB1-B5D1-4EB4-BFD8-DBC5147961B1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"TCP Query User{45D5A35F-AA77-4075-9A5A-14DDC7AC0204}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F8686371-375B-4C91-85AD-5D850E62D864}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{09264454-CAAD-432F-988C-B2227D17F62F}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5E592D29-F6D9-4E8D-9B17-293FA051E3D0}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.1.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
03.02.2012, 19:39
| #3 |
| /// Malware-holic   | 100 Euro Windows Security Center-Verzweiflungsscheisse hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [vasja] C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe (Orb Networks)
:Files
C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die  + E Taste.
__________________ |
|
03.02.2012, 19:50
| #4 |
| | 100 Euro Windows Security Center-Verzweiflungsscheisse Hi, danke schon mal für die nette Hilfe!!! Hier der Inhalt der Textdatei: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully. C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe moved successfully. ========== COMMANDS ========== Error: Unable to interpret <[EMPTYFLASH] > in the current context! [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: S ->Temp folder emptied: 528797890 bytes ->Temporary Internet Files folder emptied: 33108552 bytes ->Java cache emptied: 103441590 bytes ->FireFox cache emptied: 50634654 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1460576 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9371065 bytes RecycleBin emptied: 130426902 bytes Total Files Cleaned = 818,00 mb OTL by OldTimer - Version 3.1.28.0 log created on 02032012_194350 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
03.02.2012, 19:54
| #5 |
| /// Malware-holic | 100 Euro Windows Security Center-Verzweiflungsscheisse sehr gut befor wir weiter bereinigen können: Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.02.2012, 21:10
| #6 |
| | 100 Euro Windows Security Center-Verzweiflungsscheisse Ok, super! Und was passiert jetzt?  Danke! Gruß |
|
04.02.2012, 12:35
| #7 |
| /// Malware-holic | 100 Euro Windows Security Center-Verzweiflungsscheisse sind alle updates fertig instaliert, überprüfe es bitte, in dem du windows update aufrufst, suchen klickst, und guckst ob es weder wichtige noch optionale updates gibt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu 100 Euro Windows Security Center-Verzweiflungsscheisse |
| 0x00000001, adobe, antivir, autorun, avira, bho, canon, conduit, converter, corp./icp, defender, desktop, error, euro, excel, excel.exe, firefox, format, launch, mozilla, mp3, nvstor.sys, plug-in, popup, realtek, registry, security, server, software, svchost.exe, sweetim, trojaner/virus, usb, vista, windows, windows lizenz |
Linear-Darstellung
