| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wegen sicherheitsproblem ist ihr windows system blokiert?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2012, 17:50
| #16 |
 |  wegen sicherheitsproblem ist ihr windows system blokiert? also bis jetzt habe ich folgendes getan : -abgesichertermodus mit internert -malwarebites gedownloadet -gesacnnt -die viren in quarantäne gesteckt dann den pc neugestartet in den normalen modus (weil das programm nach dem scann das so wollte) -dann kam der block -und jetzt habe ich die viren die in quarantäne sind gelöscht.. ... und was soll ich jetzt tun es wieder versuchen oder was??! ...  |
|
19.03.2012, 17:59
| #17 |
| /// Malwareteam   | wegen sicherheitsproblem ist ihr windows system blokiert? Schritt 1
__________________Abgesicherter Modus zur Bereinigung
Schritt 2 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
19.03.2012, 18:07
| #18 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? danke! mach ich sofort
__________________ |
|
19.03.2012, 18:29
| #19 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? ich habs aber wie geht text box ?  |
|
19.03.2012, 18:33
| #20 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.03.2012 18:10:45 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Filiz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,77 Mb Total Physical Memory | 613,70 Mb Available Physical Memory | 60,00% Memory free
2,25 Gb Paging File | 1,99 Gb Available in Paging File | 88,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 5,71 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 39,97 Gb Free Space | 56,72% Space Free | Partition Type: NTFS
Computer Name: FILIZ-PC | User Name: Filiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.19 18:09:17 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Filiz\Downloads\OTL (2).exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2012.03.14 15:35:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.14 15:35:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.03.14 15:35:11 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.03.14 15:35:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.10 16:29:27 | 000,547,936 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\epson\EpsonCustomerResearchParticipation\EPCP.exe -- (EpsonCustomerResearchParticipation)
SRV - [2011.05.13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.02 12:23:21 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.04.04 17:54:08 | 000,266,343 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.29 16:51:56 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.21 05:38:24 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.11.21 05:37:18 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.11.21 05:36:32 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Programme\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.03.14 15:35:57 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.14 15:35:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.03.14 15:35:56 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.03.14 15:35:56 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.18 14:57:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.01.18 14:57:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.04.22 15:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.03.04 21:48:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.02.02 17:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.11.28 10:24:54 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.10.03 14:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2008.10.03 14:14:10 | 000,187,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008.10.03 14:14:10 | 000,146,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2008.10.03 14:14:10 | 000,039,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2008.10.03 14:14:10 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008.10.03 14:14:08 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2008.06.19 18:07:31 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.02.29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.08.31 14:24:26 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.08.10 21:08:32 | 000,017,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI\CIM\Bin\atidcmxx.sys -- (AtiDCM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.14 15:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.02.02 01:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.10.30 04:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Conduit Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE329
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{BDAAB30F-55C4-4D45-99DD-4A92DA1AF785}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Filiz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.05.04 06:50:15 | 000,000,000 | ---D | M]
[2009.05.26 11:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filiz\AppData\Roaming\mozilla\Extensions
[2011.08.09 11:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions
[2010.10.05 12:05:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.05 12:05:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.09 11:01:09 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\ffxtlbr@babylon.com
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Filiz\AppData\Roaming\Mozilla\Firefox\Profiles\sacti63g.default\searchplugins\icqplugin.xml
[2009.07.05 17:51:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.09 11:01:09 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Filiz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SkypePM] C:\Users\Filiz\AppData\Local\Skype\SkypePM.exe (Twain Working Group)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Filiz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2167EF-8825-4351-8395-7C907F7E7404}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Filiz\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O24 - Desktop BackupWallPaper: C:\Users\Filiz\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012.03.19 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\Malwarebytes
[2012.03.19 13:28:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.19 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.18 11:33:22 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.03.15 15:09:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.14 15:54:35 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\Avira
[2012.03.14 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.14 15:39:04 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.14 15:39:04 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.14 15:39:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.14 15:39:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.14 15:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.14 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.05 07:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.03.02 19:24:44 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\.minecraft
[2012.03.01 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.02.18 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Local\{440385B1-A6C2-4637-9E6F-6249BF7F5F3E}
[2012.02.18 18:24:54 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Local\{9744CC4E-1146-45BB-BBE5-93220CF23067}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.19 18:09:49 | 000,001,356 | ---- | M] () -- C:\Users\Filiz\AppData\Local\d3d9caps.dat
[2012.03.19 18:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 18:05:55 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.19 18:05:51 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:05:50 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 13:46:13 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.19 13:43:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0cb2b2108aed.job
[2012.03.19 13:43:02 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.19 13:28:42 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.18 15:06:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 14:15:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000UA.job
[2012.03.17 17:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000Core.job
[2012.03.16 12:03:44 | 000,009,728 | ---- | M] () -- C:\Users\Filiz\Documents\fittness kündigung.wps
[2012.03.16 12:03:44 | 000,006,996 | ---- | M] () -- C:\Users\Filiz\AppData\Roaming\wklnhst.dat
[2012.03.14 15:39:42 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.14 15:35:57 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.14 15:35:57 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.14 15:35:56 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.14 15:35:56 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.14 15:03:10 | 150,839,511 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.14 14:30:37 | 000,001,593 | ---- | M] () -- C:\Users\Filiz\Desktop\Browserwahl.lnk
[2012.03.14 13:44:49 | 000,298,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.10 15:00:52 | 000,043,520 | ---- | M] () -- C:\Users\Filiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.07 21:46:45 | 000,023,552 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs referat.wps
[2012.03.07 21:46:36 | 000,016,896 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs 1.wps
[2012.03.07 16:49:52 | 000,006,144 | ---- | M] () -- C:\Users\Filiz\Documents\Unbenanntes Dokument.wps
[2012.03.06 21:59:21 | 000,010,752 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs.wps
[2012.03.05 07:48:05 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.05 07:48:05 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.03.01 21:08:39 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.26 10:43:39 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 10:43:39 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 10:43:39 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 10:43:39 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.19 13:28:42 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.16 12:03:44 | 000,009,728 | ---- | C] () -- C:\Users\Filiz\Documents\fittness kündigung.wps
[2012.03.14 15:39:42 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.14 15:03:10 | 150,839,511 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.14 14:30:37 | 000,001,593 | ---- | C] () -- C:\Users\Filiz\Desktop\Browserwahl.lnk
[2012.03.07 21:46:36 | 000,016,896 | ---- | C] () -- C:\Users\Filiz\Documents\bio dachs 1.wps
[2012.03.06 21:59:40 | 000,023,552 | ---- | C] () -- C:\Users\Filiz\Documents\bio dachs referat.wps
[2012.03.01 21:08:39 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.01 21:08:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.01 20:59:07 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.01 20:59:07 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.02.03 15:49:13 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.02.03 15:49:09 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.01.18 14:57:36 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.01.18 14:57:32 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.06 13:07:52 | 000,000,093 | ---- | C] () -- C:\Users\Filiz\AppData\Local\fusioncache.dat
[2010.06.07 13:55:01 | 000,000,203 | ---- | C] () -- C:\Windows\disney.ini
========== LOP Check ==========
[2012.03.02 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\.minecraft
[2011.05.21 12:38:12 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\BitTorrent
[2011.08.09 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\DVDVideoSoft
[2011.08.09 11:05:45 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.02 08:29:41 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Epson
[2008.07.12 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\eSobi
[2011.11.04 17:59:20 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\FOG Downloader
[2012.02.25 22:27:43 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\ICQ
[2012.02.15 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Need for Speed World
[2011.04.02 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\OpenCandy
[2009.03.19 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Samsung
[2009.10.07 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Template
[2009.02.24 15:02:44 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Thinstall
[2009.03.21 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\TuneUp Software
[2011.06.14 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Windows Live Writer
[2012.03.19 13:43:02 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.03.17 17:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000Core.job
[2012.03.18 14:15:03 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000UA.job
[2012.03.19 13:52:22 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2008.06.19 12:17:37 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.05.07 00:13:47 | 000,000,000 | ---D | M] -- C:\Acer
[2008.06.19 12:58:21 | 000,000,000 | ---D | M] -- C:\AcerSW
[2007.05.07 08:22:29 | 000,000,000 | ---D | M] -- C:\Book
[2009.09.25 12:24:03 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.03 12:23:58 | 000,000,000 | ---D | M] -- C:\Bus Simulator 2008
[2012.03.16 07:54:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.06.19 12:13:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.11 02:59:23 | 000,000,000 | ---D | M] -- C:\DRV
[2009.08.27 19:54:46 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.03.03 19:29:14 | 000,000,000 | ---D | M] -- C:\EPLAN
[2009.05.25 18:24:46 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.12.04 08:36:46 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.03.18 11:33:22 | 000,000,000 | -HSD | M] -- C:\found.002
[2008.06.19 18:57:59 | 000,000,000 | ---D | M] -- C:\HiTRUSTDrive
[2007.05.06 23:57:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.06.19 17:03:39 | 000,000,000 | ---D | M] -- C:\My Music
[2011.02.03 15:44:45 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.08.07 07:46:30 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.19 13:42:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.19 13:28:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.06.19 12:13:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.18 22:20:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.06.19 12:16:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.14 15:03:10 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.07.04 06:35:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.07.04 06:35:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: REGEDIT.EXE >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 14:09:37
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
< End of report >
|
|
19.03.2012, 18:34
| #21 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.03.2012 18:10:45 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Filiz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,77 Mb Total Physical Memory | 613,70 Mb Available Physical Memory | 60,00% Memory free
2,25 Gb Paging File | 1,99 Gb Available in Paging File | 88,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 5,71 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 39,97 Gb Free Space | 56,72% Space Free | Partition Type: NTFS
Computer Name: FILIZ-PC | User Name: Filiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C65EE-5407-4BD3-9A16-C0469442D732}" = rport=10243 | protocol=6 | dir=out | app=system |
"{00EF9ED6-C15E-43E9-AEEB-BCC14BA9BD3B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{01A909BC-5BCD-463B-9979-B09718E0368B}" = lport=1701 | protocol=17 | dir=in | app=system |
"{08AB458D-ADFD-4263-A7BD-98F11E5FD0FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{093B7CB2-3475-4866-B8E7-773F12A48415}" = lport=5357 | protocol=6 | dir=in | app=system |
"{09DA611D-6F4D-4C0C-AEF9-5B17F08BBBF1}" = lport=445 | protocol=6 | dir=in | app=system |
"{09E2415A-F3B3-4E60-870B-660E8EBD1DB2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{0A7C5E4F-14BE-435D-96F2-8DD694CAA885}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0C39A5EC-EEEC-478A-A9D3-E54BDB10993C}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{0CB357D9-985A-41D1-88B4-8F99C3BBC894}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{0F45F741-3480-4477-95BA-6CEA2D9CD67E}" = lport=6112 | protocol=17 | dir=in | name=wc3. |
"{188708A0-FF70-4671-8DD5-413212E8DC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1DD405A5-C446-42E8-B98B-A273E1660363}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1F14F1C5-93DB-4B8D-87F1-BC6763B17A19}" = lport=80 | protocol=6 | dir=in | app=system |
"{2065B063-A4A1-4D0F-BCF5-AA32BA3BEC9D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{21A02312-78B5-4384-847B-2092DE00D30A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{21D81934-17E0-474B-B6AA-DD3E0D79DF65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2424F0CA-60A5-47AD-A335-FABEE1A30250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{2B040D6B-6640-4341-9174-959C5C9DE970}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2C3B3A77-E45C-428B-B5D4-DCF8CA5FD2BB}" = rport=2178 | protocol=6 | dir=out | app=system |
"{2CCDAA28-20CC-476E-8DE0-BF6B4252E2D8}" = lport=5358 | protocol=6 | dir=in | app=system |
"{2EAD8748-A510-4D3B-AFDF-66319ECF1459}" = lport=6112 | protocol=6 | dir=in | name=wc3.1 |
"{306CE20D-C356-4DED-8A20-DD3B90F58A5A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3165AE08-0F79-40FE-B8EC-20ACE726DB44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{339A2C6D-B651-4C3C-BC0B-2F91277ED517}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{36682890-4A32-459C-B9B0-A7A0AD99484D}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A0C21D6-AA16-442C-B822-8FC1CB00A5C6}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{3A8672D6-A8C5-45CF-8CD4-6FF786FFE03A}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{3C071050-E489-4B26-B5A5-0C5B4AACE85E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{3EFEA895-E0DB-401C-81EB-53C748AE9E36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{40283FFD-E775-48F9-B21D-8561E1B2C012}" = lport=443 | protocol=6 | dir=in | app=system |
"{42CFBA9E-3C6E-4963-AC94-FD912A9EE97E}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{46190549-7654-4FDB-B7DE-A3E578AD20B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46FB419E-102E-4496-828E-D55575BE6EA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{48B884BF-3E52-42DE-87F4-409C3A1733A9}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{4944BC6B-C00A-49D6-9923-603CEBA20FAC}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{4A4760EB-5CB6-4D2E-AEF6-2332021F7497}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A8B147D-C2B8-4EB4-8913-42BF3A46C4B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4D21BA61-A537-4A50-95D4-61FD16401F48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4E0DCEEA-4020-4878-B75D-F5CCAD18199A}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4FDED6A9-C23C-40BD-A23A-94D13FE74386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4FE10CF9-8467-402D-8D9C-A0264DB02014}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{523569A5-C092-4CEC-A72A-408909CFFDCE}" = rport=137 | protocol=17 | dir=out | app=system |
"{52CFE18E-8A6F-4157-876A-F83ADCFC6AD0}" = rport=1723 | protocol=6 | dir=out | app=system |
"{5607C3E5-6E65-490B-902F-9C088BF2E96A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{56DEB1D8-902B-45DE-B2EB-263244464EB5}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{59950D30-41CB-4A30-BDDE-73C7664AD70F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5AAEE57D-A6D8-465A-9CC0-825C2C6A0FB9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C94A644-EA7A-476E-ABC5-352BAEC4C222}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{5DE7AE58-2838-43A6-8C34-41191A042855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EBBD232-471B-4FE4-B118-372A92DD9000}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{64FAF4D7-93B0-4395-B478-DF3D7636C6DE}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{66434F13-983C-4478-9380-C354B7F7E0C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{69164AA9-8443-45BD-9960-7E1C9655F20A}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E1353F1-DDBE-4A91-A6A3-4B18C054B707}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F557046-CFF3-4369-B70E-8A5046428962}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{75148773-51AF-4123-B03B-CBF9D3EF4E60}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{767F380B-BBF6-496C-8FB9-80B5FF8366F3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8A28D8CE-C8C4-48B0-95E2-61F6141D3E5A}" = rport=138 | protocol=17 | dir=out | app=system |
"{8CC439E6-5585-4540-AF30-A77DC90320E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{8D987CFE-5F78-452F-B3CD-1248320ABAE0}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{8D9F66AC-D1EA-4D2D-A39F-97104D3FA411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8ED9E83E-5679-46B4-A551-0A064E2ED0C3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8F6520B8-4C54-4D15-9949-1E24E33F7CD1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9006DF48-6519-4262-BE6B-C837F50C2A8D}" = lport=1723 | protocol=6 | dir=in | app=system |
"{9281B536-30E7-4435-9E6A-0F26E77C7B49}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{9546305A-C82D-4F55-97FB-5E9087955C66}" = rport=445 | protocol=6 | dir=out | app=system |
"{95EFFA39-71C1-4FD8-AE5B-1B7861DD7489}" = lport=139 | protocol=6 | dir=in | app=system |
"{99FA3F40-8838-4BF2-8C43-993803758F3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A62CBF03-981E-4AC6-AF6B-28A24506F38A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AB61342E-A150-472F-92DA-95A4814EE9DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{AC4DB8AB-7AC6-4117-AEFB-DB77B4ED054E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B0933485-A3E0-4C41-89BB-CA786F3A2112}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{B29C1710-95F8-4467-BFE1-39C81D4AF63E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B7FE360E-D748-49BF-BA8A-80FC3D3B8A6A}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{BCB5A8E5-6218-4D55-A3DB-56FE88ED609F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{C0E3D069-F1BD-43DD-86DC-AEAF66261237}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C2DE06E3-B3C5-491D-B816-331DA5B1DE0F}" = rport=5357 | protocol=6 | dir=out | app=system |
"{C695245D-A2B5-4D05-97C6-547B3A70451D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CB8B955E-9D5E-4327-A45D-ED9C399DE95D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CF679572-B0E7-465E-9AC9-CB73B11BC13A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D5C66190-694C-402D-B0E0-0465C1A0A5C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D78D6972-A1BB-4B88-953A-1D0A5F3413D9}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{D948EDD3-3646-4522-A2BB-E13C90D14CDD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DC57C170-9EB2-4319-A247-CFA103B53EE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DE7FAA75-1131-4945-A4A3-AF5EF6AC86A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DFC33DCF-1F8D-4A12-B138-78C1CE8B3AC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{E33C3B08-AB41-4F60-BC32-5F2B2A55F421}" = lport=2178 | protocol=6 | dir=in | app=system |
"{E4CD4CD0-C0E9-4255-849D-F16D20C4957F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E5057A8C-AB79-4B6B-815C-13EECD40CEB3}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E8441291-DC14-4A0E-8001-834E0486E3D2}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{E8E176D9-BEC8-41C3-B60C-DB0ED004F298}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{EF10235B-A63F-4E2E-B0FD-0B589A35C371}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{F4DD96B0-5CAD-46A9-99E4-01A65D1972B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F82EEDC5-A86A-4585-AF2A-CD23A5C14BF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F9BFB30E-4BEA-432C-91B5-E2B94FE6A54B}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{FB2E68E1-18DC-4025-ADE9-85F18A9EC12D}" = rport=1701 | protocol=17 | dir=out | app=system |
"{FDC6932C-C080-4C84-A750-5A2CE66CA3B2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{FF4F9971-27E0-4DF1-B17D-985D58D9D142}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008AA397-CED2-433B-8EB7-38847926EAAE}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{02E17AE3-7770-464E-A933-9A14E48535F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0493E3FE-D69E-4A8D-B15E-3A90BC757B1F}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{05099283-2EB3-455B-8A38-1EAE3D75CF5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{09762EDE-3AF2-433B-83BE-6397E58E5866}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{0EE0B771-0B81-4C29-BB3E-8E2028D3755E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1213901768\ee\aolsoftware.exe |
"{134A9A52-B9DF-491A-8871-727C788A3AEB}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{149B2FC6-301F-4B3A-BDCD-FF581910D88F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{152C1DAB-CDA2-4FF4-A6E1-25EFF685C60B}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1900C630-2D65-4EEA-8344-7DD3A805685B}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{1D208BA0-90EE-4FB4-997E-84AE90E665E8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2008AD94-9A3F-446A-8444-A60024DF5288}" = protocol=6 | dir=out | app=system |
"{2041271B-5DC5-44A8-B3B6-67F7F7FEA874}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{217C3922-36A0-467B-BA77-881EA8BFFB22}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{217EAF1F-EDDB-4903-96E0-0E766F9A22B7}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{21EE1DB1-EE58-497A-BBD7-5BE3A3B697DF}" = protocol=6 | dir=in | app=c:\users\filiz\appdata\local\microsoft\windows\temporary internet files\content.ie5\b8orin6r\facemoods.exe |
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{25BB944A-389A-4265-B26E-19CF7DC3E70A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{270CD491-4B33-4083-84C9-D00D1003BC1F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{278C1642-8B18-43D5-A6E8-BA8F1B805465}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{2BF4CB48-7F94-4A5A-8108-AE21513FAA7A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{2DC29940-D60C-4894-9301-2A7F0BA2242D}" = protocol=17 | dir=in | app=c:\users\filiz\appdata\local\microsoft\windows\temporary internet files\content.ie5\b8orin6r\facemoods.exe |
"{2E42583F-3899-4989-9F80-E7E233943B16}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{368C9C21-E9BE-475D-AF45-27B410C77590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3789D9A1-FB41-4757-931F-54594A913347}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{42876BB7-833E-4C11-BEA2-CF85B7D7A1E3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4756BC26-1D89-4E1A-9772-959A7C67B6CB}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{49E6D427-F151-41C1-9806-E9565B49D495}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{4CF16028-769D-458A-94CA-AEA15E9CB3AC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4DBF5A05-3E4E-40A6-9DE8-1BC90802D3EF}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{50AFC9C9-02EC-47AC-85EA-11B24CA96330}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5775EF0A-DDF1-4780-AB71-75F60F6F545A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{581D504D-103E-42F8-BD55-987FC4F84C7C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{5A14B987-1B54-49A2-AFD1-41A578448096}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B6CDCB8-C631-490F-B674-747353763288}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5BDDFCE8-74E1-41A3-A362-4F55D42F8726}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{5E85670B-6EAF-4319-AA87-9D7BBD59DE7F}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{5F4CE7AF-BDB8-4E61-A991-199061F97F44}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{606FEE49-4CB7-45CA-9736-08C1CD8C6856}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{66BFC5D7-0C9A-474E-A97B-D88B5B72B0C1}" = protocol=6 | dir=in | app=d:\stronghold2.exe |
"{6781ECC0-8674-4A88-A9A0-EF45F24D6F9B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{67C4DF38-87AA-4F28-BBBD-2C20F3FBAC6D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{6B320E44-564C-4866-8747-0CAA5DE7A5FA}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{6D5501BB-FAC2-4083-B55E-96CCB34F9133}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D9815EB-8A40-4F5E-BB78-92ACC6106B88}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{6DCB2AF2-26A6-46B3-8F87-4C1DBE032D8D}" = protocol=6 | dir=out | app=system |
"{6E9AB5D5-2032-4E6A-803B-BA58A2AEBD9A}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{6F85D589-E6B1-47C1-AD0B-32C01A872E92}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7620BFA3-B0D0-4088-929D-9D07F449F510}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{7D4A729E-4F60-44EB-9102-262FAEF38C5E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7DEE7B26-52EF-4BD4-B7C8-BB29522FC264}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{804A8523-0B1A-4678-97CE-9B1C5BCFAFA1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{82CDC088-3459-4CD3-9099-7FF6C43B21F7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{838DC87A-2682-4386-A9B5-B259395FCE06}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{85A9F660-15E4-452E-B187-22A3652DE2B9}" = dir=in | app=c:\users\filiz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{87535030-26E8-47A9-BF50-3DA0D3489A45}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{88BF7F93-D198-42C0-BA4A-DE5117899356}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8BCBE432-0061-45BB-985C-1B979B42A5FE}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{8D304577-C5AD-4BA0-94B5-C7EFADCC703F}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{8E8BE690-9D6D-4293-AD90-67B645857022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{91AB4117-AA08-4B96-9065-1EC934401983}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{98130D14-873A-4FB0-BCCC-11F9D6D02210}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{994261A1-9C98-4BD7-8F02-CD9E4EBC81F0}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{9E1D6AAD-9905-41C4-8A37-3894C0EDAEA5}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A44F76B2-7194-43F7-87E2-06AD29521E0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0C28C92-93E2-42A4-83A1-8A7FF9D05934}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1213901768\ee\aolsoftware.exe |
"{B38180DE-EA0E-44E7-87FC-D279EC245E5E}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{B5CD7E17-E2CF-4545-9F3F-BD423E082F20}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{B7ADA983-301D-4273-82A4-529F32E236A7}" = protocol=17 | dir=in | app=d:\stronghold2.exe |
"{B92FF813-E72A-475F-B259-B8BC40F40C96}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BAF33F84-16C6-4000-B953-701161D1F0B4}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{BC839062-F947-4753-B999-2B7BAE3B53DC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C8C98984-CD60-428B-B48C-DB0E72D9C716}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{C9892981-87E3-4B2D-B508-4211B7E2B826}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{CA942F9B-B809-44AC-A48E-EB55E29CA72A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CB29B865-6E94-400E-A449-007F6D8B4AC5}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{D205F1E9-204D-4CCE-92BD-D3992DCFC760}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{D7367C20-E55F-4FB3-A459-1EF2FB40D045}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{E1572AB4-BC74-43DC-96F6-BB35AE86FBFF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E1B8FD3D-4505-42FE-A89D-691A129B9A53}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{E4EE2C5F-F605-4E94-B333-6B939EF516CC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E988321E-A7B9-4F83-94BC-4D137BB45F1E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{E99FC5A1-C8E0-4952-9EEB-3E89353BFABC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF342179-49AC-4650-AD89-690F9815D543}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{FA7D8F68-43EE-4008-BA03-C0E99812322E}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"TCP Query User{2050DE18-E7AD-4823-BDEA-CC46738B636B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3B6B239E-B6ED-4706-AFA5-AD6721CEE0F0}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{4136D892-A38F-4D0C-AB25-FB92FBF5EE3F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{862ADDA5-444D-4BE2-B797-9F6233075AA8}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{884039BE-53BD-44E5-B356-CE9AB52233C8}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{8BC1CF93-7727-4F24-8DA8-151F872428CE}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{CFCFD5A4-F615-4976-BF04-46F907A4218D}C:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=6 | dir=in | app=c:\program files\lego media\constructive\lego loco\exe\loco.exe |
"TCP Query User{D139C222-A3AE-45F4-82AE-7C9239924817}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"TCP Query User{EF47BBA3-4BD2-46FE-A07E-95C4AD351EF9}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"TCP Query User{F60D40F6-49B3-468E-9487-F7F0413EB8BE}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{213885E2-C706-4567-9491-1893AA5DEFD4}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{334056DF-3B40-4230-A54C-ED6DBEA9167C}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"UDP Query User{362CDDB3-4F99-46ED-A696-07599FD378C3}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{3D23410F-FB96-414D-896C-3EFFC82BED21}C:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=17 | dir=in | app=c:\program files\lego media\constructive\lego loco\exe\loco.exe |
"UDP Query User{42F82518-F47D-4144-A588-D5731FD4C016}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"UDP Query User{6B02D4F9-F605-478B-B7AC-2BD56D6150CE}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{9ED16594-D837-4A67-8070-D79BC91A1244}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A9948AE2-B8EA-4A49-95E9-C885E77AB560}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{B4532383-D286-4D5D-B429-4218058BEBB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CBCB71CD-B776-4FF0-BDB3-498A7BAD03C1}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021661E0-C377-C87B-9583-E0A69E61A489}" = Catalyst Control Center Localization Thai
"{023387B5-AF74-D690-D2C6-C8D474597284}" = CCC Help Polish
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{042B8532-E27C-C06E-A8F5-71F36B98B2DE}" = Catalyst Control Center Localization Portuguese
"{0459FAF6-D4CA-406C-BA6F-9A3D225ABD1A}" = Epson Customer Research Participation
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07AE9F43-360F-7412-577B-2B4B73E5EAB9}" = CCC Help Hungarian
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C09E020-9996-4E1C-9839-97DA8F9C8D6B}" = CCC Help Danish
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1861D449-590B-71F5-2C62-21730731FC4C}" = ccc-utility
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21565317-7E58-CEED-E5BE-6916533442F4}" = Catalyst Control Center Localization Czech
"{2224B408-E7E4-15CF-0674-EC7C36D68741}" = Catalyst Control Center Localization Hungarian
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236D1288-99DB-C3D6-D132-EDE6317BF619}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{2AABA091-41DF-D0D3-83F8-0133F8C7AA97}" = Catalyst Control Center Localization Swedish
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{317DE552-B622-0DD2-4E7E-28400D64C100}" = Catalyst Control Center Localization Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42DF661F-6351-B582-DE2C-B8C46B30303F}" = CCC Help Dutch
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F5641C5-409C-7E5A-A2F9-B6D00A190B55}" = Catalyst Control Center Graphics Previews Vista
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5AA2CD16-706F-41F3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EA96EEF-4E57-C1F0-6A06-088191FE110C}" = CCC Help Thai
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = PTP
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{6467DDF9-718F-4FC3-8606-A975468DF541}" = SymNet
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B73D186-ED5C-6EB1-96EE-8F866269243C}" = Catalyst Control Center Localization Danish
"{7007D9E6-F820-CFEA-EB87-9C9377A967F7}" = CCC Help Swedish
"{710EA46C-2A49-F39A-5EC7-3884DC5329D7}" = Catalyst Control Center Localization Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF0F2A-A87D-B6B7-6671-61B53F98254B}" = Catalyst Control Center Localization Turkish
"{760F3E42-B1E4-5324-4C4A-0459C8938B6A}" = Catalyst Control Center Localization Italian
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760B7DD-C922-C286-AB6C-2E06B32C1D4F}" = Catalyst Control Center Graphics Full Existing
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837F9742-DCC8-3FF4-5066-E11E48EE2391}" = Catalyst Control Center Localization Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86861408-CB40-247E-B851-608792116658}" = CCC Help Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E71966-9EE0-9AD3-2C17-FC3A0B8BB810}" = Catalyst Control Center Localization Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCA7792-CF78-46C6-66A7-EB9A8F0FB0A2}" = Catalyst Control Center Localization Russian
"{8C42C789-B0EF-3226-9069-D1956B220B38}" = Catalyst Control Center Localization Greek
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE1CAAF-31C0-6B2A-45EE-7761FDEFC806}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C353B52-07E4-07A7-B95F-392D8AA37210}" = Catalyst Control Center Localization Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBB76DD-812B-26E9-C681-B7CD2DA27A78}" = CCC Help French
"{9E6D81B8-1FA4-4F32-AEE2-D9F81971B4C0}" = Simtrain's - Gotthard Route 2
"{9F96AFEF-28F1-2479-1D6A-33F8D4A7BF11}" = CCC Help Chinese Standard
"{A10FCB8E-F4C3-0C5E-4FFC-8C9A560095A8}" = CCC Help Russian
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A6038CD2-72AF-2C0A-C1A3-93D360F5A889}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE223864-BFA1-1F17-49B2-13C8971DACA2}" = Catalyst Control Center Localization German
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B22D8435-CB77-849A-B9AE-D1737A073914}" = Catalyst Control Center Localization Polish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BA8D55-5397-6712-1B6C-5A8849AF19F5}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1722D10-8C05-B66D-A160-7C2CFF589176}" = Catalyst Control Center Graphics Light
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C485A66D-3521-20E8-2A7B-F060B1773491}" = Catalyst Control Center Localization French
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1C40A4-2836-1911-673E-18572FD2B62A}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6FE5A8-1338-188F-35B3-8372FA31D822}" = Skins
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5E905F1-7657-7B1E-E5BD-2C69C89C8ABE}" = CCC Help Italian
"{D6DB00A1-4BCC-AB1B-24C2-0999BDA43D85}" = CCC Help Greek
"{D7D4DB0F-9070-AED1-D2F4-D11BD42C7588}" = CCC Help Chinese Traditional
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{D7F01E28-9D36-F8EC-872F-9FD71792F858}" = CCC Help Finnish
"{DA6AB13B-4D72-6EBB-AA4D-656CE9C0E512}" = CCC Help English
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF59BA36-54DC-6BB4-FCED-C9B9F2BCB4AE}" = CCC Help Spanish
"{E0325EFE-9D02-0F1E-7306-F4D95979715A}" = Catalyst Control Center Localization Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63AA3F4-5647-0BC8-24FC-F40CFE56B579}" = Catalyst Control Center Localization Norwegian
"{E6541F6A-3D2D-30E5-57F9-4DD411C2E4F0}" = CCC Help German
"{E720B248-D9F5-5E20-8E72-3E419D45D703}" = Catalyst Control Center Localization Finnish
"{E8E32E53-18F7-095E-CC75-F77E412F1AD9}" = CCC Help Portuguese
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{ECF106D2-86F4-49A3-8761-57D736C8D660}" = Karamalz Racer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09030B7-7B8A-30DE-539B-607C9B1831DB}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F76D7388-A433-E572-4718-CD3421738166}" = CCC Help Turkish
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Toolbar 4.0" =
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"BabylonToolbar" = Babylon toolbar
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Diccuric" = Diccuric
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProTrain 23 Raildriver 1.0" = ProTrain 23 Raildriver 1.0
"RealPlayer 6.0" = RealPlayer Basic
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
19.03.2012, 18:37
| #22 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? und jetzt ?! |
|
19.03.2012, 18:46
| #23 |
| /// Malwareteam | wegen sicherheitsproblem ist ihr windows system blokiert? Schritt 1
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
:Commands
[purity]
[emptytemp]
Schritt 2 So, nun führst Du einen Scan mit GMER aus und postest das Log. |
|
19.03.2012, 19:00
| #24 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? aber wenn ich dann neustarte startet der pc im normalen modus auto. und der geht ja nicht... |
|
19.03.2012, 19:17
| #25 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully. C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe moved successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. ADS C:\ProgramData\TEMP:671329E4 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 84 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Filiz ->Temp folder emptied: 618870920 bytes ->Temporary Internet Files folder emptied: 1528439693 bytes ->Java cache emptied: 63711848 bytes ->FireFox cache emptied: 2904538 bytes ->Flash cache emptied: 77449 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 106395517 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 15442574 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes RecycleBin emptied: 5951550996 bytes Total Files Cleaned = 7.904,00 mb OTL by OldTimer - Version 3.2.39.1 log created on 03192012_190726 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
19.03.2012, 20:36
| #26 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-19 20:34:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-00PSA0 rev.05.06H05
Running: zh7hlvh2.exe; Driver: C:\Users\Filiz\AppData\Local\Temp\kwdoypod.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
19.03.2012, 20:38
| #27 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? und nun?? ____ mfg : |
|
19.03.2012, 20:48
| #28 |
| /// Malwareteam | wegen sicherheitsproblem ist ihr windows system blokiert? Geht der Normalmodus wieder? |
|
19.03.2012, 22:24
| #29 |
| | wegen sicherheitsproblem ist ihr windows system blokiert? jaaaaaaaaaaaa!!!!! ich bin dir sehr dankbar! fuer deine muehe und aufmerksamkeit. ___________________________________________________________________________________________________________ der rechner hatt an geschwindigkeit verloren.. liegt das vlt. daran das der virus hintergruende /spuren hinterlassen hatt oder weil der pc knapp 2 tage ohne unterbrechung an war?oder ist das normal nach einem virus?? ich hoffe der pc wird wieder schneller wie frueher.. ___________________________________________________________________________________________________________ also der normale modus geht wieder muss ich noch i. etwas machen?? ( nochmalen zur sicherheit scannen oder so meime ich damit) oder sind wir komplet fertig?? ___________________ mfg: Denis |
|
19.03.2012, 22:42
| #30 |
| /// Malwareteam | wegen sicherheitsproblem ist ihr windows system blokiert? |
|
| Themen zu wegen sicherheitsproblem ist ihr windows system blokiert? |
| abgesicherten, avira, besonders, betriebssystem, dumme, euro, geld, gestartet, grübele, hochfahren, hoffe, kleiner, modus, problem, scan, scanne, schwarz, sicherheits update, sicherheitsproblem, system, update, virus, vista, windows, windows vista, überhaupt |
Textbox.
Linear-Darstellung
