Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   wegen sicherheitsproblem ist ihr windows system blokiert? (https://www.trojaner-board.de/111803-wegen-sicherheitsproblem-windows-system-blokiert.html)

user1999 18.03.2012 21:26

wegen sicherheitsproblem ist ihr windows system blokiert?
 
hey...
ich habe mir einen virus bekommen (jedenfalls ich glaube es denn ich weiß nicht besonders ob ein sicherheits problem ein virus ist ) . ich grübele was ich machen soll..
Der Virus sieht etw. so aus aus: Also ich fahre den pc hoch dann wird nach dem hochfahren alles schwarz und es kommt ein kleiner text in roterschrift . "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert." ich soll mir nach dem text für geld ein sicherheits update kaufen
für 50 euro

Ich habe nun erstmal im den Pc im abgesicherten Modus gestartet um hier überhaupt schreiben zu können. Mein Betriebssystem ist Windows Vista 64bit.

Ich hoffe ihr könnt mir helfen
(ich scanne mit avira gerade mein vollständigen system)
(ich kenne mich nicht gut mit dem pc aus aber benuze ihn alltäglich also ich währe sehr erfreut über eine ausfürliche beschreibung für... dumme .. :D )

Swisstreasure 18.03.2012 23:02

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Windows im abgesicherten Modus starten

Der Abgesicherte Modus (auch eingeschränkter Modus) bezeichnet eine besondere Art des Startens der Windows-Betriebssysteme von Microsoft, die sich vom regulären Normalstart in einigen Punkten unterscheidet:
  • Verwendung eines Standard-Grafikkarten-Treibers (VGA) also ohne Treiber
  • Teile der Registrierdatenbank werden nicht geladen, darunter Hard- und Software-Einträge (Gerätetreiber)
  • Autoexec.bat und config.sys werden übersprungen
  • Alle Autostartobjekte werden deaktiviert (In der Registry unter Load= und Run=)
Den abgesicherten Modus erreicht man, indem man während des Starts des Computers im richtigen Augenblick die F8-Taste drückt.
Dies ist der Moment kurz bevor das Windows-Logo erscheint (Es hat sich als praktikabel erwiesen, während des Bootvorgangs die F8-Taste einfach wiederholt zu drücken, wobei einige BIOS dann zunächst ein Auswahlmenü des Bootmediums präsentieren). Nebst anderen Startoptionen erscheint ein Menü mit der Auswahl:

http://www.trojaner-board.de/attachm...1&d=1266804629
Abgesicherter Modus
Abgesicherter Modus mit Netzwerktreibern
Abgesicherter Modus mit Eingabeaufforderung
Sinn und Zweck des abgesicherten Modus ist die Möglichkeit, einen Reparaturversuch durchführen zu können, wenn sich Windows regulär nicht mehr starten lässt.

Weil im abgesicherten Modus die meisten sonst im Hintergrund arbeitenden Prozesse (Wächter von Antivirensoftware, Netzwerkkomponenten, erweiterter Grafiktreiber, aber auch viele Computerviren uvm.) nicht mitstarten, ist der abgesicherte Modus auch besonders geeignet, um nach Fehlern zu suchen oder Deinstallationen vorzunehmen

Schritt 2

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

user1999 19.03.2012 07:12

ich bin dir sehr dankbar sofort nach der schule werde ich alles abarbeiten :) ! DANKE!

user1999 19.03.2012 13:17

ehm... wie interlire ich das?? ich hab auf downloaden gedrückt aber es passiert nichts...
:headbang:

Swisstreasure 19.03.2012 13:21

Was es passiert nichts?

user1999 19.03.2012 13:26

ja also.. ich klicke auf Malwarebytes ich gehe auf die seite drücken obenrechts auf die grüneschrift wo downloaden steht und dann passirt einfach nichts... :/

user1999 19.03.2012 13:27

ahh doch eben klappts :D

user1999 19.03.2012 13:33

ehm halt stop ich verstehe die letzen zwei schritte nicht xD
-Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
-Nachträglich kannst du den Bericht unter "Log Dateien" finden.
kannst du das nochmal genau sagen wie ich des hinbekomme was ist "thread" und wie öffne ich "log datein (und was ist das )" sry .. bin halt recht dumm am pc.. :D
____
mfg :

user1999 19.03.2012 13:41

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.19.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Filiz :: FILIZ-PC [Administrator]

19.03.2012 13:30:46
mbam-log-2012-03-19 (13-30-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194681
Laufzeit: 8 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Filiz\AppData\Local\Temp\0.707867150831088h7i.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Filiz\AppData\Local\Temp\0.732503157790729h7i.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Filiz\AppData\Local\Temp\0.8107821529400544h7i.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Swisstreasure 19.03.2012 13:57

Geht Normalmodus wieder?

user1999 19.03.2012 15:45

nein... :( ich musste den pc neu starten um das abzuschließen den quick scann aber dann ist der normalemodus angegangen wo ich neugestartet hab und dann kamm halt sofort wieder des schwarze tei´.. :(

user1999 19.03.2012 17:23

also es klappt immernoch nicht.. ich mache gerade GMER scann (ich hab mich noch etw. umgeschaut da hatt das einer gesagt das er das amchen soll beim gleichen problem wie bei mir ) und brauche ich eigentliche auch OTL ?

Swisstreasure 19.03.2012 17:29

Entweder Du machst alleine was Du willst oder Du machst was ich schreiebe.

user1999 19.03.2012 17:35

ookaay sry ich brechs ab ich mach abjetzt nru das was du willst sry :/

user1999 19.03.2012 17:43

BITTTEEEE BITTTTEEE [B]BITTTTEEE [B] hilf mir weiter... ich hab alles gemacht was du bisjetzt wolltest aber es klappt immernoch nicht..

user1999 19.03.2012 17:50

also bis jetzt habe ich folgendes getan :
-abgesichertermodus mit internert
-malwarebites gedownloadet
-gesacnnt
-die viren in quarantäne gesteckt dann den pc neugestartet in den normalen modus (weil das programm nach dem scann das so wollte)
-dann kam der block
-und jetzt habe ich die viren die in quarantäne sind gelöscht..
... und was soll ich jetzt tun es wieder versuchen oder was??! ... :(

Swisstreasure 19.03.2012 17:59

Schritt 1

Abgesicherter Modus zur Bereinigung

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

user1999 19.03.2012 18:07

danke! mach ich sofort

user1999 19.03.2012 18:29

ich habs aber wie geht text box ? :D

user1999 19.03.2012 18:33

OTL Logfile:
Code:

OTL logfile created on: 19.03.2012 18:10:45 - Run 1
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Filiz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,77 Mb Total Physical Memory | 613,70 Mb Available Physical Memory | 60,00% Memory free
2,25 Gb Paging File | 1,99 Gb Available in Paging File | 88,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 5,71 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 39,97 Gb Free Space | 56,72% Space Free | Partition Type: NTFS
 
Computer Name: FILIZ-PC | User Name: Filiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.19 18:09:17 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Filiz\Downloads\OTL (2).exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.14 15:35:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.14 15:35:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.03.14 15:35:11 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.03.14 15:35:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.10 16:29:27 | 000,547,936 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\epson\EpsonCustomerResearchParticipation\EPCP.exe -- (EpsonCustomerResearchParticipation)
SRV - [2011.05.13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.02 12:23:21 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.04.04 17:54:08 | 000,266,343 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.29 16:51:56 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.21 05:38:24 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.11.21 05:37:18 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.11.21 05:36:32 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Programme\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.03.14 15:35:57 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.14 15:35:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.03.14 15:35:56 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.03.14 15:35:56 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.18 14:57:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.01.18 14:57:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.04.22 15:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.03.04 21:48:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.02.02 17:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.11.28 10:24:54 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.10.03 14:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2008.10.03 14:14:10 | 000,187,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008.10.03 14:14:10 | 000,146,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2008.10.03 14:14:10 | 000,039,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2008.10.03 14:14:10 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008.10.03 14:14:08 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2008.06.19 18:07:31 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.02.29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.08.31 14:24:26 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.08.10 21:08:32 | 000,017,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI\CIM\Bin\atidcmxx.sys -- (AtiDCM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.14 15:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.02.02 01:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.10.30 04:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Conduit Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE329
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{BDAAB30F-55C4-4D45-99DD-4A92DA1AF785}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Filiz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.05.04 06:50:15 | 000,000,000 | ---D | M]
 
[2009.05.26 11:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filiz\AppData\Roaming\mozilla\Extensions
[2011.08.09 11:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions
[2010.10.05 12:05:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.05 12:05:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.09 11:01:09 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\ffxtlbr@babylon.com
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Filiz\AppData\Roaming\Mozilla\Firefox\Profiles\sacti63g.default\searchplugins\icqplugin.xml
[2009.07.05 17:51:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.09 11:01:09 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Filiz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SkypePM] C:\Users\Filiz\AppData\Local\Skype\SkypePM.exe (Twain Working Group)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Filiz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2167EF-8825-4351-8395-7C907F7E7404}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Filiz\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O24 - Desktop BackupWallPaper: C:\Users\Filiz\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\Malwarebytes
[2012.03.19 13:28:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.19 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.18 11:33:22 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.03.15 15:09:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.14 15:54:35 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\Avira
[2012.03.14 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.14 15:39:04 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.14 15:39:04 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.14 15:39:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.14 15:39:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.14 15:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.14 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.05 07:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.03.02 19:24:44 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\.minecraft
[2012.03.01 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.02.18 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Local\{440385B1-A6C2-4637-9E6F-6249BF7F5F3E}
[2012.02.18 18:24:54 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Local\{9744CC4E-1146-45BB-BBE5-93220CF23067}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 18:09:49 | 000,001,356 | ---- | M] () -- C:\Users\Filiz\AppData\Local\d3d9caps.dat
[2012.03.19 18:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 18:05:55 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.19 18:05:51 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:05:50 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 13:46:13 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.19 13:43:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0cb2b2108aed.job
[2012.03.19 13:43:02 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.19 13:28:42 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.18 15:06:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 14:15:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000UA.job
[2012.03.17 17:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000Core.job
[2012.03.16 12:03:44 | 000,009,728 | ---- | M] () -- C:\Users\Filiz\Documents\fittness kündigung.wps
[2012.03.16 12:03:44 | 000,006,996 | ---- | M] () -- C:\Users\Filiz\AppData\Roaming\wklnhst.dat
[2012.03.14 15:39:42 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.14 15:35:57 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.14 15:35:57 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.14 15:35:56 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.14 15:35:56 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.14 15:03:10 | 150,839,511 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.14 14:30:37 | 000,001,593 | ---- | M] () -- C:\Users\Filiz\Desktop\Browserwahl.lnk
[2012.03.14 13:44:49 | 000,298,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.10 15:00:52 | 000,043,520 | ---- | M] () -- C:\Users\Filiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.07 21:46:45 | 000,023,552 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs referat.wps
[2012.03.07 21:46:36 | 000,016,896 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs 1.wps
[2012.03.07 16:49:52 | 000,006,144 | ---- | M] () -- C:\Users\Filiz\Documents\Unbenanntes Dokument.wps
[2012.03.06 21:59:21 | 000,010,752 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs.wps
[2012.03.05 07:48:05 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.05 07:48:05 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.03.01 21:08:39 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.26 10:43:39 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 10:43:39 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 10:43:39 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 10:43:39 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 13:28:42 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.16 12:03:44 | 000,009,728 | ---- | C] () -- C:\Users\Filiz\Documents\fittness kündigung.wps
[2012.03.14 15:39:42 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.14 15:03:10 | 150,839,511 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.14 14:30:37 | 000,001,593 | ---- | C] () -- C:\Users\Filiz\Desktop\Browserwahl.lnk
[2012.03.07 21:46:36 | 000,016,896 | ---- | C] () -- C:\Users\Filiz\Documents\bio dachs 1.wps
[2012.03.06 21:59:40 | 000,023,552 | ---- | C] () -- C:\Users\Filiz\Documents\bio dachs referat.wps
[2012.03.01 21:08:39 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.01 21:08:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.01 20:59:07 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.01 20:59:07 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.02.03 15:49:13 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.02.03 15:49:09 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.01.18 14:57:36 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.01.18 14:57:32 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.06 13:07:52 | 000,000,093 | ---- | C] () -- C:\Users\Filiz\AppData\Local\fusioncache.dat
[2010.06.07 13:55:01 | 000,000,203 | ---- | C] () -- C:\Windows\disney.ini
 
========== LOP Check ==========
 
[2012.03.02 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\.minecraft
[2011.05.21 12:38:12 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\BitTorrent
[2011.08.09 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\DVDVideoSoft
[2011.08.09 11:05:45 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.02 08:29:41 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Epson
[2008.07.12 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\eSobi
[2011.11.04 17:59:20 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\FOG Downloader
[2012.02.25 22:27:43 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\ICQ
[2012.02.15 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Need for Speed World
[2011.04.02 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\OpenCandy
[2009.03.19 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Samsung
[2009.10.07 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Template
[2009.02.24 15:02:44 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Thinstall
[2009.03.21 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\TuneUp Software
[2011.06.14 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Windows Live Writer
[2012.03.19 13:43:02 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.03.17 17:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000Core.job
[2012.03.18 14:15:03 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000UA.job
[2012.03.19 13:52:22 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.06.19 12:17:37 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.05.07 00:13:47 | 000,000,000 | ---D | M] -- C:\Acer
[2008.06.19 12:58:21 | 000,000,000 | ---D | M] -- C:\AcerSW
[2007.05.07 08:22:29 | 000,000,000 | ---D | M] -- C:\Book
[2009.09.25 12:24:03 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.03 12:23:58 | 000,000,000 | ---D | M] -- C:\Bus Simulator 2008
[2012.03.16 07:54:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.06.19 12:13:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.11 02:59:23 | 000,000,000 | ---D | M] -- C:\DRV
[2009.08.27 19:54:46 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.03.03 19:29:14 | 000,000,000 | ---D | M] -- C:\EPLAN
[2009.05.25 18:24:46 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.12.04 08:36:46 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.03.18 11:33:22 | 000,000,000 | -HSD | M] -- C:\found.002
[2008.06.19 18:57:59 | 000,000,000 | ---D | M] -- C:\HiTRUSTDrive
[2007.05.06 23:57:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.06.19 17:03:39 | 000,000,000 | ---D | M] -- C:\My Music
[2011.02.03 15:44:45 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.08.07 07:46:30 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.19 13:42:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.19 13:28:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.06.19 12:13:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.18 22:20:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.06.19 12:16:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.14 15:03:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.07.04 06:35:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.07.04 06:35:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 14:09:37
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4

< End of report >

--- --- ---

user1999 19.03.2012 18:34

OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 19.03.2012 18:10:45 - Run 1
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Filiz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,77 Mb Total Physical Memory | 613,70 Mb Available Physical Memory | 60,00% Memory free
2,25 Gb Paging File | 1,99 Gb Available in Paging File | 88,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 5,71 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 39,97 Gb Free Space | 56,72% Space Free | Partition Type: NTFS
 
Computer Name: FILIZ-PC | User Name: Filiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C65EE-5407-4BD3-9A16-C0469442D732}" = rport=10243 | protocol=6 | dir=out | app=system |
"{00EF9ED6-C15E-43E9-AEEB-BCC14BA9BD3B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{01A909BC-5BCD-463B-9979-B09718E0368B}" = lport=1701 | protocol=17 | dir=in | app=system |
"{08AB458D-ADFD-4263-A7BD-98F11E5FD0FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{093B7CB2-3475-4866-B8E7-773F12A48415}" = lport=5357 | protocol=6 | dir=in | app=system |
"{09DA611D-6F4D-4C0C-AEF9-5B17F08BBBF1}" = lport=445 | protocol=6 | dir=in | app=system |
"{09E2415A-F3B3-4E60-870B-660E8EBD1DB2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{0A7C5E4F-14BE-435D-96F2-8DD694CAA885}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0C39A5EC-EEEC-478A-A9D3-E54BDB10993C}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{0CB357D9-985A-41D1-88B4-8F99C3BBC894}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{0F45F741-3480-4477-95BA-6CEA2D9CD67E}" = lport=6112 | protocol=17 | dir=in | name=wc3. |
"{188708A0-FF70-4671-8DD5-413212E8DC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1DD405A5-C446-42E8-B98B-A273E1660363}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1F14F1C5-93DB-4B8D-87F1-BC6763B17A19}" = lport=80 | protocol=6 | dir=in | app=system |
"{2065B063-A4A1-4D0F-BCF5-AA32BA3BEC9D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{21A02312-78B5-4384-847B-2092DE00D30A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{21D81934-17E0-474B-B6AA-DD3E0D79DF65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2424F0CA-60A5-47AD-A335-FABEE1A30250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{2B040D6B-6640-4341-9174-959C5C9DE970}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2C3B3A77-E45C-428B-B5D4-DCF8CA5FD2BB}" = rport=2178 | protocol=6 | dir=out | app=system |
"{2CCDAA28-20CC-476E-8DE0-BF6B4252E2D8}" = lport=5358 | protocol=6 | dir=in | app=system |
"{2EAD8748-A510-4D3B-AFDF-66319ECF1459}" = lport=6112 | protocol=6 | dir=in | name=wc3.1 |
"{306CE20D-C356-4DED-8A20-DD3B90F58A5A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3165AE08-0F79-40FE-B8EC-20ACE726DB44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{339A2C6D-B651-4C3C-BC0B-2F91277ED517}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{36682890-4A32-459C-B9B0-A7A0AD99484D}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A0C21D6-AA16-442C-B822-8FC1CB00A5C6}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{3A8672D6-A8C5-45CF-8CD4-6FF786FFE03A}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{3C071050-E489-4B26-B5A5-0C5B4AACE85E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{3EFEA895-E0DB-401C-81EB-53C748AE9E36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{40283FFD-E775-48F9-B21D-8561E1B2C012}" = lport=443 | protocol=6 | dir=in | app=system |
"{42CFBA9E-3C6E-4963-AC94-FD912A9EE97E}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{46190549-7654-4FDB-B7DE-A3E578AD20B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46FB419E-102E-4496-828E-D55575BE6EA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{48B884BF-3E52-42DE-87F4-409C3A1733A9}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{4944BC6B-C00A-49D6-9923-603CEBA20FAC}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{4A4760EB-5CB6-4D2E-AEF6-2332021F7497}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A8B147D-C2B8-4EB4-8913-42BF3A46C4B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4D21BA61-A537-4A50-95D4-61FD16401F48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4E0DCEEA-4020-4878-B75D-F5CCAD18199A}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4FDED6A9-C23C-40BD-A23A-94D13FE74386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4FE10CF9-8467-402D-8D9C-A0264DB02014}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{523569A5-C092-4CEC-A72A-408909CFFDCE}" = rport=137 | protocol=17 | dir=out | app=system |
"{52CFE18E-8A6F-4157-876A-F83ADCFC6AD0}" = rport=1723 | protocol=6 | dir=out | app=system |
"{5607C3E5-6E65-490B-902F-9C088BF2E96A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{56DEB1D8-902B-45DE-B2EB-263244464EB5}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{59950D30-41CB-4A30-BDDE-73C7664AD70F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5AAEE57D-A6D8-465A-9CC0-825C2C6A0FB9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C94A644-EA7A-476E-ABC5-352BAEC4C222}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{5DE7AE58-2838-43A6-8C34-41191A042855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EBBD232-471B-4FE4-B118-372A92DD9000}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{64FAF4D7-93B0-4395-B478-DF3D7636C6DE}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{66434F13-983C-4478-9380-C354B7F7E0C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{69164AA9-8443-45BD-9960-7E1C9655F20A}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E1353F1-DDBE-4A91-A6A3-4B18C054B707}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F557046-CFF3-4369-B70E-8A5046428962}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{75148773-51AF-4123-B03B-CBF9D3EF4E60}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{767F380B-BBF6-496C-8FB9-80B5FF8366F3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8A28D8CE-C8C4-48B0-95E2-61F6141D3E5A}" = rport=138 | protocol=17 | dir=out | app=system |
"{8CC439E6-5585-4540-AF30-A77DC90320E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{8D987CFE-5F78-452F-B3CD-1248320ABAE0}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{8D9F66AC-D1EA-4D2D-A39F-97104D3FA411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8ED9E83E-5679-46B4-A551-0A064E2ED0C3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8F6520B8-4C54-4D15-9949-1E24E33F7CD1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9006DF48-6519-4262-BE6B-C837F50C2A8D}" = lport=1723 | protocol=6 | dir=in | app=system |
"{9281B536-30E7-4435-9E6A-0F26E77C7B49}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{9546305A-C82D-4F55-97FB-5E9087955C66}" = rport=445 | protocol=6 | dir=out | app=system |
"{95EFFA39-71C1-4FD8-AE5B-1B7861DD7489}" = lport=139 | protocol=6 | dir=in | app=system |
"{99FA3F40-8838-4BF2-8C43-993803758F3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A62CBF03-981E-4AC6-AF6B-28A24506F38A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AB61342E-A150-472F-92DA-95A4814EE9DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{AC4DB8AB-7AC6-4117-AEFB-DB77B4ED054E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B0933485-A3E0-4C41-89BB-CA786F3A2112}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{B29C1710-95F8-4467-BFE1-39C81D4AF63E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B7FE360E-D748-49BF-BA8A-80FC3D3B8A6A}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{BCB5A8E5-6218-4D55-A3DB-56FE88ED609F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{C0E3D069-F1BD-43DD-86DC-AEAF66261237}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C2DE06E3-B3C5-491D-B816-331DA5B1DE0F}" = rport=5357 | protocol=6 | dir=out | app=system |
"{C695245D-A2B5-4D05-97C6-547B3A70451D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CB8B955E-9D5E-4327-A45D-ED9C399DE95D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CF679572-B0E7-465E-9AC9-CB73B11BC13A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D5C66190-694C-402D-B0E0-0465C1A0A5C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D78D6972-A1BB-4B88-953A-1D0A5F3413D9}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{D948EDD3-3646-4522-A2BB-E13C90D14CDD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DC57C170-9EB2-4319-A247-CFA103B53EE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DE7FAA75-1131-4945-A4A3-AF5EF6AC86A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DFC33DCF-1F8D-4A12-B138-78C1CE8B3AC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{E33C3B08-AB41-4F60-BC32-5F2B2A55F421}" = lport=2178 | protocol=6 | dir=in | app=system |
"{E4CD4CD0-C0E9-4255-849D-F16D20C4957F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E5057A8C-AB79-4B6B-815C-13EECD40CEB3}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E8441291-DC14-4A0E-8001-834E0486E3D2}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{E8E176D9-BEC8-41C3-B60C-DB0ED004F298}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{EF10235B-A63F-4E2E-B0FD-0B589A35C371}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{F4DD96B0-5CAD-46A9-99E4-01A65D1972B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F82EEDC5-A86A-4585-AF2A-CD23A5C14BF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F9BFB30E-4BEA-432C-91B5-E2B94FE6A54B}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{FB2E68E1-18DC-4025-ADE9-85F18A9EC12D}" = rport=1701 | protocol=17 | dir=out | app=system |
"{FDC6932C-C080-4C84-A750-5A2CE66CA3B2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{FF4F9971-27E0-4DF1-B17D-985D58D9D142}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008AA397-CED2-433B-8EB7-38847926EAAE}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{02E17AE3-7770-464E-A933-9A14E48535F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0493E3FE-D69E-4A8D-B15E-3A90BC757B1F}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{05099283-2EB3-455B-8A38-1EAE3D75CF5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{09762EDE-3AF2-433B-83BE-6397E58E5866}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{0EE0B771-0B81-4C29-BB3E-8E2028D3755E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1213901768\ee\aolsoftware.exe |
"{134A9A52-B9DF-491A-8871-727C788A3AEB}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{149B2FC6-301F-4B3A-BDCD-FF581910D88F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{152C1DAB-CDA2-4FF4-A6E1-25EFF685C60B}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1900C630-2D65-4EEA-8344-7DD3A805685B}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{1D208BA0-90EE-4FB4-997E-84AE90E665E8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2008AD94-9A3F-446A-8444-A60024DF5288}" = protocol=6 | dir=out | app=system |
"{2041271B-5DC5-44A8-B3B6-67F7F7FEA874}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{217C3922-36A0-467B-BA77-881EA8BFFB22}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{217EAF1F-EDDB-4903-96E0-0E766F9A22B7}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{21EE1DB1-EE58-497A-BBD7-5BE3A3B697DF}" = protocol=6 | dir=in | app=c:\users\filiz\appdata\local\microsoft\windows\temporary internet files\content.ie5\b8orin6r\facemoods.exe |
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{25BB944A-389A-4265-B26E-19CF7DC3E70A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{270CD491-4B33-4083-84C9-D00D1003BC1F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{278C1642-8B18-43D5-A6E8-BA8F1B805465}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{2BF4CB48-7F94-4A5A-8108-AE21513FAA7A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{2DC29940-D60C-4894-9301-2A7F0BA2242D}" = protocol=17 | dir=in | app=c:\users\filiz\appdata\local\microsoft\windows\temporary internet files\content.ie5\b8orin6r\facemoods.exe |
"{2E42583F-3899-4989-9F80-E7E233943B16}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{368C9C21-E9BE-475D-AF45-27B410C77590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3789D9A1-FB41-4757-931F-54594A913347}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{42876BB7-833E-4C11-BEA2-CF85B7D7A1E3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4756BC26-1D89-4E1A-9772-959A7C67B6CB}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{49E6D427-F151-41C1-9806-E9565B49D495}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{4CF16028-769D-458A-94CA-AEA15E9CB3AC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4DBF5A05-3E4E-40A6-9DE8-1BC90802D3EF}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{50AFC9C9-02EC-47AC-85EA-11B24CA96330}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5775EF0A-DDF1-4780-AB71-75F60F6F545A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{581D504D-103E-42F8-BD55-987FC4F84C7C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{5A14B987-1B54-49A2-AFD1-41A578448096}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B6CDCB8-C631-490F-B674-747353763288}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5BDDFCE8-74E1-41A3-A362-4F55D42F8726}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{5E85670B-6EAF-4319-AA87-9D7BBD59DE7F}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{5F4CE7AF-BDB8-4E61-A991-199061F97F44}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{606FEE49-4CB7-45CA-9736-08C1CD8C6856}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{66BFC5D7-0C9A-474E-A97B-D88B5B72B0C1}" = protocol=6 | dir=in | app=d:\stronghold2.exe |
"{6781ECC0-8674-4A88-A9A0-EF45F24D6F9B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{67C4DF38-87AA-4F28-BBBD-2C20F3FBAC6D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{6B320E44-564C-4866-8747-0CAA5DE7A5FA}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{6D5501BB-FAC2-4083-B55E-96CCB34F9133}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D9815EB-8A40-4F5E-BB78-92ACC6106B88}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{6DCB2AF2-26A6-46B3-8F87-4C1DBE032D8D}" = protocol=6 | dir=out | app=system |
"{6E9AB5D5-2032-4E6A-803B-BA58A2AEBD9A}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{6F85D589-E6B1-47C1-AD0B-32C01A872E92}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7620BFA3-B0D0-4088-929D-9D07F449F510}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{7D4A729E-4F60-44EB-9102-262FAEF38C5E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7DEE7B26-52EF-4BD4-B7C8-BB29522FC264}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{804A8523-0B1A-4678-97CE-9B1C5BCFAFA1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{82CDC088-3459-4CD3-9099-7FF6C43B21F7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{838DC87A-2682-4386-A9B5-B259395FCE06}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{85A9F660-15E4-452E-B187-22A3652DE2B9}" = dir=in | app=c:\users\filiz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{87535030-26E8-47A9-BF50-3DA0D3489A45}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{88BF7F93-D198-42C0-BA4A-DE5117899356}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8BCBE432-0061-45BB-985C-1B979B42A5FE}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{8D304577-C5AD-4BA0-94B5-C7EFADCC703F}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{8E8BE690-9D6D-4293-AD90-67B645857022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{91AB4117-AA08-4B96-9065-1EC934401983}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{98130D14-873A-4FB0-BCCC-11F9D6D02210}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{994261A1-9C98-4BD7-8F02-CD9E4EBC81F0}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{9E1D6AAD-9905-41C4-8A37-3894C0EDAEA5}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A44F76B2-7194-43F7-87E2-06AD29521E0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0C28C92-93E2-42A4-83A1-8A7FF9D05934}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1213901768\ee\aolsoftware.exe |
"{B38180DE-EA0E-44E7-87FC-D279EC245E5E}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{B5CD7E17-E2CF-4545-9F3F-BD423E082F20}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{B7ADA983-301D-4273-82A4-529F32E236A7}" = protocol=17 | dir=in | app=d:\stronghold2.exe |
"{B92FF813-E72A-475F-B259-B8BC40F40C96}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BAF33F84-16C6-4000-B953-701161D1F0B4}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{BC839062-F947-4753-B999-2B7BAE3B53DC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C8C98984-CD60-428B-B48C-DB0E72D9C716}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{C9892981-87E3-4B2D-B508-4211B7E2B826}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{CA942F9B-B809-44AC-A48E-EB55E29CA72A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CB29B865-6E94-400E-A449-007F6D8B4AC5}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{D205F1E9-204D-4CCE-92BD-D3992DCFC760}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{D7367C20-E55F-4FB3-A459-1EF2FB40D045}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{E1572AB4-BC74-43DC-96F6-BB35AE86FBFF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E1B8FD3D-4505-42FE-A89D-691A129B9A53}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{E4EE2C5F-F605-4E94-B333-6B939EF516CC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E988321E-A7B9-4F83-94BC-4D137BB45F1E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{E99FC5A1-C8E0-4952-9EEB-3E89353BFABC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF342179-49AC-4650-AD89-690F9815D543}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{FA7D8F68-43EE-4008-BA03-C0E99812322E}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"TCP Query User{2050DE18-E7AD-4823-BDEA-CC46738B636B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3B6B239E-B6ED-4706-AFA5-AD6721CEE0F0}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{4136D892-A38F-4D0C-AB25-FB92FBF5EE3F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{862ADDA5-444D-4BE2-B797-9F6233075AA8}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{884039BE-53BD-44E5-B356-CE9AB52233C8}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{8BC1CF93-7727-4F24-8DA8-151F872428CE}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{CFCFD5A4-F615-4976-BF04-46F907A4218D}C:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=6 | dir=in | app=c:\program files\lego media\constructive\lego loco\exe\loco.exe |
"TCP Query User{D139C222-A3AE-45F4-82AE-7C9239924817}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"TCP Query User{EF47BBA3-4BD2-46FE-A07E-95C4AD351EF9}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"TCP Query User{F60D40F6-49B3-468E-9487-F7F0413EB8BE}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{213885E2-C706-4567-9491-1893AA5DEFD4}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{334056DF-3B40-4230-A54C-ED6DBEA9167C}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"UDP Query User{362CDDB3-4F99-46ED-A696-07599FD378C3}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{3D23410F-FB96-414D-896C-3EFFC82BED21}C:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=17 | dir=in | app=c:\program files\lego media\constructive\lego loco\exe\loco.exe |
"UDP Query User{42F82518-F47D-4144-A588-D5731FD4C016}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"UDP Query User{6B02D4F9-F605-478B-B7AC-2BD56D6150CE}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{9ED16594-D837-4A67-8070-D79BC91A1244}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A9948AE2-B8EA-4A49-95E9-C885E77AB560}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{B4532383-D286-4D5D-B429-4218058BEBB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CBCB71CD-B776-4FF0-BDB3-498A7BAD03C1}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021661E0-C377-C87B-9583-E0A69E61A489}" = Catalyst Control Center Localization Thai
"{023387B5-AF74-D690-D2C6-C8D474597284}" = CCC Help Polish
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{042B8532-E27C-C06E-A8F5-71F36B98B2DE}" = Catalyst Control Center Localization Portuguese
"{0459FAF6-D4CA-406C-BA6F-9A3D225ABD1A}" = Epson Customer Research Participation
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07AE9F43-360F-7412-577B-2B4B73E5EAB9}" = CCC Help Hungarian
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C09E020-9996-4E1C-9839-97DA8F9C8D6B}" = CCC Help Danish
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1861D449-590B-71F5-2C62-21730731FC4C}" = ccc-utility
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21565317-7E58-CEED-E5BE-6916533442F4}" = Catalyst Control Center Localization Czech
"{2224B408-E7E4-15CF-0674-EC7C36D68741}" = Catalyst Control Center Localization Hungarian
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236D1288-99DB-C3D6-D132-EDE6317BF619}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{2AABA091-41DF-D0D3-83F8-0133F8C7AA97}" = Catalyst Control Center Localization Swedish
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{317DE552-B622-0DD2-4E7E-28400D64C100}" = Catalyst Control Center Localization Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42DF661F-6351-B582-DE2C-B8C46B30303F}" = CCC Help Dutch
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F5641C5-409C-7E5A-A2F9-B6D00A190B55}" = Catalyst Control Center Graphics Previews Vista
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5AA2CD16-706F-41F3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EA96EEF-4E57-C1F0-6A06-088191FE110C}" = CCC Help Thai
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = PTP
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{6467DDF9-718F-4FC3-8606-A975468DF541}" = SymNet
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B73D186-ED5C-6EB1-96EE-8F866269243C}" = Catalyst Control Center Localization Danish
"{7007D9E6-F820-CFEA-EB87-9C9377A967F7}" = CCC Help Swedish
"{710EA46C-2A49-F39A-5EC7-3884DC5329D7}" = Catalyst Control Center Localization Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF0F2A-A87D-B6B7-6671-61B53F98254B}" = Catalyst Control Center Localization Turkish
"{760F3E42-B1E4-5324-4C4A-0459C8938B6A}" = Catalyst Control Center Localization Italian
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760B7DD-C922-C286-AB6C-2E06B32C1D4F}" = Catalyst Control Center Graphics Full Existing
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837F9742-DCC8-3FF4-5066-E11E48EE2391}" = Catalyst Control Center Localization Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86861408-CB40-247E-B851-608792116658}" = CCC Help Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E71966-9EE0-9AD3-2C17-FC3A0B8BB810}" = Catalyst Control Center Localization Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCA7792-CF78-46C6-66A7-EB9A8F0FB0A2}" = Catalyst Control Center Localization Russian
"{8C42C789-B0EF-3226-9069-D1956B220B38}" = Catalyst Control Center Localization Greek
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE1CAAF-31C0-6B2A-45EE-7761FDEFC806}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C353B52-07E4-07A7-B95F-392D8AA37210}" = Catalyst Control Center Localization Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBB76DD-812B-26E9-C681-B7CD2DA27A78}" = CCC Help French
"{9E6D81B8-1FA4-4F32-AEE2-D9F81971B4C0}" = Simtrain's - Gotthard Route 2
"{9F96AFEF-28F1-2479-1D6A-33F8D4A7BF11}" = CCC Help Chinese Standard
"{A10FCB8E-F4C3-0C5E-4FFC-8C9A560095A8}" = CCC Help Russian
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A6038CD2-72AF-2C0A-C1A3-93D360F5A889}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE223864-BFA1-1F17-49B2-13C8971DACA2}" = Catalyst Control Center Localization German
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B22D8435-CB77-849A-B9AE-D1737A073914}" = Catalyst Control Center Localization Polish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BA8D55-5397-6712-1B6C-5A8849AF19F5}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1722D10-8C05-B66D-A160-7C2CFF589176}" = Catalyst Control Center Graphics Light
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C485A66D-3521-20E8-2A7B-F060B1773491}" = Catalyst Control Center Localization French
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1C40A4-2836-1911-673E-18572FD2B62A}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6FE5A8-1338-188F-35B3-8372FA31D822}" = Skins
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5E905F1-7657-7B1E-E5BD-2C69C89C8ABE}" = CCC Help Italian
"{D6DB00A1-4BCC-AB1B-24C2-0999BDA43D85}" = CCC Help Greek
"{D7D4DB0F-9070-AED1-D2F4-D11BD42C7588}" = CCC Help Chinese Traditional
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{D7F01E28-9D36-F8EC-872F-9FD71792F858}" = CCC Help Finnish
"{DA6AB13B-4D72-6EBB-AA4D-656CE9C0E512}" = CCC Help English
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF59BA36-54DC-6BB4-FCED-C9B9F2BCB4AE}" = CCC Help Spanish
"{E0325EFE-9D02-0F1E-7306-F4D95979715A}" = Catalyst Control Center Localization Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63AA3F4-5647-0BC8-24FC-F40CFE56B579}" = Catalyst Control Center Localization Norwegian
"{E6541F6A-3D2D-30E5-57F9-4DD411C2E4F0}" = CCC Help German
"{E720B248-D9F5-5E20-8E72-3E419D45D703}" = Catalyst Control Center Localization Finnish
"{E8E32E53-18F7-095E-CC75-F77E412F1AD9}" = CCC Help Portuguese
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{ECF106D2-86F4-49A3-8761-57D736C8D660}" = Karamalz Racer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09030B7-7B8A-30DE-539B-607C9B1831DB}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F76D7388-A433-E572-4718-CD3421738166}" = CCC Help Turkish
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Toolbar 4.0" =
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"BabylonToolbar" = Babylon toolbar
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Diccuric" = Diccuric
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProTrain 23 Raildriver 1.0" = ProTrain 23 Raildriver 1.0
"RealPlayer 6.0" = RealPlayer Basic
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

user1999 19.03.2012 18:37

und jetzt ?! :D

Swisstreasure 19.03.2012 18:46

Schritt 1
Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
:Commands
[purity]
[emptytemp]

  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

So, nun führst Du einen Scan mit GMER aus und postest das Log.

user1999 19.03.2012 19:00

aber wenn ich dann neustarte startet der pc im normalen modus auto. und der geht ja nicht...

user1999 19.03.2012 19:17

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:671329E4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Filiz
->Temp folder emptied: 618870920 bytes
->Temporary Internet Files folder emptied: 1528439693 bytes
->Java cache emptied: 63711848 bytes
->FireFox cache emptied: 2904538 bytes
->Flash cache emptied: 77449 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106395517 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 15442574 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 5951550996 bytes

Total Files Cleaned = 7.904,00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03192012_190726

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

user1999 19.03.2012 20:36

GMER Logfile:
Code:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-19 20:34:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-00PSA0 rev.05.06H05
Running: zh7hlvh2.exe; Driver: C:\Users\Filiz\AppData\Local\Temp\kwdoypod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73F27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [73F7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [73F2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [73F1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [73F275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73F1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73F58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [73F2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [73F1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73F1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [73F171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [73FACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73F4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [73F1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [73F16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73F1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [73F22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

user1999 19.03.2012 20:38

und nun??

____
mfg :

Swisstreasure 19.03.2012 20:48

Geht der Normalmodus wieder?

user1999 19.03.2012 22:24

jaaaaaaaaaaaa!!!!! ich bin dir sehr dankbar! fuer deine muehe und aufmerksamkeit.
___________________________________________________________________________________________________________

der rechner hatt an geschwindigkeit verloren.. liegt das vlt. daran das der virus hintergruende /spuren hinterlassen hatt oder weil der pc knapp 2 tage ohne unterbrechung an war?oder ist das normal nach einem virus?? ich hoffe der pc wird wieder schneller wie frueher..
___________________________________________________________________________________________________________

also der normale modus geht wieder muss ich noch i. etwas machen?? ( nochmalen zur sicherheit scannen oder so meime ich damit) oder sind wir komplet fertig??
___________________
mfg: Denis

Swisstreasure 19.03.2012 22:42

Nein wir sind noch nicht durch :)

Update Malwarebytes und mache einen Fullscan.

user1999 20.03.2012 16:01

Sobald ich zeit habe mach ich dies meine cousine hatt heute geb. und ich morgen also ich werde es uebermorgen machen..

_______
Mfg:

Swisstreasure 20.03.2012 16:41

Dann viel Spass beim Feiern :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19