Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Scareware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.08.2011, 19:00   #1
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



Hallo,ich habe das gleiche problem wie viele hier, das ich diesen bka-virus eingefangen habe (war eigentlich nur auf "facebook" und www.sidereel.com bzw megavideo wegen ner serie). ich habe schon jede Menge threads zum thema "bka virus/scareware" durch gelesen, aber so richtig schlau wird man nicht, da immer bei otl immer andere benutzerdefinierte scans eingefügt werden.
Vielen Dank schon mal für die Hilfe.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 10.08.2011 18:38:37 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\himi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,87% Memory free
11,43 Gb Paging File | 10,26 Gb Available in Paging File | 89,74% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 67,47 Gb Free Space | 14,49% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
 
Computer Name: Computer Name | User Name: User Name | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\himi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\himi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
 
========== Driver Services (SafeList) ==========
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 16:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.23 16:37:44 | 000,000,000 | ---D | M]
 
[2011.05.08 12:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\himi\AppData\Roaming\mozilla\Extensions
[2011.08.10 17:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\himi\AppData\Roaming\mozilla\Firefox\Profiles\gnndmyow.default\extensions
[2011.08.10 17:55:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\himi\AppData\Roaming\mozilla\Firefox\Profiles\gnndmyow.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7431c1d6-992f-11db-9c5a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7431c1d6-992f-11db-9c5a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.10 18:35:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\himi\Desktop\OTL.exe
[2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
[2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4
[2011.08.09 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.08.09 20:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.07.13 15:47:13 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 15:47:11 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 15:47:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.10 18:35:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\himi\Desktop\OTL.exe
[2011.08.10 18:13:50 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.10 18:13:50 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.10 18:13:50 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.10 18:13:50 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.10 18:07:39 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.10 18:07:38 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.10 18:06:54 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.10 18:06:54 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.10 18:06:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.10 18:05:45 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.21 20:52:08 | 000,921,624 | ---- | M] () -- C:\DC6810xp-001.raw
[2011.07.15 13:01:23 | 000,264,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.10 20:32:33 | 000,008,704 | ---- | C] () -- C:\Users\himi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI
[2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI
[2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini
[2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI
[2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL
[1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI
[1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI
[1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI
[1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL
[1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL

< End of report >
         

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 10.08.2011 18:38:37 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\himi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,87% Memory free
11,43 Gb Paging File | 10,26 Gb Available in Paging File | 89,74% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 67,47 Gb Free Space | 14,49% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
 
Computer Name: computername | User Name: username | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DBB7867-A899-4A39-AC5D-D3CACBE0CEAB}" = lport=17520 | protocol=6 | dir=in | name=mubox12 | 
"{4A187491-A5AF-467A-AA8E-9A43423E2EC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CA045F37-067C-4AEB-B3E3-6BCCDBE1D13F}" = lport=17520 | protocol=17 | dir=in | name=mubox11 | 
"{F56D9D9A-527F-4ABB-96EA-AD8D9EE52E76}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B5C5B-3047-42A9-A630-4DD034B328AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00559B89-735E-4FC9-870E-9385740C7AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{005B37CF-53BD-465C-A517-C8543EBA4A8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{029C677C-7D18-4399-999F-7A5EC3DB3829}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{02AE4505-AD32-4BC9-A6FA-493AF443E4A1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{03A557C7-06DB-4DC8-8DC7-3F8DA99583CA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{0501F28D-BC74-4CFA-B060-53E342273D45}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05131434-5FAF-4461-A0F2-CFC75F302495}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05659D87-63F2-49DE-8A6B-4C6EE294C323}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05D9DC1C-FB8A-445E-8C07-C5C7EACD149B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06339B3C-1417-44CA-8A43-C726F49CFEEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{072D7A48-7BDE-43D8-974A-7600F76EDEB9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{08D3BB8D-9FC6-449D-9F55-99FBDD4BE2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A993350-A07F-403B-B4E0-4C6F1221AC7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B8B3430-7CBB-49C8-9DBD-DA40FBF5F5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BE05B04-D00E-4F89-B033-830667A3E09C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C1D98B8-717F-47B6-9598-6E2EBCEEFE7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C84075D-9BAF-4663-8460-AAFF4B46A28C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E684D5E-71B0-4900-94D1-4419BC63BC07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10077AC1-B407-4417-8879-200CC40B06FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{103EB0CB-7650-4A94-84AC-94AC08EA770F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10EC98BC-7736-4A7F-91D5-70D9B1AD2E97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1117BED4-51B7-4273-94FF-A78AC350DF4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1264C8C2-B49A-4BD6-8432-641968D04CA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12D24E6A-EDE6-48A7-9930-1DEF75C36F22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12E5F683-8AA9-4705-B92C-25D2328D658A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{13076F4E-4B5F-40A3-A278-7519512CCF1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{134435C1-6212-4978-9269-2747FAD54082}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{138921ED-A620-44DC-9AA2-6DFDD589DE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13E99B7F-FA66-40CE-92F7-196DE81229AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14AB23E6-485C-4863-B9DA-93134E31DC6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 | 
"{14D77BA4-4A3D-435C-9C80-344AECA5A038}" = protocol=6 | dir=in | app=c:\spiele\battlefield 2\bf2.exe | 
"{153C470C-D4A6-4A47-BE87-929840073CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15941C9C-01C3-4B86-8D67-A01B9DD6EF0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15FE61B0-EA88-4D91-B342-CD9042B72110}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{178E7D6F-B823-40DE-BEC6-3DCCBEF664F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17C94D14-4356-41CF-B4D5-8CE7A38CA60D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17E849A4-0494-4753-A0CB-634EE4EE5FBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19346D50-9598-4DA0-B8FF-299FACDF9BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19CE2D91-48F7-4E15-8C1F-9790776D1FAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19FB4B0F-264E-4EE5-AA93-E76B3CFEE389}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1BB78FF3-EC62-4CF4-A88A-44CAC3B84447}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C5176D7-A7D9-4BA7-A1BE-A95061369DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1DF2E80B-B9AB-4965-AC81-F21E7000143C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EDBF42D-C036-413F-8D7B-2F2738C48AE7}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx.exe | 
"{1F6635FE-D548-4A4E-9AC9-2244FDF6681D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1FB2695F-5D0D-41F0-8EEB-651F8D75E96F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{201AB2D0-42B6-4FF1-AE1F-8320226AF966}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20AEF45B-3209-424E-917D-5061B3DE6338}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{229B2156-F644-4A9D-80AD-3B603458D93D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{235CEBDD-675D-463B-9C22-28A44C86DFD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{252D6767-9B53-4006-AB04-8B1458CB902F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{258CC967-E240-4070-B056-A973522FC721}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27F6EB0F-CC53-43CF-AEB8-1981544D0855}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{283A07B8-19A1-4125-BFB3-7C375CC66618}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{283E9404-1519-496A-AF8E-59EF2438B753}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28F5CD87-28F3-46F5-8228-1E3B95B000A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{290B5E01-3501-4246-A7D0-6B8FB527A9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29FB2327-7C21-4589-B966-5CB65DB7B386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A0070C9-B502-41E1-A79B-4D15A9A8DE8C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A976822-73D6-4861-94B1-857E254DE103}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AFF5B9B-0C74-4B3B-BA80-66E6CCAE6CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C3A3DEA-BE16-4CB4-AF54-A4689F6B8B43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C5C7A24-9E95-4983-90E5-1164A454444F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2CD8F032-2C62-45AC-9477-0B964D522287}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D7AC443-F9B9-4E0D-A9E1-3F76787C47FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2D891BEE-A1BB-43B4-8D12-0675E9881D62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2DD2099F-939B-48F2-AD08-AECD8A02764B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E105ECA-33F0-4DC6-A320-9072FB3597FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F872074-DB11-4515-A069-8BB74FFC7D65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F91FCA5-028D-4DF5-92BA-5DCEF8A0DBFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{303CCA1A-1354-4564-B29F-1BECE69DA593}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30D73AAC-B031-4512-A6F2-6B3054242B82}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32DE05E7-6198-4825-80A0-2A638B2D8BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3364A205-A82B-48A7-AD18-7D4A7D2D4319}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33791EF8-1164-460F-9F97-00682E65EDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34820175-C66F-4AFD-B818-D5B4D740BEBF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{35425D1E-E405-49E2-84BC-676A0FE9EF07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3634015C-C76A-4423-88A3-F923E6774948}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3642DED7-AB59-4700-A1DE-E42DA04CC853}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{36F0A7CF-C49C-4C2E-9DED-6BBBC79CD306}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{376FA0C2-A5B9-4D0A-96EB-33781120793E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3979A064-71F4-481E-835E-D85912600E67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39945DC4-EB1C-491C-BE01-9A8B7BFBF085}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A5CDD4B-81D2-4CF8-9113-E1E39E3F02E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A6E7D0D-7D17-47AE-AB71-5EE1CCF273C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3B147A5E-4A63-4228-A86F-9A57FD9EC888}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3BF0B062-D60F-4B57-8C19-4C592998CABF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C24207B-1137-40CC-851E-F4FC0E372CEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C7F1F0C-C73B-43F2-B146-DE98B2CCC823}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3DE3AA84-09BF-47A7-8E0A-03D77F5FAB39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E65FC37-9AC2-48C3-91C3-511FA733AD19}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EA2A545-F8EC-478A-A578-F04D2FB1A05C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EDB7703-5244-421C-BD73-06816A1AE294}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EDD8611-2CEC-4024-9628-7D1F28191A9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FFF3001-B430-436B-B7AD-F92FDFBFF9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{402ABC1A-9C9B-4911-B8EA-3ABF09419BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{406D8FCA-F87B-4D64-9719-26917BB43BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40888520-4B57-4B91-BDC0-39CEE4F766D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42E72ED4-DEF8-4629-ABDD-6B2BDE1E6C7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{43D53421-1FB2-43E8-94CA-0719E0F6819D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43F6A7CC-BC64-40CB-9944-310F6FECF942}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4403D093-D215-4217-8E4A-973FB21C59FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{460D9734-F17A-4E5C-A593-26A1AC35BB8B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47E5BC90-A7AC-420F-91B6-AA58C05C0E4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48031CC0-B7E9-401E-ACE0-A7070D12CE9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4848BF49-5787-43AC-BAF7-336E8E0A0EDA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{4869EB28-480F-45F0-8ABF-6514E46FE51B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48B5E9CE-37B2-4A19-A356-65A77C5E2EA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A784CBD-5EBC-4912-BD3E-E1ADE299B855}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C255F38-8B7B-47E3-834C-2A1E420E5743}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C3495DE-10CE-40B2-9141-BC08CED0ADC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C50447E-393F-4D79-BD85-D46A07F66B20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4D2D5EA6-E3C0-44EC-8804-298AB9F30407}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4D36EB29-4437-4490-9ABD-1CB4BA0DBCF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51069E51-BEBD-422E-ADA1-BE6FEB7BC66E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{52B5F2C1-BE1F-4D7F-9D14-4F6BC749F657}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{52C58F34-B6E8-4DC9-833B-746EBEC11BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54BA2EFD-BE19-4931-AFD4-ED082C1B511D}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe | 
"{5667D35D-62E6-4992-ADB8-1DE4ECDC31BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{568D8FE6-7D4C-4824-8840-1D5CC3F6101F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{56985AD9-9B4F-476B-88BA-42C4D07DD765}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{575962A8-7C1C-4B39-AB18-4787C25FDA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5786F3DD-2CFE-48F2-8F1F-6EACB0787689}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57C172C9-3335-438D-A734-B7C391BD82AD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{5A35D46C-46A2-4510-93D3-E65348D01A84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A41EB62-3BC2-4BCF-87DD-C172EE5663B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A9900A1-6C4A-487E-B6FA-4C05074308DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BB900A0-7BA1-400A-90FC-D21B2DDD200A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5CAD0062-6E74-4A5B-B7E2-A8BA5452F15C}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 | 
"{5CB5239D-746A-45EE-BC7F-D1CD40B353BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5CEA002E-6EFE-44B1-AD0D-BC63D56966E8}" = protocol=17 | dir=in | app=c:\spiele\battlefield 2\bf2.exe | 
"{5D6BB1C1-E7B0-4B63-AACB-063D45251192}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D6D9ECF-9F09-4E5B-9047-A28E69FAA4E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5DAB97D2-D372-45B1-BEA6-DB2C0052E7A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5DB3106E-A543-4953-9E7F-001FEA8DF0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F6F6B06-F9C7-4C9F-BAA9-866784572D5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FE82E57-655D-4965-A8DE-6A1BEF09DEE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6034525D-8258-4C07-AF2B-7555D2824AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{608F3FE1-DEDF-4EEA-9DE1-4A299A3D7DDD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60D147FD-0A2D-47A2-8635-6ABFA3FB2D65}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{611550F6-49C2-4D69-9CBF-95621B165B36}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{61B2B502-3744-4107-B2ED-E449A42CBB2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61CCBDD7-5BEB-474A-AA78-178BF1603AD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62616035-54FA-4D1C-BD54-E8C836EAE7E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{626BC1C1-D80C-4522-85E6-63DA077EAD68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62995E76-0410-487C-994D-8E75D852760F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63546320-54EC-4917-B005-A4112D64C656}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63F9332B-F4FA-49B1-9812-C295BB8460E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{641069E8-EA32-4996-A19A-1963FB8CF106}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{641E7369-38AD-4F2E-BE10-51B3B9A2621E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64794995-0F4F-44E5-B658-FC6E6AC77EA3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{65009C96-CC27-4F25-A60B-493312010A08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{650905B1-BECF-45A9-8D08-AF0C203510A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{655703B7-6CC4-475F-952A-7FE38A13B45B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6578D47F-63FB-4183-8AFE-10EEC3F6415C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659B9298-1917-401F-9CFE-D8F19FA00C6E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{65EB4B60-7DFA-4297-BC74-F21A58A9FA23}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67CC644A-B729-4185-8D8B-71AC1B3D60F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67EA87AB-6624-48CF-9114-FA8922D38881}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6807868F-741B-4D2B-9F6A-E134688A29C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{697F4646-6D51-4B7A-BC39-85EAEC82C4FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{698CAE38-7AA5-4F95-9758-97D2A38AEC11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B5EB699-62AE-41A0-B27B-12B102502C71}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6BB98054-B9C1-4C4E-B7EA-9C0C5BD62E97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C5A55E2-7780-41D9-9DD9-D3C5EE7AEEA7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D3FE7AD-0E7B-42F4-B990-CE5EEAC2771D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DE9C2DB-5617-4031-8823-46B87C2474AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E384561-9ED9-4BFE-B424-C1B9F806CC99}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E6C01E1-1DDA-4AAE-9280-266FAD2F2843}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6ED3EA61-E482-46D2-96A9-99C5C278CED8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F48722E-70B0-4E07-85E5-9078C9353E38}" = protocol=6 | dir=in | app=c:\spiele\hellgate london\launcher.exe | 
"{71267531-CC76-46F6-9E1E-F3CB3FD01CB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{71BE1229-271B-4C7A-88F0-18607A1C1831}" = protocol=17 | dir=in | app=c:\spiele\battlefield2\bf2.exe | 
"{726F7D41-0B5B-4A90-A236-444DEBA7E6B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7356DD5D-7A17-4B11-B834-E0A50042E7C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73C9942C-DF2C-4346-99FA-D317491AA55F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7449441F-2BDC-4186-8FCA-C2D4975ADA58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7450214B-7329-4B08-AF56-3D27A10951E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{746D1BBA-9C40-4837-91B3-419B8CA342F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{749937F1-F683-4D97-AD88-D0ACB1396D30}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{762DF4FA-24CE-4615-8686-E2884DF9C991}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76443D58-6765-4942-B83F-791296274D65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{773EF4C5-9924-4685-AF2E-F35FFC4A6C2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{775E276F-4F23-475D-8F57-15791C9F21B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{789643F0-7DC2-4769-9800-D445D2114A2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78D95B16-99EE-47F7-A589-C93AD3745B64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79642FE2-79B7-488E-B24B-85BB32DF5876}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79A3D9D1-DFA9-443D-BC35-799C74D02214}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79BFC7BD-62B9-48F8-958A-592102276D96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7AB46C2A-D39E-449A-A2DE-75022CCB4D06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7BA1E7DB-1DE7-41A3-A2DF-2472072A23E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C0F32AD-21BA-4FBD-8EAD-941C68E94F57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C582E0C-9426-4934-B34C-9351586BBBE0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{7EE2FE00-205F-423A-93A9-17C5FF62AB74}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F9096AD-2D37-48DF-AEF1-B36F63B8D875}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FB3D2D1-5C0D-4F29-BB8A-BFF3E6D2617B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FD14BD8-3C92-4F4F-8D3B-0C4488C714B2}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx.exe | 
"{7FDD23AE-CF9C-4BFE-8ABB-8B0A59BFBC40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81702DAF-4AC8-4B94-9960-AA940240D4EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81B3E062-EFD9-4C9B-A178-C85349940296}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82B1ABE5-005F-4EEB-B858-42FC1BAD52E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8423D59E-5F84-4C56-B2BE-6AFBFEA50603}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{844DB633-B170-4403-8065-CF30CC435F02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{85292C34-92C9-47DF-99C3-2A40866E09A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{855CE4B5-7DA3-43CE-B437-8BF7A095568D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{87FBF237-039B-4288-A77E-044179479EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88D757FA-FBC2-4C34-B83A-489673B164FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8966DF41-D067-4566-A997-89254A33D2D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{89C5E18F-BE2C-4EF8-AC7E-E5F925C5EAB0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A74504E-3164-4695-B93F-5182636D8E11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BCBB827-0E19-47E2-A363-EC607FFAC7FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BE9B14D-525D-4D0F-B31B-E8ED6E113734}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C1FED89-807F-49C9-AB37-5B012818D7D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D91F950-4B80-4AA2-A96E-9C0392B28244}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DE658E4-CE1D-4480-80C9-55A2AA5FCE91}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{8DF0E03A-ECC8-4E09-9DE7-C71715176623}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E935FD9-E72C-47D9-B8C4-5EEC7B6943E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FA325BF-891E-4827-B545-A7F0A21B9B6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FD85A37-F67C-4C43-981F-2873EAA1A393}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90EAF9CE-F9BB-448B-B79C-7C25804CC930}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90F20418-A20B-4ECA-9286-5DCE4834C2EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{911CE052-1296-4037-905E-196226A493A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91FEEAC5-B3EB-463D-99CF-B40CC7AC5875}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{9275DF02-0BE2-4E05-A7E4-3439469C5AA7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9297FEFE-3C7C-4C51-BF5E-2E719805CB17}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92BD6311-6C0D-4CF2-B32B-83625C32EA9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9434D2B7-9A6C-48E4-952B-C2A7EE014777}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{946D1D22-30B3-4FA9-9669-034B96F78A0E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9494797B-507E-4E64-92E8-1CC71A276C56}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{94F3B9F6-CDFC-4354-BC24-5BACE8040D68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{956778E5-F1C8-4E54-B640-ED1A910F215C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96173EB9-1430-468C-917A-25D594DF6418}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96567423-77FB-490A-B35E-E8E9C99F83C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96F00460-4D67-470B-B8B5-E485FA22730E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9851D700-F6E1-4A7B-A940-B70DC7B316DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98FF368D-3962-4924-92F3-95D2592B2120}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9987A999-0E0E-4A36-A09F-C565E3E2AFA0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{99D17913-DEC8-43CC-B25D-BDD698D9BC9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A1504BA-D58B-4561-A089-E610157D6CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A96444E-FD4F-4385-9413-A087F7E7B1BD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{9C132163-30D2-4B67-BB93-AAE53B6750CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CECAFCD-1543-4C02-8EC4-B8B0394127F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CFB9101-E6E3-458B-877B-A6B5075026A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D1767A7-E1B8-4405-82DB-866F2C2CCC66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D9E1D34-7417-4F60-8412-4E61A55583BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DD0573E-DB37-4E04-9A85-1B3ED3CA8F15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F355307-6E1D-4F73-9E59-ECE1CAB89FE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FC56592-56F7-4AF7-A80F-3EFE4A63F938}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A06020E9-C9BC-48FD-A204-5348707F10E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A24278AC-C20A-4F18-B90C-509DDD03EDBF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A26D6C5D-B63C-4EC0-A0E0-E6759B7A322E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2EDB997-557B-4429-AD5C-248778184266}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2FFB3D8-F2C7-40C5-89E2-A58C556EB4E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A432A592-ED44-44D3-9440-BBC7B83CA8BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5683135-BABC-477B-84A1-2CF321C25AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A6D93C16-5976-4F95-A8B5-6A32D65F00F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A760F7C2-A845-4836-9D56-92DFFA4AC4ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A7C428A2-3160-4DF2-BBA1-2AB2FD45FBEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9B07034-0AE4-49CB-B2A5-C70D19BED1B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA637E72-4806-4351-94ED-89D9B74F7694}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AACE98C9-1F1A-4BE8-9609-9D56E6CE7D84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AAD65875-2D64-4471-A269-C7893CE4C716}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACC3D864-7ACB-4825-B0EE-B8D5EF5456FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD38D988-57E6-49E1-A1E2-15A48CE8D27F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADE09D17-FC4A-4BF4-AB38-C5F11E62EE18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2CC558E-5EF7-45BC-806C-F5D1FA7759F5}" = protocol=17 | dir=in | app=c:\spiele\hellgate london\launcher.exe | 
"{B344C6DF-43FC-4066-A2A1-C1F8911ACB40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B3FF359F-487B-4ED9-BECD-6B0CFA60F5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B427DC65-B149-4B84-BE57-488D32B2AC3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B475798D-8952-4095-A3AF-6716A74EFC92}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4F8C158-4706-476D-A22C-8433166E3DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5133D3B-DF45-4DB9-90FE-0C297E2488B3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{B51F2910-5E55-46AF-9D6E-DE63D7A9A62F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5562BD9-2200-461A-87C2-97FB058FD082}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{B5F6A7FB-7819-4716-B1FF-DE575A643F62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B61017AF-9DDF-42D1-B389-921980B73A45}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B62B0C5C-050F-4A30-9B48-E063BE52A0DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B6748994-8A43-458D-BAC6-2A76D3ECF637}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8CBA12C-258F-4FD7-908D-A9676656B9B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8E9E8C3-3548-4454-9992-10F9B4D847D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B945ABD3-F601-43B1-A3BF-C231359959B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B94FEB95-3BEB-4080-8A7B-417B5F49FD98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BAB61AB0-35E5-454B-AA83-78DB6DA497B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB590BC1-3FAF-407C-81C2-D93D7DB520DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB724666-BE74-4975-8417-8C8482EEA48C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC93961D-DCB1-456C-9BCE-CCD38715BF55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDBFD2DB-D5E1-43F3-8A8E-BFB96396C386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDEBB466-D436-4AA1-9017-F280EB34EDE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDED2D8F-1F29-4518-B311-5E3F4F37E3AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF203B47-7DA1-4C4B-8545-67DD1EFD3AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF56364D-5F5C-4C38-82CD-76F49F9A35E7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{C147F518-9912-457F-BFB3-584B162C9BFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C17167D7-72AD-4D42-B386-FB346882B137}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2B750E6-63B0-4D65-91EA-3517FD01A019}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2E8E0A5-AD0E-4D25-B9B3-8A7691ED880F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C50CE0DF-4B53-4F09-8CF8-46B8BFC2DA0E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6352DAB-D506-4B9B-875A-E37FD6556651}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6446197-4542-4712-A8D0-287CE293E162}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe | 
"{C70510F0-B5CA-49FA-8735-651A254EE53A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C74CEC14-B83E-4640-A9EA-18D323564BE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBEC7E09-6595-4329-BE33-B123C0FB072D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC4433E7-F808-418D-BCFA-2828E1E44ADE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC57ED92-DD00-4F4F-9B04-F0FB033CF976}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC757D75-6D33-482C-A40B-0F7DCA17B5D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC86C210-7631-49C0-AA3D-089283A40099}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD4BF6F9-DE3A-42B4-BF66-04DE3EC52DA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD64BEE1-ED1A-4A4B-87EF-8A73AC8EDD29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF96E47F-3780-4A31-B4DE-322B351B2A5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D148D604-22A4-453C-9337-049255BC3D33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3015268-E542-4AB5-BD38-EAD5F5C88CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3E1E130-B25A-4098-84E9-C9C696858C18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D43AD609-FB35-45F1-9BF2-534D42D79177}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D46C2C90-FA02-4F32-B86F-4778491D38B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5628C2D-57F1-450C-BA4E-05B513610B1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D760E3B1-91B8-460D-8407-328148B3EFDF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D82B1409-6690-4F14-A844-285F17E52A86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D830E364-F8FD-477A-B9D5-294817341CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D83ABEC8-B15F-491C-9A75-1D231F275A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D8797E7D-46F9-4EE5-A685-98CA124457B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA235F73-3DF5-4747-80AA-A6DFAAD989BE}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe | 
"{DA38A0C0-E684-47C8-862D-9C4C4D5A94FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB152747-19E7-4956-B2C7-3660CBF6C63B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB165415-B26B-4190-8865-84C1934446A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC225148-4A00-4EC5-9F92-FFD533ECC5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC2C67BE-8762-4D7A-BA78-B9DF3404439D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC6B7AD9-34FF-45C3-B67C-C68F8C6A38E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC7DBE5B-B5C7-4D33-8084-A2B8C49B02C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD463BB1-3B61-4660-B805-B256B08A87F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE122E86-16A4-4428-A007-E2718AF11458}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DEBB9287-671B-41FC-9EA6-523AC4C9CC0B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{DF34B54C-FA4A-4154-BC04-A3203988439C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DFFA0E2B-A780-48C6-91B4-BCC0840ECE57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0335049-6C66-4777-B23A-B862F2868807}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1DA5CA2-9408-4FBE-B38E-7558A8E87AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4538B0F-FB48-40DF-9A29-0EC5E32F8D4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4DFA4AD-483F-4FE4-94D4-D11E819DF2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5829D77-E080-4EF9-A497-3EDD025E6A8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E61744E0-97E9-4923-A0FE-6BF56E6C69D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6B89C9B-8260-4607-B589-2528D1F05EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6FAA65C-D1C8-4458-811E-B0D844DA021B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7F10DC4-90BF-495A-BD5D-A747E7013013}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E88E2F9D-EE41-429F-A7D8-C64EDEB66CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9E151E9-AB4F-466A-9BF3-567ECC94500F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA70EA62-A7DD-4108-9B3A-6E5791C9C3B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC21A141-91D7-447C-AFDE-5972EFE15737}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED0B973A-9748-460F-B665-CA263C3C431B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED8A4257-5770-436D-8ED5-00675A534A15}" = protocol=6 | dir=in | app=c:\spiele\battlefield2\bf2.exe | 
"{EDD87CFE-0399-49E5-A50C-D46F0F885D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EDEB9B1A-D26D-499E-9B32-83BDD72A9872}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE3852A3-27E4-421C-8704-7AF4D80BAE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE3AE5E2-0E74-42A4-9417-18F13D59ACF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EEBC6C6D-7CE1-4E10-BC37-E1FBA6A55663}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF2B9B12-A987-4A67-AA41-EB1C98204E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F08A5A63-AE6F-44E4-B919-BFA469DB7741}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F154C081-222F-4F18-B0C3-DAA2A07AE735}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F207EF09-E628-485D-88A2-71D2E867985F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F3AE77E0-6E35-4171-9BCB-98DA9A058B48}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{F3B7EFB8-BB1A-4463-85AC-13EE53C9C3A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F440FBD0-1FA2-47E8-976A-7F145C8C8B6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F452C321-E555-4058-8DD5-DD4EE2F10152}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6348E3A-606D-4F0D-A815-8FF7394D1D09}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F674F7C9-D16C-45F6-A1AF-0D99D077B198}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7B72E7C-71AA-46A7-BB15-97BF6A40A7E7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F833C534-B5BD-452C-9FC8-19FD81BF655E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F846DAE9-8177-4AC6-95FA-891A59A9CBF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD8840CD-B0B2-40C1-A93A-D3694D0C43A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDBCA210-A1CD-4D94-8D3E-F08834C6DE79}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDC661AE-798D-4E70-B9AC-BA3CE2E9946E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF1E9516-A2A6-452B-86A6-7CCE1FBEF099}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF5539C6-7652-43C9-8E46-72C3DE937A9D}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe | 
"TCP Query User{0FDC54C3-2D05-45A8-A838-049209227863}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe | 
"TCP Query User{245541FB-981C-41FD-8226-97844CC4BC39}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=6 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe | 
"TCP Query User{2F153825-4A10-46AC-B741-CFBE2917D150}C:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
"TCP Query User{309BC946-2486-4945-B1F0-B524AA01B69B}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{53AF4A54-46E8-4642-8F1E-8E6CEBC85BB5}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe | 
"TCP Query User{5F85C172-8865-434E-91CC-A6BB5CE8EC8A}C:\spiele\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\repair.exe | 
"TCP Query User{689E4F99-ABBF-4FB2-AF2C-E1F36A97302D}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | 
"TCP Query User{7BAD17EE-759A-4F1E-B53B-CE9F6058E060}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{8D89BAA1-8F07-4A83-B7F2-8A1C2BB30556}C:\spiele\aoe2 kings\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe | 
"TCP Query User{97FC0374-FF43-4042-B34F-8B7E96DAAF18}C:\spiele\cnc 4\data\rts-final.exe" = protocol=6 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe | 
"TCP Query User{9AC33C66-D760-4383-9F2F-C71CAA019AB2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9B602ECB-D420-4DB9-97A6-2645386AD4B1}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{A571EDA3-4B81-4E1D-B799-BAD96B606418}C:\d)\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe | 
"TCP Query User{BCAE8201-8BD9-46EF-8CDA-A234243A1883}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{BCB3564E-5563-4833-820F-CCAAEC93D7D3}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe | 
"TCP Query User{BD1B1463-7DCC-44B3-BA06-AE404BE3C634}C:\kav\kis7.0\german\setup.exe" = protocol=6 | dir=in | app=c:\kav\kis7.0\german\setup.exe | 
"TCP Query User{C572B728-BF01-43FC-94AE-0F714FB2DAAD}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{C57FCC0C-A874-4B6B-91A4-765025E11283}C:\spiele\cnc4\data\cnc4.game" = protocol=6 | dir=in | app=c:\spiele\cnc4\data\cnc4.game | 
"TCP Query User{D693C640-8B70-4051-8BC3-58E1B8297B60}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{0225931A-C5D9-479C-B750-999BA301E1DF}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe | 
"UDP Query User{099AC4AC-832B-41F9-BD4F-D962CC3AF522}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=17 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe | 
"UDP Query User{12AD07E3-BA42-40C7-A2BF-D917FC935E5E}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe | 
"UDP Query User{22973E21-E778-4363-98CD-8605E937B33D}C:\kav\kis7.0\german\setup.exe" = protocol=17 | dir=in | app=c:\kav\kis7.0\german\setup.exe | 
"UDP Query User{3266FDA8-EC61-4DB7-B895-22CA1C25C961}C:\spiele\cnc 4\data\rts-final.exe" = protocol=17 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe | 
"UDP Query User{3A05E879-42B2-4DCE-9D41-F52C26F71DB4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{3F99AC85-E135-4084-A74F-245E0B8D7A66}C:\spiele\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\repair.exe | 
"UDP Query User{5D25F1B9-4DC7-4C24-821E-C88F0D13ED16}C:\spiele\cnc4\data\cnc4.game" = protocol=17 | dir=in | app=c:\spiele\cnc4\data\cnc4.game | 
"UDP Query User{80746C14-879B-4CA6-9D17-18D5DF4E6EE3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{8DFA14F1-DD7E-4E6C-A0AE-2EA55ACF49E6}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{8F2C81FE-55A0-4835-A864-37E8DF9BCE67}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | 
"UDP Query User{A36AE038-7046-4A74-ACEA-64732D8EFEDC}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe | 
"UDP Query User{A67991F4-A9C5-4590-B58E-3E52A3A73968}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C0ABA020-EA92-446D-A43F-6E295534CB28}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{D9B7B04A-F785-4CA9-8C93-34BA52353AA4}C:\spiele\aoe2 kings\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe | 
"UDP Query User{DCCCE2C4-AACD-4D62-BB50-5D11425FE76E}C:\d)\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe | 
"UDP Query User{DE208A4C-2D46-4921-8193-9FDAAC997644}C:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
"UDP Query User{E2EEEB30-963D-4D91-BD44-387F24D2E3F7}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{EA4334F1-EDA5-4FCF-B06D-A61BBBC271FA}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5CC68528-24FF-4DF8-91C9-AF540F98505A}" = Sony Ericsson Drivers
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B192E1BB-98A4-4369-9271-96117A57F546}" = Sony Ericsson PC Suite
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"dlanconf" = devolo dLAN-Konfigurationsassistent
"Download Manager" = Download Manager 2.3.7
"DPP" = Canon Utilities Digital Photo Professional 3.8
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"EOS Utility" = Canon Utilities EOS Utility
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MyFreeCodec" = MyFreeCodec
"Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè._is1" = Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè.
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RealPlayer 6.0" = RealPlayer
"Red Alert" = Red Alert Windows 95
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VKMusic 4_is1" = VKMusic 4
"VLC media player" = VLC media player 1.1.7
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         

Geändert von gutenmorgan (10.08.2011 um 19:13 Uhr) Grund: darstellung war nicht als code

Alt 11.08.2011, 23:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Scareware - Standard

BKA Scareware



Was wurde da entfernt? Offensichtlich benötigst du ja kein OTLPE!
Zitat:
NOT logged in as Administrator.
Welchen Sinn ergeben Logsfiles, die OHNE Adminrechte erstellt wurden?!
__________________

__________________

Alt 12.08.2011, 17:50   #3
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



das wusste ich nicht, das adminrechte wichtig sind. es war einfach so dass der bka virus bei meinem hauptprofil kam, wo ich admin bin, und habe dann umgelogt auf standard benutzer und da war der virus nicht, ich konnte also wengistens im internet nach ner lösung suchen, weshalb ich dann hier gelandet bin und otl gedownloadet habe.
beim 2. start, hat avira antivir personal dann diese "jashla" datei gefunden und in quarantäne gesteckt. ich kann also mein admin profil wieder nutzen. trotzdem schätze ich ist ein scan unerlässlich. ich mache diesen jetzt also nochmal mit adminrechten.
schon mal danke im voraus!

OTL.txt

Code:
ATTFilter
OTL logfile created on: 12.08.2011 17:44:29 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\juma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 52,14% Memory free
11,43 Gb Paging File | 9,69 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 72,65 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
 
Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (PRISM_USB) -- C:\Windows\System32\drivers\PRISMUSB.sys (GlobespanVirata, Inc.)
DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\juma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 16:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.23 16:37:44 | 000,000,000 | ---D | M]
 
[2009.02.14 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Extensions
[2011.08.12 17:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions
[2009.12.23 12:09:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.03.09 02:28:36 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009.05.30 01:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\moveplayer@movenetworks.com
[2011.08.06 19:47:20 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml
[2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml
[2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml
[2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml
[2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml
[2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml
[2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml
[2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif
[2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src
[2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml
[2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [avupdate]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [Eraser]  File not found
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.10 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.10 23:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.10 23:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 20:37:03 | 001,982,224 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe
[2011.08.10 20:25:47 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.10 18:35:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe
[2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
[2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4
[2011.07.30 17:11:07 | 009,863,516 | ---- | C] (                                                            ) -- C:\Users\juma\Desktop\VKMusic_4.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.12 16:59:26 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.12 16:59:26 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.12 16:59:26 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.12 16:59:26 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.12 16:53:49 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.12 16:53:48 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.12 16:53:30 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 16:53:30 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 16:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.12 16:53:20 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.11 23:23:49 | 000,109,056 | ---- | M] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.10 20:37:20 | 001,982,224 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe
[2011.08.10 20:26:25 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.10 18:35:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe
[2011.08.09 21:46:12 | 000,000,848 | ---- | M] () -- C:\Users\juma\Desktop\VKMusic 4.lnk
[2011.08.04 20:51:50 | 000,458,422 | ---- | M] () -- C:\Users\juma\Desktop\Contract.jpg
[2011.08.04 20:51:49 | 000,366,167 | ---- | M] () -- C:\Users\juma\Desktop\contract 2.jpg
[2011.07.30 17:11:12 | 009,863,516 | ---- | M] (                                                            ) -- C:\Users\juma\Desktop\VKMusic_4.exe
[2011.07.21 20:52:08 | 000,921,624 | ---- | M] () -- C:\DC6810xp-001.raw
[2011.07.15 13:01:23 | 000,264,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.09 21:46:12 | 000,000,848 | ---- | C] () -- C:\Users\juma\Desktop\VKMusic 4.lnk
[2011.08.04 20:51:45 | 000,458,422 | ---- | C] () -- C:\Users\juma\Desktop\Contract.jpg
[2011.08.04 20:51:45 | 000,366,167 | ---- | C] () -- C:\Users\juma\Desktop\contract 2.jpg
[2011.04.22 14:00:52 | 000,000,092 | ---- | C] () -- C:\Users\juma\AppData\Local\fusioncache.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.24 00:18:36 | 000,109,056 | ---- | C] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI
[2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI
[2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini
[2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI
[2007.01.01 02:01:13 | 000,000,680 | ---- | C] () -- C:\Users\juma\AppData\Local\d3d9caps.dat
[2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL
[1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI
[1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI
[1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI
[1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL
[1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL
 
========== Files - Unicode (All) ==========
[2011.08.02 20:38:37 | 000,536,910 | ---- | M] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg
[2011.08.02 20:38:36 | 000,501,039 | ---- | M] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg
[2011.08.02 20:38:22 | 000,536,910 | ---- | C] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg
[2011.08.02 20:38:22 | 000,501,039 | ---- | C] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg

< End of report >
         

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 12.08.2011 17:44:29 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\juma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 52,14% Memory free
11,43 Gb Paging File | 9,69 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 72,65 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
 
Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DBB7867-A899-4A39-AC5D-D3CACBE0CEAB}" = lport=17520 | protocol=6 | dir=in | name=mubox12 | 
"{4A187491-A5AF-467A-AA8E-9A43423E2EC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CA045F37-067C-4AEB-B3E3-6BCCDBE1D13F}" = lport=17520 | protocol=17 | dir=in | name=mubox11 | 
"{F56D9D9A-527F-4ABB-96EA-AD8D9EE52E76}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B5C5B-3047-42A9-A630-4DD034B328AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00559B89-735E-4FC9-870E-9385740C7AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{005B37CF-53BD-465C-A517-C8543EBA4A8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{029C677C-7D18-4399-999F-7A5EC3DB3829}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{02AE4505-AD32-4BC9-A6FA-493AF443E4A1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{03A557C7-06DB-4DC8-8DC7-3F8DA99583CA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{0501F28D-BC74-4CFA-B060-53E342273D45}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05131434-5FAF-4461-A0F2-CFC75F302495}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05659D87-63F2-49DE-8A6B-4C6EE294C323}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05D9DC1C-FB8A-445E-8C07-C5C7EACD149B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06339B3C-1417-44CA-8A43-C726F49CFEEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{072D7A48-7BDE-43D8-974A-7600F76EDEB9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{08D3BB8D-9FC6-449D-9F55-99FBDD4BE2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A993350-A07F-403B-B4E0-4C6F1221AC7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B8B3430-7CBB-49C8-9DBD-DA40FBF5F5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BE05B04-D00E-4F89-B033-830667A3E09C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C1D98B8-717F-47B6-9598-6E2EBCEEFE7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C84075D-9BAF-4663-8460-AAFF4B46A28C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E684D5E-71B0-4900-94D1-4419BC63BC07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10077AC1-B407-4417-8879-200CC40B06FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{103EB0CB-7650-4A94-84AC-94AC08EA770F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10EC98BC-7736-4A7F-91D5-70D9B1AD2E97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1117BED4-51B7-4273-94FF-A78AC350DF4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1264C8C2-B49A-4BD6-8432-641968D04CA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12D24E6A-EDE6-48A7-9930-1DEF75C36F22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12E5F683-8AA9-4705-B92C-25D2328D658A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{13076F4E-4B5F-40A3-A278-7519512CCF1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{134435C1-6212-4978-9269-2747FAD54082}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{138921ED-A620-44DC-9AA2-6DFDD589DE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13E99B7F-FA66-40CE-92F7-196DE81229AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14AB23E6-485C-4863-B9DA-93134E31DC6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 | 
"{14D77BA4-4A3D-435C-9C80-344AECA5A038}" = protocol=6 | dir=in | app=c:\spiele\battlefield 2\bf2.exe | 
"{153C470C-D4A6-4A47-BE87-929840073CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15941C9C-01C3-4B86-8D67-A01B9DD6EF0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15FE61B0-EA88-4D91-B342-CD9042B72110}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{178E7D6F-B823-40DE-BEC6-3DCCBEF664F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17C94D14-4356-41CF-B4D5-8CE7A38CA60D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17E849A4-0494-4753-A0CB-634EE4EE5FBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19346D50-9598-4DA0-B8FF-299FACDF9BBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19CE2D91-48F7-4E15-8C1F-9790776D1FAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19FB4B0F-264E-4EE5-AA93-E76B3CFEE389}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1BB78FF3-EC62-4CF4-A88A-44CAC3B84447}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C5176D7-A7D9-4BA7-A1BE-A95061369DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1DF2E80B-B9AB-4965-AC81-F21E7000143C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EDBF42D-C036-413F-8D7B-2F2738C48AE7}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx.exe | 
"{1F6635FE-D548-4A4E-9AC9-2244FDF6681D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1FB2695F-5D0D-41F0-8EEB-651F8D75E96F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{201AB2D0-42B6-4FF1-AE1F-8320226AF966}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20AEF45B-3209-424E-917D-5061B3DE6338}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{229B2156-F644-4A9D-80AD-3B603458D93D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{235CEBDD-675D-463B-9C22-28A44C86DFD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{252D6767-9B53-4006-AB04-8B1458CB902F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{258CC967-E240-4070-B056-A973522FC721}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27F6EB0F-CC53-43CF-AEB8-1981544D0855}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{283A07B8-19A1-4125-BFB3-7C375CC66618}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{283E9404-1519-496A-AF8E-59EF2438B753}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28F5CD87-28F3-46F5-8228-1E3B95B000A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{290B5E01-3501-4246-A7D0-6B8FB527A9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29FB2327-7C21-4589-B966-5CB65DB7B386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A0070C9-B502-41E1-A79B-4D15A9A8DE8C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A976822-73D6-4861-94B1-857E254DE103}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AFF5B9B-0C74-4B3B-BA80-66E6CCAE6CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C3A3DEA-BE16-4CB4-AF54-A4689F6B8B43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C5C7A24-9E95-4983-90E5-1164A454444F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2CD8F032-2C62-45AC-9477-0B964D522287}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D7AC443-F9B9-4E0D-A9E1-3F76787C47FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2D891BEE-A1BB-43B4-8D12-0675E9881D62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2DD2099F-939B-48F2-AD08-AECD8A02764B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E105ECA-33F0-4DC6-A320-9072FB3597FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F872074-DB11-4515-A069-8BB74FFC7D65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F91FCA5-028D-4DF5-92BA-5DCEF8A0DBFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{303CCA1A-1354-4564-B29F-1BECE69DA593}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30D73AAC-B031-4512-A6F2-6B3054242B82}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32DE05E7-6198-4825-80A0-2A638B2D8BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3364A205-A82B-48A7-AD18-7D4A7D2D4319}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33791EF8-1164-460F-9F97-00682E65EDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34820175-C66F-4AFD-B818-D5B4D740BEBF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{35425D1E-E405-49E2-84BC-676A0FE9EF07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3634015C-C76A-4423-88A3-F923E6774948}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3642DED7-AB59-4700-A1DE-E42DA04CC853}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{36F0A7CF-C49C-4C2E-9DED-6BBBC79CD306}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{376FA0C2-A5B9-4D0A-96EB-33781120793E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3979A064-71F4-481E-835E-D85912600E67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39945DC4-EB1C-491C-BE01-9A8B7BFBF085}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A5CDD4B-81D2-4CF8-9113-E1E39E3F02E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A6E7D0D-7D17-47AE-AB71-5EE1CCF273C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3B147A5E-4A63-4228-A86F-9A57FD9EC888}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3BF0B062-D60F-4B57-8C19-4C592998CABF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C24207B-1137-40CC-851E-F4FC0E372CEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C7F1F0C-C73B-43F2-B146-DE98B2CCC823}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3DE3AA84-09BF-47A7-8E0A-03D77F5FAB39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E65FC37-9AC2-48C3-91C3-511FA733AD19}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EA2A545-F8EC-478A-A578-F04D2FB1A05C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EDB7703-5244-421C-BD73-06816A1AE294}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EDD8611-2CEC-4024-9628-7D1F28191A9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FFF3001-B430-436B-B7AD-F92FDFBFF9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{402ABC1A-9C9B-4911-B8EA-3ABF09419BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{406D8FCA-F87B-4D64-9719-26917BB43BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40888520-4B57-4B91-BDC0-39CEE4F766D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42E72ED4-DEF8-4629-ABDD-6B2BDE1E6C7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{43D53421-1FB2-43E8-94CA-0719E0F6819D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43F6A7CC-BC64-40CB-9944-310F6FECF942}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4403D093-D215-4217-8E4A-973FB21C59FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{460D9734-F17A-4E5C-A593-26A1AC35BB8B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47E5BC90-A7AC-420F-91B6-AA58C05C0E4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48031CC0-B7E9-401E-ACE0-A7070D12CE9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4848BF49-5787-43AC-BAF7-336E8E0A0EDA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{4869EB28-480F-45F0-8ABF-6514E46FE51B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48B5E9CE-37B2-4A19-A356-65A77C5E2EA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A784CBD-5EBC-4912-BD3E-E1ADE299B855}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C255F38-8B7B-47E3-834C-2A1E420E5743}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C3495DE-10CE-40B2-9141-BC08CED0ADC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C50447E-393F-4D79-BD85-D46A07F66B20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4D2D5EA6-E3C0-44EC-8804-298AB9F30407}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4D36EB29-4437-4490-9ABD-1CB4BA0DBCF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E427D73-F9D2-472B-A53E-C4ED1D1D5108}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51069E51-BEBD-422E-ADA1-BE6FEB7BC66E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{52B5F2C1-BE1F-4D7F-9D14-4F6BC749F657}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{52C58F34-B6E8-4DC9-833B-746EBEC11BE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54BA2EFD-BE19-4931-AFD4-ED082C1B511D}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe | 
"{5667D35D-62E6-4992-ADB8-1DE4ECDC31BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{568D8FE6-7D4C-4824-8840-1D5CC3F6101F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{56985AD9-9B4F-476B-88BA-42C4D07DD765}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{575962A8-7C1C-4B39-AB18-4787C25FDA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5786F3DD-2CFE-48F2-8F1F-6EACB0787689}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57C172C9-3335-438D-A734-B7C391BD82AD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{5A35D46C-46A2-4510-93D3-E65348D01A84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A41EB62-3BC2-4BCF-87DD-C172EE5663B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A9900A1-6C4A-487E-B6FA-4C05074308DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BB900A0-7BA1-400A-90FC-D21B2DDD200A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5CAD0062-6E74-4A5B-B7E2-A8BA5452F15C}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 | 
"{5CB5239D-746A-45EE-BC7F-D1CD40B353BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5CEA002E-6EFE-44B1-AD0D-BC63D56966E8}" = protocol=17 | dir=in | app=c:\spiele\battlefield 2\bf2.exe | 
"{5D6BB1C1-E7B0-4B63-AACB-063D45251192}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D6D9ECF-9F09-4E5B-9047-A28E69FAA4E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5DAB97D2-D372-45B1-BEA6-DB2C0052E7A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5DB3106E-A543-4953-9E7F-001FEA8DF0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F6F6B06-F9C7-4C9F-BAA9-866784572D5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FE82E57-655D-4965-A8DE-6A1BEF09DEE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6034525D-8258-4C07-AF2B-7555D2824AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{608F3FE1-DEDF-4EEA-9DE1-4A299A3D7DDD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60D147FD-0A2D-47A2-8635-6ABFA3FB2D65}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{611550F6-49C2-4D69-9CBF-95621B165B36}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{61B2B502-3744-4107-B2ED-E449A42CBB2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61CCBDD7-5BEB-474A-AA78-178BF1603AD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62616035-54FA-4D1C-BD54-E8C836EAE7E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{626BC1C1-D80C-4522-85E6-63DA077EAD68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62995E76-0410-487C-994D-8E75D852760F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63546320-54EC-4917-B005-A4112D64C656}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63F9332B-F4FA-49B1-9812-C295BB8460E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{641069E8-EA32-4996-A19A-1963FB8CF106}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{641E7369-38AD-4F2E-BE10-51B3B9A2621E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64794995-0F4F-44E5-B658-FC6E6AC77EA3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{65009C96-CC27-4F25-A60B-493312010A08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{650905B1-BECF-45A9-8D08-AF0C203510A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{655703B7-6CC4-475F-952A-7FE38A13B45B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6578D47F-63FB-4183-8AFE-10EEC3F6415C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659B9298-1917-401F-9CFE-D8F19FA00C6E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{65EB4B60-7DFA-4297-BC74-F21A58A9FA23}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67CC644A-B729-4185-8D8B-71AC1B3D60F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67EA87AB-6624-48CF-9114-FA8922D38881}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6807868F-741B-4D2B-9F6A-E134688A29C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{697F4646-6D51-4B7A-BC39-85EAEC82C4FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{698CAE38-7AA5-4F95-9758-97D2A38AEC11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B5EB699-62AE-41A0-B27B-12B102502C71}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6BB98054-B9C1-4C4E-B7EA-9C0C5BD62E97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C5A55E2-7780-41D9-9DD9-D3C5EE7AEEA7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D3FE7AD-0E7B-42F4-B990-CE5EEAC2771D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DE9C2DB-5617-4031-8823-46B87C2474AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E384561-9ED9-4BFE-B424-C1B9F806CC99}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E6C01E1-1DDA-4AAE-9280-266FAD2F2843}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6ED3EA61-E482-46D2-96A9-99C5C278CED8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F48722E-70B0-4E07-85E5-9078C9353E38}" = protocol=6 | dir=in | app=c:\spiele\hellgate london\launcher.exe | 
"{71267531-CC76-46F6-9E1E-F3CB3FD01CB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{71BE1229-271B-4C7A-88F0-18607A1C1831}" = protocol=17 | dir=in | app=c:\spiele\battlefield2\bf2.exe | 
"{726F7D41-0B5B-4A90-A236-444DEBA7E6B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7356DD5D-7A17-4B11-B834-E0A50042E7C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73C9942C-DF2C-4346-99FA-D317491AA55F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7449441F-2BDC-4186-8FCA-C2D4975ADA58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7450214B-7329-4B08-AF56-3D27A10951E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{746D1BBA-9C40-4837-91B3-419B8CA342F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{749937F1-F683-4D97-AD88-D0ACB1396D30}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{762DF4FA-24CE-4615-8686-E2884DF9C991}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76443D58-6765-4942-B83F-791296274D65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{773EF4C5-9924-4685-AF2E-F35FFC4A6C2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{775E276F-4F23-475D-8F57-15791C9F21B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{789643F0-7DC2-4769-9800-D445D2114A2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78D95B16-99EE-47F7-A589-C93AD3745B64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79642FE2-79B7-488E-B24B-85BB32DF5876}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79A3D9D1-DFA9-443D-BC35-799C74D02214}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79BFC7BD-62B9-48F8-958A-592102276D96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7AB46C2A-D39E-449A-A2DE-75022CCB4D06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7BA1E7DB-1DE7-41A3-A2DF-2472072A23E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C0F32AD-21BA-4FBD-8EAD-941C68E94F57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C582E0C-9426-4934-B34C-9351586BBBE0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{7C8F2F7A-0843-4704-9B5A-AA77380CDFDD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EE2FE00-205F-423A-93A9-17C5FF62AB74}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F9096AD-2D37-48DF-AEF1-B36F63B8D875}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FB3D2D1-5C0D-4F29-BB8A-BFF3E6D2617B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FD14BD8-3C92-4F4F-8D3B-0C4488C714B2}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx.exe | 
"{7FDD23AE-CF9C-4BFE-8ABB-8B0A59BFBC40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81702DAF-4AC8-4B94-9960-AA940240D4EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81B3E062-EFD9-4C9B-A178-C85349940296}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82B1ABE5-005F-4EEB-B858-42FC1BAD52E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8423D59E-5F84-4C56-B2BE-6AFBFEA50603}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{844DB633-B170-4403-8065-CF30CC435F02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{85292C34-92C9-47DF-99C3-2A40866E09A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{855CE4B5-7DA3-43CE-B437-8BF7A095568D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{87FBF237-039B-4288-A77E-044179479EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88D757FA-FBC2-4C34-B83A-489673B164FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8966DF41-D067-4566-A997-89254A33D2D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{89C5E18F-BE2C-4EF8-AC7E-E5F925C5EAB0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A74504E-3164-4695-B93F-5182636D8E11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BCBB827-0E19-47E2-A363-EC607FFAC7FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BE9B14D-525D-4D0F-B31B-E8ED6E113734}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C1FED89-807F-49C9-AB37-5B012818D7D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D91F950-4B80-4AA2-A96E-9C0392B28244}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DE658E4-CE1D-4480-80C9-55A2AA5FCE91}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{8DF0E03A-ECC8-4E09-9DE7-C71715176623}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E935FD9-E72C-47D9-B8C4-5EEC7B6943E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FA325BF-891E-4827-B545-A7F0A21B9B6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FD85A37-F67C-4C43-981F-2873EAA1A393}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90EAF9CE-F9BB-448B-B79C-7C25804CC930}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90F20418-A20B-4ECA-9286-5DCE4834C2EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{911CE052-1296-4037-905E-196226A493A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91FEEAC5-B3EB-463D-99CF-B40CC7AC5875}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{9275DF02-0BE2-4E05-A7E4-3439469C5AA7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9297FEFE-3C7C-4C51-BF5E-2E719805CB17}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92BD6311-6C0D-4CF2-B32B-83625C32EA9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9434D2B7-9A6C-48E4-952B-C2A7EE014777}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{946D1D22-30B3-4FA9-9669-034B96F78A0E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9494797B-507E-4E64-92E8-1CC71A276C56}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{94F3B9F6-CDFC-4354-BC24-5BACE8040D68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{956778E5-F1C8-4E54-B640-ED1A910F215C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96173EB9-1430-468C-917A-25D594DF6418}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96567423-77FB-490A-B35E-E8E9C99F83C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96F00460-4D67-470B-B8B5-E485FA22730E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9851D700-F6E1-4A7B-A940-B70DC7B316DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98FF368D-3962-4924-92F3-95D2592B2120}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9987A999-0E0E-4A36-A09F-C565E3E2AFA0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{99D17913-DEC8-43CC-B25D-BDD698D9BC9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A1504BA-D58B-4561-A089-E610157D6CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A96444E-FD4F-4385-9413-A087F7E7B1BD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{9C132163-30D2-4B67-BB93-AAE53B6750CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CECAFCD-1543-4C02-8EC4-B8B0394127F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CFB9101-E6E3-458B-877B-A6B5075026A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D1767A7-E1B8-4405-82DB-866F2C2CCC66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D9E1D34-7417-4F60-8412-4E61A55583BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DD0573E-DB37-4E04-9A85-1B3ED3CA8F15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F355307-6E1D-4F73-9E59-ECE1CAB89FE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FC56592-56F7-4AF7-A80F-3EFE4A63F938}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A06020E9-C9BC-48FD-A204-5348707F10E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A24278AC-C20A-4F18-B90C-509DDD03EDBF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A26D6C5D-B63C-4EC0-A0E0-E6759B7A322E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2EDB997-557B-4429-AD5C-248778184266}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2FFB3D8-F2C7-40C5-89E2-A58C556EB4E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A432A592-ED44-44D3-9440-BBC7B83CA8BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5683135-BABC-477B-84A1-2CF321C25AFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A6D93C16-5976-4F95-A8B5-6A32D65F00F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A760F7C2-A845-4836-9D56-92DFFA4AC4ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A7C428A2-3160-4DF2-BBA1-2AB2FD45FBEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9B07034-0AE4-49CB-B2A5-C70D19BED1B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA637E72-4806-4351-94ED-89D9B74F7694}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AACE98C9-1F1A-4BE8-9609-9D56E6CE7D84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AAD65875-2D64-4471-A269-C7893CE4C716}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACC3D864-7ACB-4825-B0EE-B8D5EF5456FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD38D988-57E6-49E1-A1E2-15A48CE8D27F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADE09D17-FC4A-4BF4-AB38-C5F11E62EE18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2CC558E-5EF7-45BC-806C-F5D1FA7759F5}" = protocol=17 | dir=in | app=c:\spiele\hellgate london\launcher.exe | 
"{B344C6DF-43FC-4066-A2A1-C1F8911ACB40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B3FF359F-487B-4ED9-BECD-6B0CFA60F5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B427DC65-B149-4B84-BE57-488D32B2AC3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B475798D-8952-4095-A3AF-6716A74EFC92}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4F8C158-4706-476D-A22C-8433166E3DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5133D3B-DF45-4DB9-90FE-0C297E2488B3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{B51F2910-5E55-46AF-9D6E-DE63D7A9A62F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5562BD9-2200-461A-87C2-97FB058FD082}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{B5F6A7FB-7819-4716-B1FF-DE575A643F62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B61017AF-9DDF-42D1-B389-921980B73A45}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B62B0C5C-050F-4A30-9B48-E063BE52A0DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B6748994-8A43-458D-BAC6-2A76D3ECF637}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8CBA12C-258F-4FD7-908D-A9676656B9B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8E9E8C3-3548-4454-9992-10F9B4D847D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B945ABD3-F601-43B1-A3BF-C231359959B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B94FEB95-3BEB-4080-8A7B-417B5F49FD98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BAB61AB0-35E5-454B-AA83-78DB6DA497B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB590BC1-3FAF-407C-81C2-D93D7DB520DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB724666-BE74-4975-8417-8C8482EEA48C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC93961D-DCB1-456C-9BCE-CCD38715BF55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDBFD2DB-D5E1-43F3-8A8E-BFB96396C386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDEBB466-D436-4AA1-9017-F280EB34EDE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDED2D8F-1F29-4518-B311-5E3F4F37E3AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF203B47-7DA1-4C4B-8545-67DD1EFD3AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF56364D-5F5C-4C38-82CD-76F49F9A35E7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{C147F518-9912-457F-BFB3-584B162C9BFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C17167D7-72AD-4D42-B386-FB346882B137}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2B750E6-63B0-4D65-91EA-3517FD01A019}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2E8E0A5-AD0E-4D25-B9B3-8A7691ED880F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C50CE0DF-4B53-4F09-8CF8-46B8BFC2DA0E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6352DAB-D506-4B9B-875A-E37FD6556651}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6446197-4542-4712-A8D0-287CE293E162}" = protocol=6 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe | 
"{C70510F0-B5CA-49FA-8735-651A254EE53A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C74CEC14-B83E-4640-A9EA-18D323564BE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBEC7E09-6595-4329-BE33-B123C0FB072D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC4433E7-F808-418D-BCFA-2828E1E44ADE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC57ED92-DD00-4F4F-9B04-F0FB033CF976}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC757D75-6D33-482C-A40B-0F7DCA17B5D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC86C210-7631-49C0-AA3D-089283A40099}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD4BF6F9-DE3A-42B4-BF66-04DE3EC52DA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD64BEE1-ED1A-4A4B-87EF-8A73AC8EDD29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF96E47F-3780-4A31-B4DE-322B351B2A5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D148D604-22A4-453C-9337-049255BC3D33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3015268-E542-4AB5-BD38-EAD5F5C88CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3E1E130-B25A-4098-84E9-C9C696858C18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D43AD609-FB35-45F1-9BF2-534D42D79177}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D46C2C90-FA02-4F32-B86F-4778491D38B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5628C2D-57F1-450C-BA4E-05B513610B1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D760E3B1-91B8-460D-8407-328148B3EFDF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D82B1409-6690-4F14-A844-285F17E52A86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D830E364-F8FD-477A-B9D5-294817341CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D83ABEC8-B15F-491C-9A75-1D231F275A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D8797E7D-46F9-4EE5-A685-98CA124457B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA235F73-3DF5-4747-80AA-A6DFAAD989BE}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.0-enus-downloader.exe | 
"{DA38A0C0-E684-47C8-862D-9C4C4D5A94FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB152747-19E7-4956-B2C7-3660CBF6C63B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB165415-B26B-4190-8865-84C1934446A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC225148-4A00-4EC5-9F92-FFD533ECC5B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC2C67BE-8762-4D7A-BA78-B9DF3404439D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC6B7AD9-34FF-45C3-B67C-C68F8C6A38E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC7DBE5B-B5C7-4D33-8084-A2B8C49B02C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD463BB1-3B61-4660-B805-B256B08A87F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE122E86-16A4-4428-A007-E2718AF11458}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DEBB9287-671B-41FC-9EA6-523AC4C9CC0B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{DF34B54C-FA4A-4154-BC04-A3203988439C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DFFA0E2B-A780-48C6-91B4-BCC0840ECE57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0335049-6C66-4777-B23A-B862F2868807}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1DA5CA2-9408-4FBE-B38E-7558A8E87AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4538B0F-FB48-40DF-9A29-0EC5E32F8D4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4DFA4AD-483F-4FE4-94D4-D11E819DF2B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5829D77-E080-4EF9-A497-3EDD025E6A8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E61744E0-97E9-4923-A0FE-6BF56E6C69D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6B89C9B-8260-4607-B589-2528D1F05EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6FAA65C-D1C8-4458-811E-B0D844DA021B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7F10DC4-90BF-495A-BD5D-A747E7013013}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E88E2F9D-EE41-429F-A7D8-C64EDEB66CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9E151E9-AB4F-466A-9BF3-567ECC94500F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA70EA62-A7DD-4108-9B3A-6E5791C9C3B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC21A141-91D7-447C-AFDE-5972EFE15737}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED0B973A-9748-460F-B665-CA263C3C431B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED8A4257-5770-436D-8ED5-00675A534A15}" = protocol=6 | dir=in | app=c:\spiele\battlefield2\bf2.exe | 
"{EDD87CFE-0399-49E5-A50C-D46F0F885D4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EDEB9B1A-D26D-499E-9B32-83BDD72A9872}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE3852A3-27E4-421C-8704-7AF4D80BAE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE3AE5E2-0E74-42A4-9417-18F13D59ACF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EEBC6C6D-7CE1-4E10-BC37-E1FBA6A55663}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF2B9B12-A987-4A67-AA41-EB1C98204E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F08A5A63-AE6F-44E4-B919-BFA469DB7741}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F154C081-222F-4F18-B0C3-DAA2A07AE735}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F207EF09-E628-485D-88A2-71D2E867985F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F3AE77E0-6E35-4171-9BCB-98DA9A058B48}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{F3B7EFB8-BB1A-4463-85AC-13EE53C9C3A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F440FBD0-1FA2-47E8-976A-7F145C8C8B6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F452C321-E555-4058-8DD5-DD4EE2F10152}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6348E3A-606D-4F0D-A815-8FF7394D1D09}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F674F7C9-D16C-45F6-A1AF-0D99D077B198}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7B72E7C-71AA-46A7-BB15-97BF6A40A7E7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F833C534-B5BD-452C-9FC8-19FD81BF655E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F846DAE9-8177-4AC6-95FA-891A59A9CBF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD8840CD-B0B2-40C1-A93A-D3694D0C43A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDBCA210-A1CD-4D94-8D3E-F08834C6DE79}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDC661AE-798D-4E70-B9AC-BA3CE2E9946E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF1E9516-A2A6-452B-86A6-7CCE1FBEF099}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF5539C6-7652-43C9-8E46-72C3DE937A9D}" = protocol=17 | dir=in | app=c:\spiele\hawx\hawx_dx10.exe | 
"TCP Query User{0FDC54C3-2D05-45A8-A838-049209227863}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe | 
"TCP Query User{245541FB-981C-41FD-8226-97844CC4BC39}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=6 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe | 
"TCP Query User{2F153825-4A10-46AC-B741-CFBE2917D150}C:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
"TCP Query User{309BC946-2486-4945-B1F0-B524AA01B69B}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{53AF4A54-46E8-4642-8F1E-8E6CEBC85BB5}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe | 
"TCP Query User{5F85C172-8865-434E-91CC-A6BB5CE8EC8A}C:\spiele\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\repair.exe | 
"TCP Query User{689E4F99-ABBF-4FB2-AF2C-E1F36A97302D}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | 
"TCP Query User{7BAD17EE-759A-4F1E-B53B-CE9F6058E060}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{8D89BAA1-8F07-4A83-B7F2-8A1C2BB30556}C:\spiele\aoe2 kings\empires2.exe" = protocol=6 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe | 
"TCP Query User{97FC0374-FF43-4042-B34F-8B7E96DAAF18}C:\spiele\cnc 4\data\rts-final.exe" = protocol=6 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe | 
"TCP Query User{9AC33C66-D760-4383-9F2F-C71CAA019AB2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9B602ECB-D420-4DB9-97A6-2645386AD4B1}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{A571EDA3-4B81-4E1D-B799-BAD96B606418}C:\d)\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe | 
"TCP Query User{BCAE8201-8BD9-46EF-8CDA-A234243A1883}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{BCB3564E-5563-4833-820F-CCAAEC93D7D3}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=6 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe | 
"TCP Query User{BD1B1463-7DCC-44B3-BA06-AE404BE3C634}C:\kav\kis7.0\german\setup.exe" = protocol=6 | dir=in | app=c:\kav\kis7.0\german\setup.exe | 
"TCP Query User{C572B728-BF01-43FC-94AE-0F714FB2DAAD}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{C57FCC0C-A874-4B6B-91A4-765025E11283}C:\spiele\cnc4\data\cnc4.game" = protocol=6 | dir=in | app=c:\spiele\cnc4\data\cnc4.game | 
"TCP Query User{D693C640-8B70-4051-8BC3-58E1B8297B60}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{0225931A-C5D9-479C-B750-999BA301E1DF}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe | 
"UDP Query User{099AC4AC-832B-41F9-BD4F-D962CC3AF522}C:\spiele\virtual rc racing\vrcrace.exe" = protocol=17 | dir=in | app=c:\spiele\virtual rc racing\vrcrace.exe | 
"UDP Query User{12AD07E3-BA42-40C7-A2BF-D917FC935E5E}C:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\apps\2.0\y7rzacxp.5ba\3m22dxt4.h5x\mojo..tion_c6b5d4e845ecfd15_0000.0000_39147d916e5324b5\mojo.exe | 
"UDP Query User{22973E21-E778-4363-98CD-8605E937B33D}C:\kav\kis7.0\german\setup.exe" = protocol=17 | dir=in | app=c:\kav\kis7.0\german\setup.exe | 
"UDP Query User{3266FDA8-EC61-4DB7-B895-22CA1C25C961}C:\spiele\cnc 4\data\rts-final.exe" = protocol=17 | dir=in | app=c:\spiele\cnc 4\data\rts-final.exe | 
"UDP Query User{3A05E879-42B2-4DCE-9D41-F52C26F71DB4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{3F99AC85-E135-4084-A74F-245E0B8D7A66}C:\spiele\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\repair.exe | 
"UDP Query User{5D25F1B9-4DC7-4C24-821E-C88F0D13ED16}C:\spiele\cnc4\data\cnc4.game" = protocol=17 | dir=in | app=c:\spiele\cnc4\data\cnc4.game | 
"UDP Query User{80746C14-879B-4CA6-9D17-18D5DF4E6EE3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{8DFA14F1-DD7E-4E6C-A0AE-2EA55ACF49E6}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{8F2C81FE-55A0-4835-A864-37E8DF9BCE67}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | 
"UDP Query User{A36AE038-7046-4A74-ACEA-64732D8EFEDC}C:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe" = protocol=17 | dir=in | app=c:\users\juma\appdata\local\temp\rarsfx0\mubox.quicklaunch.exe | 
"UDP Query User{A67991F4-A9C5-4590-B58E-3E52A3A73968}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C0ABA020-EA92-446D-A43F-6E295534CB28}C:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{D9B7B04A-F785-4CA9-8C93-34BA52353AA4}C:\spiele\aoe2 kings\empires2.exe" = protocol=17 | dir=in | app=c:\spiele\aoe2 kings\empires2.exe | 
"UDP Query User{DCCCE2C4-AACD-4D62-BB50-5D11425FE76E}C:\d)\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\d)\spiele\warcraft iii\war3.exe | 
"UDP Query User{DE208A4C-2D46-4921-8193-9FDAAC997644}C:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
"UDP Query User{E2EEEB30-963D-4D91-BD44-387F24D2E3F7}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{EA4334F1-EDA5-4FCF-B06D-A61BBBC271FA}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5CC68528-24FF-4DF8-91C9-AF540F98505A}" = Sony Ericsson Drivers
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B192E1BB-98A4-4369-9271-96117A57F546}" = Sony Ericsson PC Suite
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"Download Manager" = Download Manager 2.3.7
"DPP" = Canon Utilities Digital Photo Professional 3.8
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"EOS Utility" = Canon Utilities EOS Utility
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.30
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MyFreeCodec" = MyFreeCodec
"Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè._is1" = Ñëîâàðè îò Áóêè. Ñáîðíèê ñëîâàðåé îáùåé ëåêñèêè.
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RealPlayer 6.0" = RealPlayer
"Red Alert" = Red Alert Windows 95
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VKMusic 4_is1" = VKMusic 4
"VLC media player" = VLC media player 1.1.7
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2011 12:02:39 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:02:40 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:05:14 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:05:15 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:05:16 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:05:16 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:05:18 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:05:18 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:06:42 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2011 12:06:42 | Computer Name = juma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 10.08.2011 16:34:06 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 10.08.2011 16:40:05 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 10.08.2011 16:46:28 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 10.08.2011 16:52:55 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 10.08.2011 16:58:33 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 10.08.2011 17:04:46 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 10.08.2011 17:10:20 | Computer Name = juma-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 7A7900000000 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 11.08.2011 11:35:16 | Computer Name = juma-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 11.08.2011 18:07:30 | Computer Name = juma-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 12.08.2011 10:53:28 | Computer Name = juma-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
__________________

Alt 12.08.2011, 20:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Scareware - Standard

BKA Scareware



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2011, 15:57   #5
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



hier der mbam log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7454

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

13.08.2011 15:48:15
mbam-log-2011-08-13 (15-48-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 380511
Laufzeit: 1 Stunde(n), 3 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\F)\zeug für spiele\updates\patches, updates\x2update\handelssoftwaremk3de.exe (Virus.Kate) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
         


Alt 15.08.2011, 11:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Scareware - Standard

BKA Scareware



Zitat:
c:\F)\zeug für spiele\updates\patches, updates\x2update\handelssoftwaremk3de.exe
Was ist das und aus welcher Quelle stammt das?
__________________
--> BKA Scareware

Alt 16.08.2011, 17:31   #7
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



weiß ich gar nicht mehr, da es aber durchaus nen inoffizielles update sein kann, habe ich es schon mal gelöscht.

Alt 16.08.2011, 19:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Scareware - Standard

BKA Scareware



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.08.2011, 18:54   #9
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



sry das ich den log erst jetzt postet.
hier der eset log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=470901c393db6a4097c703276f68bb68
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-21 04:48:54
# local_time=2011-08-21 06:48:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 250227 89450736 64706 0
# compatibility_mode=5892 16776573 100 100 164503 151468157 0 0
# compatibility_mode=8192 67108863 100 0 674 674 0 0
# scanned=232694
# found=2
# cleaned=0
# scan_time=9918
C:\F)\Zeug für Spiele\EMULATOR\neogeo\neogeo.ace	a variant of Win32/Packed.PECrypt32.A application (unable to clean)	00000000000000000000000000000000	I
D:\sicherung usb stick\emulator\ds\No_gba_2.6a\myZoomSoft.exe	probably a variant of Win32/Agent.CLDLOFD trojan (unable to clean)	00000000000000000000000000000000	I
         

Alt 21.08.2011, 19:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Scareware - Standard

BKA Scareware



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.08.2011, 22:23   #11
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



nochmal danke für die vielen mühen.
hier der otl log:

Code:
ATTFilter
OTL logfile created on: 22.08.2011 22:04:59 - Run 3
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\juma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 64,51% Memory free
11,44 Gb Paging File | 10,25 Gb Available in Paging File | 89,64% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 70,65 Gb Free Space | 15,17% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
Drive K: | 232,88 Gb Total Space | 18,30 Gb Free Space | 7,86% Space Free | Partition Type: NTFS
 
Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Programme\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\juma\AppData\Local\Temp\CmdLineExt02.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Framework\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Framework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Interfaces\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Interfaces.dll ()
MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2009 Advanced\ContextHandler.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (PRISM_USB) -- C:\Windows\System32\drivers\PRISMUSB.sys (GlobespanVirata, Inc.)
DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\juma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 17:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.18 17:37:15 | 000,000,000 | ---D | M]
 
[2009.02.14 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Extensions
[2011.08.22 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions
[2009.12.23 12:09:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.03.09 02:28:36 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009.05.30 01:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\moveplayer@movenetworks.com
[2011.08.21 16:03:49 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml
[2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml
[2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml
[2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml
[2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml
[2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml
[2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml
[2011.08.18 17:37:30 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml
[2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif
[2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src
[2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml
[2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [avupdate]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [Eraser]  File not found
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 4E3E0230AEBB4E96 - hkey= - key= -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.22 21:59:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe
[2011.08.21 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.18 17:39:27 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Local\Solid State Networks
[2011.08.14 18:11:15 | 000,000,000 | ---D | C] -- C:\Users\juma\Desktop\COMI
[2011.08.13 21:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airline Tycoon Evolution
[2011.08.13 14:35:49 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Roaming\Malwarebytes
[2011.08.13 14:35:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.13 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.13 14:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.13 14:35:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.13 14:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.10 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.10 23:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.10 23:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 20:37:03 | 001,982,224 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe
[2011.08.10 20:25:47 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
[2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4
[2011.07.30 17:11:07 | 009,863,516 | ---- | C] (                                                            ) -- C:\Users\juma\Desktop\VKMusic_4.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.22 21:59:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe
[2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 21:21:03 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.22 21:21:03 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.22 21:21:03 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.22 21:21:03 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.22 17:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.22 17:21:23 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.21 20:26:23 | 000,131,584 | ---- | M] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.17 22:26:45 | 002,143,922 | ---- | M] () -- C:\Users\juma\Desktop\DSC07936.JPG
[2011.08.17 22:26:44 | 002,058,952 | ---- | M] () -- C:\Users\juma\Desktop\DSC07938.JPG
[2011.08.17 22:26:42 | 002,016,710 | ---- | M] () -- C:\Users\juma\Desktop\DSC07939.JPG
[2011.08.13 21:15:25 | 000,001,367 | ---- | M] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2011.08.13 14:35:37 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.10 20:37:20 | 001,982,224 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe
[2011.08.10 20:26:25 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.09 21:46:12 | 000,000,848 | ---- | M] () -- C:\Users\juma\Desktop\VKMusic 4.lnk
[2011.07.30 17:11:12 | 009,863,516 | ---- | M] (                                                            ) -- C:\Users\juma\Desktop\VKMusic_4.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.17 22:25:09 | 002,143,922 | ---- | C] () -- C:\Users\juma\Desktop\DSC07936.JPG
[2011.08.17 22:25:09 | 002,058,952 | ---- | C] () -- C:\Users\juma\Desktop\DSC07938.JPG
[2011.08.17 22:25:09 | 002,016,710 | ---- | C] () -- C:\Users\juma\Desktop\DSC07939.JPG
[2011.08.13 21:15:25 | 000,001,367 | ---- | C] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2011.08.13 14:35:37 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 21:46:12 | 000,000,848 | ---- | C] () -- C:\Users\juma\Desktop\VKMusic 4.lnk
[2011.04.22 14:00:52 | 000,000,092 | ---- | C] () -- C:\Users\juma\AppData\Local\fusioncache.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.24 00:18:36 | 000,131,584 | ---- | C] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI
[2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI
[2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini
[2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI
[2007.01.01 02:01:13 | 000,000,680 | ---- | C] () -- C:\Users\juma\AppData\Local\d3d9caps.dat
[2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL
[1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI
[1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI
[1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI
[1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL
[1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL
 
========== LOP Check ==========
 
[2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon
[2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4
[2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta
[2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools
[2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog
[2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ
[2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech
[2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World
[2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3
[2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta
[2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars
[2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca
[2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client
[2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle
[2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft
[2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity
[2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent
[2011.08.22 00:11:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.19 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Adobe
[2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon
[2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4
[2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta
[2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools
[2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast
[2010.08.09 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DivX
[2011.02.15 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\dvdcss
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog
[2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ
[2007.01.01 02:01:16 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Identities
[2008.09.19 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\IGN_DLM
[2007.01.01 02:11:18 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\InstallShield
[2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech
[2008.01.18 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Macromedia
[2011.08.13 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Media Center Programs
[2011.08.10 23:16:48 | 000,000,000 | --SD | M] -- C:\Users\juma\AppData\Roaming\Microsoft
[2009.05.30 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Move Networks
[2011.04.23 01:10:56 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Mozilla
[2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World
[2009.12.22 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Real
[2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3
[2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta
[2008.09.19 21:50:24 | 000,000,000 | RH-D | M] -- C:\Users\juma\AppData\Roaming\SecuROM
[2011.08.22 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Skype
[2011.08.22 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\skypePM
[2008.09.18 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Sony Ericsson
[2011.02.05 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\teamspeak2
[2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars
[2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca
[2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client
[2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle
[2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft
[2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity
[2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent
[2011.08.14 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\vlc
[2011.08.10 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Winamp
[2008.08.07 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.04 16:50:23 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\juma\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.05.30 01:19:47 | 000,034,062 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2010.02.21 16:14:51 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.03.28 15:39:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2011.01.26 13:59:14 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.08.17 17:28:49 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.16 13:42:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.04.10 13:12:58 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
[2011.08.02 20:38:37 | 000,536,910 | ---- | M] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg
[2011.08.02 20:38:36 | 000,501,039 | ---- | M] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg
[2011.08.02 20:38:22 | 000,536,910 | ---- | C] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg
[2011.08.02 20:38:22 | 000,501,039 | ---- | C] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg

< End of report >
         

Alt 23.08.2011, 10:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Scareware - Standard

BKA Scareware



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
[2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.21 16:03:49 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml
[2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml
[2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml
[2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml
[2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml
[2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml
[2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml
[2011.08.18 17:37:30 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml
[2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif
[2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src
[2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [Eraser]  File not found
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.08.2011, 20:58   #13
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



schuldigung, hatte das posten vergessen... ich dachte der custom scan/fix entfernt was, aber war ja doch ein scan...
hier der otl log:

Code:
ATTFilter
OTL logfile created on: 22.08.2011 22:04:59 - Run 3
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\juma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 64,51% Memory free
11,44 Gb Paging File | 10,25 Gb Available in Paging File | 89,64% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 70,65 Gb Free Space | 15,17% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 1,72 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,58 Gb Total Space | 1,05 Gb Free Space | 13,86% Space Free | Partition Type: FAT32
Drive K: | 232,88 Gb Total Space | 18,30 Gb Free Space | 7,86% Space Free | Partition Type: NTFS
 
Computer Name: JUMA-PC | User Name: juma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\juma\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Programme\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\juma\AppData\Local\Temp\CmdLineExt02.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Framework\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Framework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.LifeCam.Interfaces\2.7.569.0__31bf3856ad364e35\Microsoft.LifeCam.Interfaces.dll ()
MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2009 Advanced\ContextHandler.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (PRISM_USB) -- C:\Windows\System32\drivers\PRISMUSB.sys (GlobespanVirata, Inc.)
DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.21.4.175:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\juma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 17:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.18 17:37:15 | 000,000,000 | ---D | M]
 
[2009.02.14 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Extensions
[2011.08.22 19:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions
[2009.12.23 12:09:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.11 15:54:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.03.09 02:28:36 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009.05.30 01:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\moveplayer@movenetworks.com
[2011.08.21 16:03:49 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml
[2010.12.18 03:35:31 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml
[2011.03.03 01:19:35 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml
[2011.03.05 02:28:22 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml
[2011.03.29 11:54:43 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml
[2011.04.30 19:33:25 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml
[2011.06.23 16:37:52 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml
[2011.08.18 17:37:30 | 000,000,950 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml
[2010.10.11 15:54:37 | 000,000,168 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif
[2010.10.11 15:54:37 | 000,000,618 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src
[2010.10.25 22:02:37 | 000,001,056 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml
[2009.02.14 14:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.10 15:09:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.10 15:09:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.10 15:09:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.10 15:09:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.10 15:09:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [avupdate]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [Eraser]  File not found
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\juma\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell - "" = AutoRun
O33 - MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe
O33 - MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 4E3E0230AEBB4E96 - hkey= - key= -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.22 21:59:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe
[2011.08.21 15:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.18 17:39:27 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Local\Solid State Networks
[2011.08.14 18:11:15 | 000,000,000 | ---D | C] -- C:\Users\juma\Desktop\COMI
[2011.08.13 21:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airline Tycoon Evolution
[2011.08.13 14:35:49 | 000,000,000 | ---D | C] -- C:\Users\juma\AppData\Roaming\Malwarebytes
[2011.08.13 14:35:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.13 14:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.13 14:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.13 14:35:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.13 14:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.10 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.08.10 23:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.10 23:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 20:37:03 | 001,982,224 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe
[2011.08.10 20:25:47 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.09 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
[2011.08.09 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\VKMusic 4
[2011.07.30 17:11:07 | 009,863,516 | ---- | C] (                                                            ) -- C:\Users\juma\Desktop\VKMusic_4.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.22 21:59:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\juma\Desktop\OTL.exe
[2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 21:21:26 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 21:21:03 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.22 21:21:03 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.22 21:21:03 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.22 21:21:03 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.22 17:22:01 | 000,070,320 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.22 17:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.22 17:21:23 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.21 20:26:23 | 000,131,584 | ---- | M] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.17 22:26:45 | 002,143,922 | ---- | M] () -- C:\Users\juma\Desktop\DSC07936.JPG
[2011.08.17 22:26:44 | 002,058,952 | ---- | M] () -- C:\Users\juma\Desktop\DSC07938.JPG
[2011.08.17 22:26:42 | 002,016,710 | ---- | M] () -- C:\Users\juma\Desktop\DSC07939.JPG
[2011.08.13 21:15:25 | 000,001,367 | ---- | M] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2011.08.13 14:35:37 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.10 20:37:20 | 001,982,224 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\juma\Desktop\SandboxieInstall356.exe
[2011.08.10 20:26:25 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\juma\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.09 21:46:12 | 000,000,848 | ---- | M] () -- C:\Users\juma\Desktop\VKMusic 4.lnk
[2011.07.30 17:11:12 | 009,863,516 | ---- | M] (                                                            ) -- C:\Users\juma\Desktop\VKMusic_4.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.17 22:25:09 | 002,143,922 | ---- | C] () -- C:\Users\juma\Desktop\DSC07936.JPG
[2011.08.17 22:25:09 | 002,058,952 | ---- | C] () -- C:\Users\juma\Desktop\DSC07938.JPG
[2011.08.17 22:25:09 | 002,016,710 | ---- | C] () -- C:\Users\juma\Desktop\DSC07939.JPG
[2011.08.13 21:15:25 | 000,001,367 | ---- | C] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2011.08.13 14:35:37 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 21:46:12 | 000,000,848 | ---- | C] () -- C:\Users\juma\Desktop\VKMusic 4.lnk
[2011.04.22 14:00:52 | 000,000,092 | ---- | C] () -- C:\Users\juma\AppData\Local\fusioncache.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.11 18:21:09 | 000,095,973 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.01.08 22:29:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.23 12:08:19 | 000,070,320 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.02 00:45:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.04.16 14:24:14 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009.04.16 14:24:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009.04.16 14:24:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009.04.16 14:24:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009.03.20 23:43:53 | 000,000,037 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.03.17 15:24:10 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.02.23 22:02:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.23 22:02:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.14 14:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.11 21:49:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008.09.09 16:19:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.09 16:19:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.24 00:18:36 | 000,131,584 | ---- | C] () -- C:\Users\juma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.05 19:34:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.05 19:18:39 | 000,000,136 | ---- | C] () -- C:\Windows\WINWORD6.INI
[2008.03.05 19:16:23 | 000,000,057 | ---- | C] () -- C:\Windows\WINHELP.INI
[2008.02.17 11:57:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.02.08 23:21:07 | 000,140,216 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.02.08 23:21:01 | 000,201,352 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.02.08 23:20:38 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.02.06 18:31:53 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.01.30 21:47:48 | 000,038,028 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.01.30 21:47:48 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.01.30 21:47:48 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.01.30 21:46:56 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini
[2008.01.18 01:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\A6W.INI
[2007.01.01 02:01:13 | 000,000,680 | ---- | C] () -- C:\Users\juma\AppData\Local\d3d9caps.dat
[2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,264,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1994.12.12 01:00:00 | 000,104,448 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL
[1994.12.12 01:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI
[1994.12.12 01:00:00 | 000,000,535 | ---- | C] () -- C:\Windows\MSTXTCNV.INI
[1994.12.12 01:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI
[1994.11.15 01:00:00 | 000,221,696 | ---- | C] () -- C:\Windows\System32\FFILE32.DLL
[1994.11.15 01:00:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[1994.11.15 01:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL
 
========== LOP Check ==========
 
[2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon
[2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4
[2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta
[2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools
[2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog
[2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ
[2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech
[2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World
[2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3
[2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta
[2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars
[2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca
[2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client
[2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle
[2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft
[2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity
[2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent
[2011.08.22 00:11:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.19 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Adobe
[2010.12.19 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Canon
[2010.04.18 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4
[2010.02.12 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Command and Conquer 4 Beta
[2008.07.05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DAEMON Tools
[2011.03.15 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DataCast
[2010.08.09 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DivX
[2011.02.15 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\dvdcss
[2010.12.07 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.05 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\EurekaLog
[2011.07.14 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\ICQ
[2007.01.01 02:01:16 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Identities
[2008.09.19 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\IGN_DLM
[2007.01.01 02:11:18 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\InstallShield
[2009.02.23 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Leadertech
[2008.01.18 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Macromedia
[2011.08.13 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Media Center Programs
[2011.08.10 23:16:48 | 000,000,000 | --SD | M] -- C:\Users\juma\AppData\Roaming\Microsoft
[2009.05.30 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Move Networks
[2011.04.23 01:10:56 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Mozilla
[2010.09.10 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Need for Speed World
[2009.12.22 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Real
[2008.11.01 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3
[2008.09.19 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Red Alert 3 Beta
[2008.09.19 21:50:24 | 000,000,000 | RH-D | M] -- C:\Users\juma\AppData\Roaming\SecuROM
[2011.08.22 22:03:37 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Skype
[2011.08.22 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\skypePM
[2008.09.18 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Sony Ericsson
[2011.02.05 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\teamspeak2
[2008.01.19 20:38:54 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teewars
[2008.09.18 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Teleca
[2011.08.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\TS3Client
[2010.11.05 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Tunngle
[2009.07.18 14:59:29 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Ubisoft
[2011.02.28 01:58:43 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Unity
[2011.08.19 21:01:49 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\uTorrent
[2011.08.14 00:34:02 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\vlc
[2011.08.10 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\Winamp
[2008.08.07 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\juma\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.04 16:50:23 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\juma\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.05.30 01:19:47 | 000,034,062 | ---- | M] () -- C:\Users\juma\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2010.02.21 16:14:51 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.03.28 15:39:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2011.01.26 13:59:14 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.08.17 17:28:49 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\juma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.16 13:42:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.16 13:42:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.18 16:56:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.04.10 13:12:58 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
[2011.08.02 20:38:37 | 000,536,910 | ---- | M] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg
[2011.08.02 20:38:36 | 000,501,039 | ---- | M] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg
[2011.08.02 20:38:22 | 000,536,910 | ---- | C] ()(C:\Users\juma\????0039.jpg) -- C:\Users\juma\Фото0039.jpg
[2011.08.02 20:38:22 | 000,501,039 | ---- | C] ()(C:\Users\juma\????0038.jpg) -- C:\Users\juma\Фото0038.jpg

< End of report >
         

Alt 29.08.2011, 21:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Scareware - Standard

BKA Scareware



Nö, du hast meine Anweisung falsch befolgt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.09.2011, 18:42   #15
gutenmorgan
 
BKA Scareware - Standard

BKA Scareware



da hatte ich irgendwie nicht aufgepasst... hier aber nun die richtige logdatei:

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "LEO Eng-Deu" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\juma\AppData\Roaming\mozilla\Firefox\Profiles\3xx6a7y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.src moved successfully.
C:\Users\juma\AppData\Roaming\Mozilla\Firefox\Profiles\3xx6a7y3.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Programme\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Eraser deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\igndlm.exe deleted successfully.
C:\Programme\Download Manager\DLM.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4342e6d9-4ab0-11dd-aa58-001a4d55213b}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5eb6f4b-9927-11db-99cc-806e6f6e6963}\ not found.
File D:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8ebd9e4-9931-11db-affa-806e6f6e6963}\ not found.
File D:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f865b1da-25a0-11dd-9024-001a4d55213b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f865b1da-25a0-11dd-9024-001a4d55213b}\ not found.
File G:\setupSNK.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.5 log created on 09012011_183710
         

Antwort

Themen zu BKA Scareware
0x00000001, antivir, autorun, avira, bho, converter, error, firefox, flash player, home, install.exe, kaspersky, kis, logfile, mozilla, mp3, msvcrt, object, problem, rarsfx0, realtek, registry, rundll, security, shell32.dll, shortcut, software, start menu, svchost.exe, teamspeak, usb, vista



Ähnliche Themen: BKA Scareware


  1. Regclean.Pro Scareware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (18)
  2. GEMA Scareware eingefangen
    Log-Analyse und Auswertung - 29.03.2012 (3)
  3. Bundespolizei Scareware eingefangen
    Log-Analyse und Auswertung - 06.01.2012 (1)
  4. Bundespolizei Scareware
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (3)
  5. Scareware BKA, OTL Logfile
    Log-Analyse und Auswertung - 13.09.2011 (24)
  6. BKA Scareware
    Log-Analyse und Auswertung - 09.08.2011 (7)
  7. BKA Virus/Trojaner/Scareware
    Log-Analyse und Auswertung - 09.08.2011 (4)
  8. Bundespolizei-Trojaner Scareware
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (3)
  9. Trojaner / Scareware eingehandelt
    Plagegeister aller Art und deren Bekämpfung - 23.07.2011 (2)
  10. Problem mit Bundespolizei-Scareware!!!
    Log-Analyse und Auswertung - 20.07.2011 (13)
  11. Scareware im Browser
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (3)
  12. Scareware was tun?
    Plagegeister aller Art und deren Bekämpfung - 01.08.2010 (2)
  13. Plötzliches Pop Up - Scareware im Browser
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (10)
  14. Scareware wird handgreiflich
    Nachrichten - 01.03.2010 (0)
  15. Hab ich Malware in Form von Scareware?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2009 (3)
  16. Scareware??!!
    Plagegeister aller Art und deren Bekämpfung - 25.07.2009 (21)
  17. Scareware. Bericht aus der Sueddeutschen
    Diskussionsforum - 27.12.2008 (5)

Zum Thema BKA Scareware - Hallo,ich habe das gleiche problem wie viele hier, das ich diesen bka-virus eingefangen habe (war eigentlich nur auf "facebook" und www.sidereel.com bzw megavideo wegen ner serie). ich habe schon jede - BKA Scareware...
Archiv
Du betrachtest: BKA Scareware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.