Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   100 Euro Windows Security Center-Verzweiflungsscheisse (https://www.trojaner-board.de/109000-100-euro-windows-security-center-verzweiflungsscheisse.html)

lisab 03.02.2012 18:37

100 Euro Windows Security Center-Verzweiflungsscheisse
 
Hallo,

ich habe mir soeben ein Trojaner/Virus eingefangen. Während des Surfens poppte ein Fenster auf mit obigen Titel. Per Ukash soll ich 100€ via Ukash überweisen, da ich meine Windows Lizenz nicht gültig sei.

Ich wäre euch dankbar, wenn Ihr mir in diese Misere helfen könntet.

Hier meine OTL-Logfile:

OTL logfile created on: 03.02.2012 18:24:13 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\S\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 9,05 Gb Free Space | 12,99% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 23,65 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S1
Current User Name: S
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2012.02.03 18:23:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\S\Downloads\OTL.exe
PRC - [2011.12.21 08:42:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.01.21 03:25:56 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2012.02.03 18:23:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\S\Downloads\OTL.exe
MOD - [2008.01.21 03:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.01.14 20:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.06 21:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.04.04 02:03:14 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.03.03 12:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007.01.17 10:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.11.29 01:44:58 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006.11.02 10:46:05 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\irmon.dll -- (Irmon)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.14 09:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006.04.14 09:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 09:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.12.08 20:04:55 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.06.13 03:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.06.05 02:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.05.21 03:01:00 | 002,143,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.15 19:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.04.08 19:46:02 | 000,043,736 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.04.06 03:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.03.28 12:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.02.01 08:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.31 02:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.01.31 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:47 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:47 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.26 07:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.22 20:50:24 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 20:49:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006.12.22 20:48:54 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006.11.30 15:14:22 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45unic.sys -- (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM)
DRV - [2006.11.30 15:14:14 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45obex.sys -- (se45obex)
DRV - [2006.11.30 15:14:10 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 15:14:10 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45nd5.sys -- (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS)
DRV - [2006.11.30 15:14:04 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006.11.30 15:14:04 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006.11.30 15:13:56 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.03 06:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006.06.19 23:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.shareware-d.com/de/index.php?rvs=hompag
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010.04.11 23:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.04.11 23:45:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 14:15:40 | 000,000,000 | ---D | M]

[2012.01.01 13:54:54 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\mozilla\Extensions
[2012.01.01 14:15:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [vasja] C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe (Orb Networks)
O4 - Startup: C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{65852047-1d6f-11de-9da3-001d72cf2d4c}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\swfmgr.exe
O33 - MountPoints2\{65852047-1d6f-11de-9da3-001d72cf2d4c}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\swfmgr.exe
O33 - MountPoints2\{66df40f5-9f03-11e0-b4a4-001d72cf2d4c}\Shell - "" = AutoRun
O33 - MountPoints2\{66df40f5-9f03-11e0-b4a4-001d72cf2d4c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c9fb2b5-4673-11df-bb1c-001d72cf2d4c}\Shell\AutoRun\command - "" = G:\svchost.exe -- File not found
O33 - MountPoints2\{9b6acca6-3ec0-11de-a1d2-001d72cf2d4c}\Shell - "" = AutoRun
O33 - MountPoints2\{9b6acca6-3ec0-11de-a1d2-001d72cf2d4c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.01 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Spanisch
[2012.02.01 19:37:42 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Marketing
[2012.02.01 19:36:40 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Finanzierung
[2012.02.01 19:36:17 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Harlem Renaissance
[2012.01.17 21:53:00 | 000,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2012.01.17 21:52:59 | 000,076,800 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBBZE.DLL
[2012.01.17 21:52:59 | 000,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BBZE.DLL
[2012.01.17 21:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2008.09.13 12:01:55 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\S\Desktop\*.tmp files -> C:\Users\S\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.03 18:21:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.03 18:20:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.02.03 18:20:04 | 004,194,304 | -HS- | M] () -- C:\Users\S\ntuser.dat
[2012.02.03 18:20:04 | 000,524,288 | -HS- | M] () -- C:\Users\S\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2012.02.03 18:20:04 | 000,065,536 | -HS- | M] () -- C:\Users\S\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2012.02.03 18:18:50 | 000,568,998 | -H-- | M] () -- C:\Users\S\AppData\Local\IconCache.db
[2012.02.03 18:18:38 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012.02.03 18:18:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.03 18:18:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 18:29:27 | 000,026,624 | ---- | M] () -- C:\Users\S\Desktop\Questionaire Sebastian.doc
[2012.02.02 17:33:52 | 000,013,008 | ---- | M] () -- C:\Users\S\Desktop\Shopping in Freiburg.docx
[2012.02.02 16:04:28 | 000,012,704 | ---- | M] () -- C:\Users\S\Desktop\Background and issue.docx
[2012.02.01 19:23:01 | 000,036,452 | ---- | M] () -- C:\Users\S\Desktop\Bildende Kunst während der Harlem Renaissance.docx
[2012.02.01 19:17:54 | 001,696,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.02.01 19:17:54 | 000,724,144 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.01 19:17:54 | 000,675,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.01 19:17:54 | 000,166,992 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.01 19:17:54 | 000,135,510 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.01 17:00:42 | 209,755,137 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.30 08:49:26 | 000,000,162 | -H-- | M] () -- C:\Users\S\Desktop\~$sayLisaBaldischwiler.docx
[2012.01.29 06:49:44 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.01.24 00:15:42 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.23 08:47:07 | 000,000,162 | -H-- | M] () -- C:\Users\S\Desktop\~$ldende Kunst während der Harlem Renaissance.docx
[2012.01.17 20:58:53 | 004,704,223 | ---- | M] () -- C:\Users\S\Desktop\Philipp Poisel - Eiserner Steg (Klavier Version) - Offizielles Video.mp3
[2012.01.15 16:46:39 | 000,072,815 | ---- | M] () -- C:\Users\S\Desktop\259884_1852968013360_1515593326_31735813_2948712_n.jpg
[2012.01.14 09:46:04 | 000,031,744 | ---- | M] () -- C:\Users\S\Desktop\Tolstoi_Kreutzersonate_Arbeitsblätter.doc
[2012.01.14 09:45:42 | 000,177,152 | ---- | M] () -- C:\Users\S\Desktop\Steltner_Tolstoi.doc
[2012.01.13 08:03:37 | 000,029,696 | ---- | M] () -- C:\Users\S\Desktop\Lebenslauf3.doc
[2012.01.11 15:53:06 | 000,000,680 | ---- | M] () -- C:\Users\S\AppData\Local\d3d9caps.dat
[2012.01.09 17:40:13 | 000,000,162 | -H-- | M] () -- C:\Users\S\Desktop\~$rketing.docx
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\S\Desktop\*.tmp files -> C:\Users\S\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.02 18:29:26 | 000,026,624 | ---- | C] () -- C:\Users\S\Desktop\Questionaire Sebastian.doc
[2012.02.02 17:33:21 | 000,013,008 | ---- | C] () -- C:\Users\S\Desktop\Shopping in Freiburg.docx
[2012.02.02 16:04:27 | 000,012,704 | ---- | C] () -- C:\Users\S\Desktop\Background and issue.docx
[2012.01.30 08:49:26 | 000,000,162 | -H-- | C] () -- C:\Users\S\Desktop\~$sayLisaBaldischwiler.docx
[2012.01.23 08:47:07 | 000,000,162 | -H-- | C] () -- C:\Users\S\Desktop\~$ldende Kunst während der Harlem Renaissance.docx
[2012.01.18 17:49:01 | 000,036,452 | ---- | C] () -- C:\Users\S\Desktop\Bildende Kunst während der Harlem Renaissance.docx
[2012.01.17 20:58:11 | 004,704,223 | ---- | C] () -- C:\Users\S\Desktop\Philipp Poisel - Eiserner Steg (Klavier Version) - Offizielles Video.mp3
[2012.01.15 16:46:35 | 000,072,815 | ---- | C] () -- C:\Users\S\Desktop\259884_1852968013360_1515593326_31735813_2948712_n.jpg
[2012.01.14 09:46:03 | 000,031,744 | ---- | C] () -- C:\Users\S\Desktop\Tolstoi_Kreutzersonate_Arbeitsblätter.doc
[2012.01.14 09:45:41 | 000,177,152 | ---- | C] () -- C:\Users\S\Desktop\Steltner_Tolstoi.doc
[2012.01.13 08:03:35 | 000,029,696 | ---- | C] () -- C:\Users\S\Desktop\Lebenslauf3.doc
[2012.01.09 17:40:13 | 000,000,162 | -H-- | C] () -- C:\Users\S\Desktop\~$rketing.docx
[2011.02.13 20:40:04 | 000,600,142 | ---- | C] () -- C:\Users\S\AppData\Roaming\igxpgd32.dat
[2010.05.06 17:11:20 | 000,000,680 | ---- | C] () -- C:\Users\S\AppData\Local\d3d9caps.dat
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.01.28 01:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.28 16:40:44 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.10.28 16:40:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.05.30 00:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 00:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.06 16:31:27 | 000,219,136 | ---- | C] () -- C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.25 20:49:16 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.03.30 16:59:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.13 11:50:36 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.09.13 11:50:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.09.13 02:22:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.09.13 02:14:53 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.09.12 14:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.05.21 00:16:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.21 00:16:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.13 07:32:45 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.13 07:32:45 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.13 07:32:44 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.09.04 10:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 18:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >

lisab 03.02.2012 18:49

Meine Extras-Logfile:OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 03.02.2012 18:24:13 - Run 1
OTL by OldTimer - Version 3.1.28.0    Folder = C:\Users\S\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 9,05 Gb Free Space | 12,99% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 23,65 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: S1
Current User Name: S
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1207580324-1291616810-1147902704-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017C0ECC-D19E-451E-9CBB-81800060D972}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1640D962-B263-4975-8B7A-2A60EB89A4B7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5D2E6801-8691-4961-83BA-B6F3B58D14D7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{949EF634-DCD9-4A0F-912A-548A5D5E9341}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A109AE99-F873-42CE-98BF-7CA37040E5D4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BD9C1B4A-328E-4622-AFB4-E275F04B8EF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0D0691F-BB87-48CF-B7B9-5518823F52AA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D1ECF293-498A-4E04-B22D-5F8FF94B4521}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D929A933-8556-4C34-B74F-43CD7BF843F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021AA4D4-ED11-438B-92F7-59B05B8A09AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0521FAF7-B230-4BDC-9E5C-008485327BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06717E8C-FF78-411A-BD5B-D678F545F73A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0A5A9F34-5B8C-4730-B1A6-7C0E7AAE5EB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ABE7810-AADD-42D7-B361-94DA8DFBE85A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0FE47A20-701A-4FC3-A330-57AE122AB546}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1180BEC5-BC97-4BB2-80E6-82467282BFCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{118B2645-9E05-43B8-98F1-7506215A42D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11B3AFAE-D2C3-4BEB-A8EC-77FAF0DEC3A5}" = protocol=6 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"{15DAE434-EE15-4EE5-9543-7865B01EADB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16196C59-89D3-4AC6-8554-28ABEE9B4CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1789FD5F-82A0-4767-9BE8-801697DA3DC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{179703E6-5788-4F21-A66A-8C29E999670F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18E0B7C3-966D-4433-A5C2-C929DF6B7FFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18F30FD1-0833-42F2-8ED8-5D052779BEB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F196F32-0C69-40A3-9952-F76EE23D3F8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F5865F8-D3BD-4EAF-84BA-B1052E3F4F12}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{203CE903-C4D0-4357-96B4-80FAF221538E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{20923879-D8EF-400A-91E7-839589ED5584}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{21ACECC8-C509-4994-A1F8-3965AA914AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{233357BB-03FD-4380-8C78-4A7E4E99E3F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{259A0493-AEAD-4DCB-95D6-6030A020EE54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{259C9CF7-7BCC-4B10-9718-D96623AFDBE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2640F8F3-B172-4A3A-A6CD-51A9192DFA4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29B55528-8201-4CE4-A45D-078246481EDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2ACF4443-55CE-458A-AC3C-0DA24A616EA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B507AF7-4367-4D2B-8477-FEF3E6FDDA65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C2B8D3F-AFB1-4131-9199-32306E86D5EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C94F75A-3E69-43C5-85FE-452F522D630E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D7C78A2-69B0-47F8-BCDF-189E2F94FAAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E936FBF-00AE-4678-9DBA-4E3566041137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{327C392C-1ADA-4C2C-B571-5F0E08208CF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3348E915-2174-46D5-91EB-33F8D5DEA01C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35868C42-996A-4745-BC86-B1757327DDC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{376350F3-F53D-4F8F-B2BD-48EA3B3D9F10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{376A3115-91DF-4417-B902-B29ECCFF3FBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38273B6E-9660-44C6-B3C2-4C40A5E84D01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B9A3C6-B8CA-4AF6-BA2F-E3EDEEF82B9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39963476-AFB5-4997-B0D4-BAEEA3449EF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AFA65A2-FA56-4814-A0FA-92F6EE436518}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3D406E93-5993-4ABB-AB66-D29688F0E85C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D5BC71A-8F1D-4B2D-B7C4-7F9288850F3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DA6EE21-CB70-4336-B4D0-82CEF2292EAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E7E332B-8E22-45D4-BC95-B9355B782ACE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E83C264-BB83-49DE-96E2-695D96510565}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40465FF1-CA4A-4CF7-8842-CEE014E8DAB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4066DC91-2D49-496A-833A-F1C616CD5194}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40B178BE-76F0-4501-8A03-0FC8FFE235CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40E0FA8F-80B5-4EE6-826C-44A9E9DDF477}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{417CB842-DD43-433B-B6FB-6B9CFC3B36EA}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{41A87BC2-C6FD-4207-94AA-A44D9E2D8C16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42A4574B-50C9-4EFB-A4A6-2699786F60FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{438082EA-39C1-4676-97D0-2C966AB87956}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{459F15E2-72AA-4D11-B5A8-169748A5CA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{464D4D58-FE80-4DFE-93F8-A14611AE7D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4696272E-70CC-46FD-928E-172B33FDDD6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46C4406F-9A3E-4104-9452-5B36A0D01D80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C2CCA5B-8314-4224-8105-6D8B41AE7626}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F3D40BC-77E3-4330-AA45-5167CA22CF72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5010D3DC-E165-4DF7-82F2-84A486B4127B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5079FB08-BEE1-4440-AB41-5B44AA9523FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E909B5-3318-4309-BC40-DAF81D259AAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52B89301-F711-402F-BD9E-1B754E28BC28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57FE1DFD-94DF-4E8A-B486-170C64DD1D40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5920976E-8B3C-4EDF-B660-0187DC52F454}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5995DD65-C23F-41CE-9408-B6EE33364233}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5ADA60AA-5D90-4A03-94C1-FC97E984BD2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B17C1C6-1CB2-4B18-ACB5-64F347E5A976}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BA51795-75D8-4208-92A1-483D48228922}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CCD52B3-E5EE-4D5B-89ED-93DEC2D77FA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DD9B9C3-125C-48CF-8246-8F394C6600BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E83DB0F-5853-4F43-B196-FDE7F15F856F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5ECC8C39-3EA1-4874-89C0-8B1C677F2976}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{610157C1-C7FA-4F79-95E4-7CB7D5AA9CFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61035F16-F3E9-4C76-9E1F-8D27955A7201}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6409B6C5-AD50-4799-AD6B-C77BD4E23F9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{647054EB-2A9C-4214-A4D0-D1E94FE4AF1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{658AC1A7-6033-4985-9BBB-46664D82F7E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65CEBDE0-FFF5-44FB-AE60-8174B1A8BB66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67B72B54-E57F-4BB2-9EC3-5E3E7E0FB330}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{686862D5-138D-4B82-8C7F-04306C376B04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69040396-A552-4E5B-A75F-62063A924F84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A3CF8C8-0BBE-4D50-B6B8-C355E2BAB24D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ABB3232-7F7B-4863-94B5-8F74B017C50F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C0DCF00-F952-4A39-A8AA-456E8533CC97}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D83A301-94E9-454B-A830-543063F23E6E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E537DE4-ED1B-4DD5-BAA8-27F5E963F87A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F844958-8864-4FFA-A96C-FABA042FA5E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FDA14D3-7E3C-415F-8823-79A04F2DE1D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71A88EDD-8D2D-43EA-9001-D6B53F26B8F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{724EBD9E-7CBB-45E9-B86A-5E75E2947223}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74C08FC4-BFDA-45BD-B5D6-E75E44EF5543}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{752B8196-4B46-47F3-8A7C-DED80D552C7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7781B42A-A5F7-41DD-A335-B7B261125C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77BECACB-8B8F-4D8A-8494-520BF2904C28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78259597-CAE2-4F5A-99F2-2201C9158273}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78747040-86C1-4393-B914-F178F458742D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B2BFDFC-2998-4FA7-8375-12C72763056A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BC8676F-FE67-4933-97A7-310DEA0525E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BE420A3-A979-4C0C-8E73-64ED76F0525B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C4E1E63-D7BE-4289-9E75-CD86EA785DA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CD67C7A-7AE7-4130-9B35-E0ABFF0D9CCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DD8804F-5826-4735-868F-0FBF7B2502FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E1ED820-CE06-4287-BA06-999C9CB62EAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E96828A-AD2D-412B-961C-9D67FC447636}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8046A7CE-07BE-4E35-BD69-00F1F68C05F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8046BFAA-1433-42EF-ABFC-1F7EC1F2348D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{807CD7D2-140C-470A-810D-312F0B2090A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80BCA514-8C82-44AE-8F84-066882CBB63A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80C7AA11-CBB4-4660-82E5-FFB695271450}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80D90790-FD91-4CD3-8D2F-F2A41A9789B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{812CF01B-E05D-4069-90D2-9137847394D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8174AE74-5E5A-4947-8C5F-20D46EA27B4B}" = protocol=17 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"{81ECD2EB-953E-4A18-9E80-218683F3ABFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{824A8235-091A-409D-A0AB-73F8A8B88BBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8448B918-FE85-4EFA-A0CD-C88671CE2350}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8689A120-59F2-455A-A0F1-E39059F08630}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86DC90F0-F29D-4359-A4DA-EA5C5F00A588}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87B7D38A-A9FF-4E32-9D75-8ED77E33070B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{887533A7-01A5-4650-BAD1-64601A46647C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{88BA9253-DC62-4F79-B155-151B85D4F132}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88EA109D-1498-4188-ACBC-959107542CB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8984C9D8-6A77-4DD5-ACF9-45EA8917250A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A462306-0AC0-44CD-95BA-92880CA2AA37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A6D4DC5-5492-4B35-8908-830C7327D174}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A7851E0-41DC-4500-BFAF-F14DDB3254EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8AE1B127-BCDA-4B13-B278-081857EA9FAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B3AE051-5DCD-411A-9210-704D0498B820}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B79C82A-93C4-4EDB-8B5A-0BCEFAC682F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C1D3BA8-4A55-44BE-8D2F-5773D5E6899A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8DFB28D9-71E3-4B3D-9D75-05202744EA92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F6947CA-7E1A-4774-AEE0-8F648C4A0530}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9085A433-9D2E-4C73-B1D4-431C62342FC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{932B7AC6-E11C-44AA-97E9-6596754CD80F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{955CA884-EB8E-4064-BA13-47A435644FA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97C0A96B-E2AE-4638-BA54-1C05B90C6657}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{990652FA-C914-4C06-BAAC-14C951B5B7CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{990CFCEB-97A6-4A6C-B451-5AE645650962}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9943CABA-C84A-4860-BB5F-CD28D13FDAF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9984F428-0F1E-4255-AFB4-482A9DD51AC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B442BCE-3F6A-44A4-BD1D-708144069ACA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B537ACA-0019-4094-8BE3-B1BFB8517EA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BFDB65F-B431-46C5-A44B-A07CF4790F4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DD9506A-888F-48A6-87D4-1F721ED291CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A172D828-D3AB-4B4E-936F-8886A796B6ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A201F225-B842-4F88-BA0C-F34CCEA0D18B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D42CE2-25E9-44B4-A929-58F4529785A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A537727D-3883-4F81-8737-3196806FDD37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A53F818A-8A5D-4445-8339-6270446C2DE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6919160-17B9-4253-926E-6BA88A4F1C96}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A6ED0757-0517-4E60-8E6B-3BEC83264A69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A74E5F6D-2653-45CC-B29C-29449DD0986B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8080BC0-A43F-460D-8F51-8C9A825A99E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAEE7188-6C95-495D-9695-40FE1D8F3DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB7E2136-ADF8-4FB3-99D5-03F2F1AFB5C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABBE703B-6FAE-424B-B570-A1967BB57AD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABC8259F-17DF-46D3-9492-96630FC7B334}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AFD4822A-E670-4566-AAAA-153F1A51B4FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1B90EAE-8EE4-499A-99D7-30A54DF312E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2103301-C6C6-4948-88D9-23652AC4A801}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2D9FC65-5C21-472D-8D72-640E9E67CD26}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B30F120F-6845-40F4-A08D-036B2B372492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3362171-2030-4398-9A41-53CEDF535AE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B34F05B9-E327-4EB5-A71C-A65A17324018}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4180332-D6F7-4777-BCD7-ECD798ACCD12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B42609D3-1ED0-4F88-A227-0B5F556BB797}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B562279F-D788-48E2-A800-33F6E8893C64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B68C547F-31B7-4B9F-BF08-13B03DF3B825}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B78DF7FC-B3FC-4959-B980-293E28934FBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA42ABF1-DB8D-42F8-9CB3-9FFB952B46DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BAD5F8D5-2380-41CB-AF8D-0FF6D5123BB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB95215B-E58B-44AA-BBE6-B2A39B231441}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BC820DC9-2806-4BAC-83C4-F4D431813699}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCC04628-997E-4819-BC3D-CF1EB0465D14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD4F6F77-E3C8-4B60-A8F1-04879C801C6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0B2A1BF-7817-449B-9DD4-A8B45484AAEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0D794EA-8C23-4137-B24A-2D93098733C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1B62DB4-F93A-4F16-A8F1-A057371BE040}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1D84E96-31D9-41CE-BA83-C674753EC7BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C22A4A1C-EA90-4E8D-867E-E3026883C851}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C34AB58E-81EC-47CF-951E-AEABAD485406}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C585DAE4-E8A7-4CBB-A839-D3BA20489134}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C69BBD27-ED9A-4F0F-A490-A5142C26A889}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C740EAFE-F21B-4954-A76D-6D2F63B3BFD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7D1ECF3-0DEB-4305-B74A-F356522C2CD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C85E4BF0-3BF7-4FF5-80AB-1A66D8601088}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CB916BFD-9D38-4A6B-A6AC-BA16D60F0ECD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD2734CA-DFF0-4FE0-93AE-45D601D41491}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CED715BF-A308-41DC-A866-FCE5ADF2D5BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF9FFAC1-5862-4EB2-9165-E877F58B0040}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D227D983-589E-4B5D-8150-CA894A68A28F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3DEAB26-09A5-40A1-B19A-0DC520960E21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5611AF2-FAC1-451E-8F47-9FE56D30AB7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D97B47CF-7A13-4704-BAE5-E3F0252916B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA44A980-CD46-4D91-AEB9-EDA0ED80340A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA7D6AD5-BEFA-4668-AF90-15939D3D5387}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA8D91F4-EB4D-4162-A5DF-2D003C0EB076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC16DB26-A6AE-42B3-9170-6B21441D172E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC673B5F-A4D7-439F-B255-27078A27F867}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD6E5D35-57E9-46E8-B414-A0C613F1E9FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE32A7CF-0014-4982-BDA9-6C856A7F0EA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DED6E9AA-97AA-440B-9D5E-FB64910AD46D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF4ABCED-EA1B-402F-AD51-2603BDEBA514}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E022934F-76D5-41DF-90EC-DEDCBD529189}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E089D8D8-9A4E-4B44-A83D-FF183B2A1BF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1534FC5-6EDE-414C-A134-248DB2ECD7A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1E5D3D0-CC04-4399-BA3A-DF6D3682B1CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E690A1B0-7D63-49F7-91D0-A59DE2A8D039}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8EA61B8-DF3B-455B-AB83-F5AD938875C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA277488-BEC0-4B6B-95D8-B227C6D08F35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAA1E54B-5400-45DA-B420-8C10AAE1842F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECAECA0B-AA6D-4069-85F1-DC9F0EDBA3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE010B61-97BC-420B-9768-6A30E8FA0111}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE5AEE9D-CDEF-43DC-8ADF-19743FC36308}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2CF6083-B517-468A-9514-236ABD165DD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5BA96E6-A789-45D8-A7D3-6ADB9B1A413B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7098969-B47B-4DC8-AC53-3490BB9B776E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F72B68F1-28C3-4AE4-B474-96F0A2BF99A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F96CB4B4-8A33-46E8-805B-7BEB08FF7827}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A97E6D-B06A-4869-83A5-0FFBE59C1AB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FA34C770-DE21-44A3-85F3-30A73B448845}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB8C2ADA-4BCD-431D-AD9B-AE724F69859C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCE1279C-FA6B-4F5A-AECC-1EF9804F4580}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF489EB1-B5D1-4EB4-BFD8-DBC5147961B1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"TCP Query User{45D5A35F-AA77-4075-9A5A-14DDC7AC0204}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F8686371-375B-4C91-85AD-5D850E62D864}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{09264454-CAAD-432F-988C-B2227D17F62F}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\s\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5E592D29-F6D9-4E8D-9B17-293FA051E3D0}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.1.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

markusg 03.02.2012 19:39

hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:

:OTL
O4 - HKCU..\Run: [vasja] C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe (Orb Networks)
 :Files
C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]



• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

lisab 03.02.2012 19:50

Hi,
danke schon mal für die nette Hilfe!!!

Hier der Inhalt der Textdatei:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\S\AppData\Local\Temp\0.7548866788568477.exe moved successfully.
========== COMMANDS ==========
Error: Unable to interpret <[EMPTYFLASH] > in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: S
->Temp folder emptied: 528797890 bytes
->Temporary Internet Files folder emptied: 33108552 bytes
->Java cache emptied: 103441590 bytes
->FireFox cache emptied: 50634654 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1460576 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9371065 bytes
RecycleBin emptied: 130426902 bytes

Total Files Cleaned = 818,00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02032012_194350

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg 03.02.2012 19:54

sehr gut
befor wir weiter bereinigen können:
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

lisab 03.02.2012 21:10

Ok, super!
Und was passiert jetzt? ;)

Danke!
Gruß

markusg 04.02.2012 12:35

sind alle updates fertig instaliert, überprüfe es bitte, in dem du windows update aufrufst, suchen klickst, und guckst ob es weder wichtige noch optionale updates gibt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132