Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   wegen sicherheitsproblem ist ihr windows system blokiert? (https://www.trojaner-board.de/111803-wegen-sicherheitsproblem-windows-system-blokiert.html)

user1999 19.03.2012 17:50
also bis jetzt habe ich folgendes getan :
-abgesichertermodus mit internert
-malwarebites gedownloadet
-gesacnnt
-die viren in quarantäne gesteckt dann den pc neugestartet in den normalen modus (weil das programm nach dem scann das so wollte)
-dann kam der block
-und jetzt habe ich die viren die in quarantäne sind gelöscht..
... und was soll ich jetzt tun es wieder versuchen oder was??! ... :(

Swisstreasure 19.03.2012 17:59
Schritt 1

Abgesicherter Modus zur Bereinigung

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

user1999 19.03.2012 18:07
danke! mach ich sofort

user1999 19.03.2012 18:29
ich habs aber wie geht text box ? :D

user1999 19.03.2012 18:33
OTL Logfile:
Code:
OTL logfile created on: 19.03.2012 18:10:45 - Run 1
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Filiz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,77 Mb Total Physical Memory | 613,70 Mb Available Physical Memory | 60,00% Memory free
2,25 Gb Paging File | 1,99 Gb Available in Paging File | 88,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 5,71 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 39,97 Gb Free Space | 56,72% Space Free | Partition Type: NTFS
 
Computer Name: FILIZ-PC | User Name: Filiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.19 18:09:17 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Filiz\Downloads\OTL (2).exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.14 15:35:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.14 15:35:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.03.14 15:35:11 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.03.14 15:35:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.10 16:29:27 | 000,547,936 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\epson\EpsonCustomerResearchParticipation\EPCP.exe -- (EpsonCustomerResearchParticipation)
SRV - [2011.05.13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.02 12:23:21 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.04.04 17:54:08 | 000,266,343 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.29 16:51:56 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.11.21 05:39:34 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.11.21 05:38:24 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.11.21 05:37:18 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.11.21 05:36:32 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Programme\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.03.14 15:35:57 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.14 15:35:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.03.14 15:35:56 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.03.14 15:35:56 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.18 14:57:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.01.18 14:57:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.04.22 15:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.03.04 21:48:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.02.02 17:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.11.28 10:24:54 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.10.03 14:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2008.10.03 14:14:10 | 000,187,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008.10.03 14:14:10 | 000,146,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2008.10.03 14:14:10 | 000,039,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2008.10.03 14:14:10 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008.10.03 14:14:08 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2008.06.19 18:07:31 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.02.29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.08.31 14:24:26 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.08.10 21:08:32 | 000,017,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI\CIM\Bin\atidcmxx.sys -- (AtiDCM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.14 15:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.02.02 01:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.10.30 04:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Conduit Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE329
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{BDAAB30F-55C4-4D45-99DD-4A92DA1AF785}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/em/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Filiz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.05.04 06:50:15 | 000,000,000 | ---D | M]
 
[2009.05.26 11:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filiz\AppData\Roaming\mozilla\Extensions
[2011.08.09 11:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions
[2010.10.05 12:05:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.05 12:05:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.09 11:01:09 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Filiz\AppData\Roaming\mozilla\Firefox\Profiles\sacti63g.default\extensions\ffxtlbr@babylon.com
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Filiz\AppData\Roaming\Mozilla\Firefox\Profiles\sacti63g.default\searchplugins\icqplugin.xml
[2009.07.05 17:51:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.09 11:01:09 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Filiz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SkypePM] C:\Users\Filiz\AppData\Local\Skype\SkypePM.exe (Twain Working Group)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Filiz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2167EF-8825-4351-8395-7C907F7E7404}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Filiz\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O24 - Desktop BackupWallPaper: C:\Users\Filiz\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\Malwarebytes
[2012.03.19 13:28:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.19 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.18 11:33:22 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.03.15 15:09:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.14 15:54:35 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\Avira
[2012.03.14 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.14 15:39:04 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.14 15:39:04 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.14 15:39:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.14 15:39:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.14 15:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.14 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.05 07:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.03.02 19:24:44 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Roaming\.minecraft
[2012.03.01 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.02.18 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Local\{440385B1-A6C2-4637-9E6F-6249BF7F5F3E}
[2012.02.18 18:24:54 | 000,000,000 | ---D | C] -- C:\Users\Filiz\AppData\Local\{9744CC4E-1146-45BB-BBE5-93220CF23067}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 18:09:49 | 000,001,356 | ---- | M] () -- C:\Users\Filiz\AppData\Local\d3d9caps.dat
[2012.03.19 18:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 18:05:55 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.19 18:05:51 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 18:05:50 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 13:46:13 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.19 13:43:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0cb2b2108aed.job
[2012.03.19 13:43:02 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.19 13:28:42 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.18 15:06:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 14:15:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000UA.job
[2012.03.17 17:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000Core.job
[2012.03.16 12:03:44 | 000,009,728 | ---- | M] () -- C:\Users\Filiz\Documents\fittness kündigung.wps
[2012.03.16 12:03:44 | 000,006,996 | ---- | M] () -- C:\Users\Filiz\AppData\Roaming\wklnhst.dat
[2012.03.14 15:39:42 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.14 15:35:57 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.14 15:35:57 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.14 15:35:56 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.14 15:35:56 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.14 15:03:10 | 150,839,511 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.14 14:30:37 | 000,001,593 | ---- | M] () -- C:\Users\Filiz\Desktop\Browserwahl.lnk
[2012.03.14 13:44:49 | 000,298,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.10 15:00:52 | 000,043,520 | ---- | M] () -- C:\Users\Filiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.07 21:46:45 | 000,023,552 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs referat.wps
[2012.03.07 21:46:36 | 000,016,896 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs 1.wps
[2012.03.07 16:49:52 | 000,006,144 | ---- | M] () -- C:\Users\Filiz\Documents\Unbenanntes Dokument.wps
[2012.03.06 21:59:21 | 000,010,752 | ---- | M] () -- C:\Users\Filiz\Documents\bio dachs.wps
[2012.03.05 07:48:05 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.05 07:48:05 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.03.01 21:08:39 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.26 10:43:39 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 10:43:39 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 10:43:39 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 10:43:39 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 13:28:42 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.16 12:03:44 | 000,009,728 | ---- | C] () -- C:\Users\Filiz\Documents\fittness kündigung.wps
[2012.03.14 15:39:42 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.14 15:03:10 | 150,839,511 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.14 14:30:37 | 000,001,593 | ---- | C] () -- C:\Users\Filiz\Desktop\Browserwahl.lnk
[2012.03.07 21:46:36 | 000,016,896 | ---- | C] () -- C:\Users\Filiz\Documents\bio dachs 1.wps
[2012.03.06 21:59:40 | 000,023,552 | ---- | C] () -- C:\Users\Filiz\Documents\bio dachs referat.wps
[2012.03.01 21:08:39 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.01 21:08:39 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.01 20:59:07 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.01 20:59:07 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.02.03 15:49:13 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.02.03 15:49:09 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.01.18 14:57:36 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.01.18 14:57:32 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.06 13:07:52 | 000,000,093 | ---- | C] () -- C:\Users\Filiz\AppData\Local\fusioncache.dat
[2010.06.07 13:55:01 | 000,000,203 | ---- | C] () -- C:\Windows\disney.ini
 
========== LOP Check ==========
 
[2012.03.02 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\.minecraft
[2011.05.21 12:38:12 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\BitTorrent
[2011.08.09 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\DVDVideoSoft
[2011.08.09 11:05:45 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.02 08:29:41 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Epson
[2008.07.12 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\eSobi
[2011.11.04 17:59:20 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\FOG Downloader
[2012.02.25 22:27:43 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\ICQ
[2012.02.15 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Need for Speed World
[2011.04.02 12:30:01 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\OpenCandy
[2009.03.19 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Samsung
[2009.10.07 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Template
[2009.02.24 15:02:44 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Thinstall
[2009.03.21 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\TuneUp Software
[2011.06.14 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Filiz\AppData\Roaming\Windows Live Writer
[2012.03.19 13:43:02 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.03.17 17:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000Core.job
[2012.03.18 14:15:03 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1603657689-146025995-3200424923-1000UA.job
[2012.03.19 13:52:22 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.06.19 12:17:37 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.05.07 00:13:47 | 000,000,000 | ---D | M] -- C:\Acer
[2008.06.19 12:58:21 | 000,000,000 | ---D | M] -- C:\AcerSW
[2007.05.07 08:22:29 | 000,000,000 | ---D | M] -- C:\Book
[2009.09.25 12:24:03 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.03 12:23:58 | 000,000,000 | ---D | M] -- C:\Bus Simulator 2008
[2012.03.16 07:54:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.06.19 12:13:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.11 02:59:23 | 000,000,000 | ---D | M] -- C:\DRV
[2009.08.27 19:54:46 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.03.03 19:29:14 | 000,000,000 | ---D | M] -- C:\EPLAN
[2009.05.25 18:24:46 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.12.04 08:36:46 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.03.18 11:33:22 | 000,000,000 | -HSD | M] -- C:\found.002
[2008.06.19 18:57:59 | 000,000,000 | ---D | M] -- C:\HiTRUSTDrive
[2007.05.06 23:57:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.06.19 17:03:39 | 000,000,000 | ---D | M] -- C:\My Music
[2011.02.03 15:44:45 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.08.07 07:46:30 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.19 13:42:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.19 13:28:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.06.19 12:13:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.18 22:20:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.06.19 12:16:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.14 15:03:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.07.04 06:35:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.07.04 06:35:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 14:09:37
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4

< End of report >
--- --- ---

user1999 19.03.2012 18:34
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.03.2012 18:10:45 - Run 1
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Filiz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,77 Mb Total Physical Memory | 613,70 Mb Available Physical Memory | 60,00% Memory free
2,25 Gb Paging File | 1,99 Gb Available in Paging File | 88,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 5,71 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 39,97 Gb Free Space | 56,72% Space Free | Partition Type: NTFS
 
Computer Name: FILIZ-PC | User Name: Filiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C65EE-5407-4BD3-9A16-C0469442D732}" = rport=10243 | protocol=6 | dir=out | app=system |
"{00EF9ED6-C15E-43E9-AEEB-BCC14BA9BD3B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{01A909BC-5BCD-463B-9979-B09718E0368B}" = lport=1701 | protocol=17 | dir=in | app=system |
"{08AB458D-ADFD-4263-A7BD-98F11E5FD0FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{093B7CB2-3475-4866-B8E7-773F12A48415}" = lport=5357 | protocol=6 | dir=in | app=system |
"{09DA611D-6F4D-4C0C-AEF9-5B17F08BBBF1}" = lport=445 | protocol=6 | dir=in | app=system |
"{09E2415A-F3B3-4E60-870B-660E8EBD1DB2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{0A7C5E4F-14BE-435D-96F2-8DD694CAA885}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0C39A5EC-EEEC-478A-A9D3-E54BDB10993C}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{0CB357D9-985A-41D1-88B4-8F99C3BBC894}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{0F45F741-3480-4477-95BA-6CEA2D9CD67E}" = lport=6112 | protocol=17 | dir=in | name=wc3. |
"{188708A0-FF70-4671-8DD5-413212E8DC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1DD405A5-C446-42E8-B98B-A273E1660363}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1F14F1C5-93DB-4B8D-87F1-BC6763B17A19}" = lport=80 | protocol=6 | dir=in | app=system |
"{2065B063-A4A1-4D0F-BCF5-AA32BA3BEC9D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{21A02312-78B5-4384-847B-2092DE00D30A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{21D81934-17E0-474B-B6AA-DD3E0D79DF65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2424F0CA-60A5-47AD-A335-FABEE1A30250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{2B040D6B-6640-4341-9174-959C5C9DE970}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2C3B3A77-E45C-428B-B5D4-DCF8CA5FD2BB}" = rport=2178 | protocol=6 | dir=out | app=system |
"{2CCDAA28-20CC-476E-8DE0-BF6B4252E2D8}" = lport=5358 | protocol=6 | dir=in | app=system |
"{2EAD8748-A510-4D3B-AFDF-66319ECF1459}" = lport=6112 | protocol=6 | dir=in | name=wc3.1 |
"{306CE20D-C356-4DED-8A20-DD3B90F58A5A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3165AE08-0F79-40FE-B8EC-20ACE726DB44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{339A2C6D-B651-4C3C-BC0B-2F91277ED517}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{36682890-4A32-459C-B9B0-A7A0AD99484D}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A0C21D6-AA16-442C-B822-8FC1CB00A5C6}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{3A8672D6-A8C5-45CF-8CD4-6FF786FFE03A}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{3C071050-E489-4B26-B5A5-0C5B4AACE85E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{3EFEA895-E0DB-401C-81EB-53C748AE9E36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{40283FFD-E775-48F9-B21D-8561E1B2C012}" = lport=443 | protocol=6 | dir=in | app=system |
"{42CFBA9E-3C6E-4963-AC94-FD912A9EE97E}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{46190549-7654-4FDB-B7DE-A3E578AD20B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46FB419E-102E-4496-828E-D55575BE6EA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{48B884BF-3E52-42DE-87F4-409C3A1733A9}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{4944BC6B-C00A-49D6-9923-603CEBA20FAC}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{4A4760EB-5CB6-4D2E-AEF6-2332021F7497}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A8B147D-C2B8-4EB4-8913-42BF3A46C4B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4D21BA61-A537-4A50-95D4-61FD16401F48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4E0DCEEA-4020-4878-B75D-F5CCAD18199A}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4FDED6A9-C23C-40BD-A23A-94D13FE74386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4FE10CF9-8467-402D-8D9C-A0264DB02014}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{523569A5-C092-4CEC-A72A-408909CFFDCE}" = rport=137 | protocol=17 | dir=out | app=system |
"{52CFE18E-8A6F-4157-876A-F83ADCFC6AD0}" = rport=1723 | protocol=6 | dir=out | app=system |
"{5607C3E5-6E65-490B-902F-9C088BF2E96A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{56DEB1D8-902B-45DE-B2EB-263244464EB5}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{59950D30-41CB-4A30-BDDE-73C7664AD70F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5AAEE57D-A6D8-465A-9CC0-825C2C6A0FB9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C94A644-EA7A-476E-ABC5-352BAEC4C222}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{5DE7AE58-2838-43A6-8C34-41191A042855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EBBD232-471B-4FE4-B118-372A92DD9000}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{64FAF4D7-93B0-4395-B478-DF3D7636C6DE}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{66434F13-983C-4478-9380-C354B7F7E0C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{69164AA9-8443-45BD-9960-7E1C9655F20A}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E1353F1-DDBE-4A91-A6A3-4B18C054B707}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F557046-CFF3-4369-B70E-8A5046428962}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{75148773-51AF-4123-B03B-CBF9D3EF4E60}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{767F380B-BBF6-496C-8FB9-80B5FF8366F3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8A28D8CE-C8C4-48B0-95E2-61F6141D3E5A}" = rport=138 | protocol=17 | dir=out | app=system |
"{8CC439E6-5585-4540-AF30-A77DC90320E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{8D987CFE-5F78-452F-B3CD-1248320ABAE0}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{8D9F66AC-D1EA-4D2D-A39F-97104D3FA411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8ED9E83E-5679-46B4-A551-0A064E2ED0C3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8F6520B8-4C54-4D15-9949-1E24E33F7CD1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9006DF48-6519-4262-BE6B-C837F50C2A8D}" = lport=1723 | protocol=6 | dir=in | app=system |
"{9281B536-30E7-4435-9E6A-0F26E77C7B49}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{9546305A-C82D-4F55-97FB-5E9087955C66}" = rport=445 | protocol=6 | dir=out | app=system |
"{95EFFA39-71C1-4FD8-AE5B-1B7861DD7489}" = lport=139 | protocol=6 | dir=in | app=system |
"{99FA3F40-8838-4BF2-8C43-993803758F3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A62CBF03-981E-4AC6-AF6B-28A24506F38A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AB61342E-A150-472F-92DA-95A4814EE9DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{AC4DB8AB-7AC6-4117-AEFB-DB77B4ED054E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B0933485-A3E0-4C41-89BB-CA786F3A2112}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{B29C1710-95F8-4467-BFE1-39C81D4AF63E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B7FE360E-D748-49BF-BA8A-80FC3D3B8A6A}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{BCB5A8E5-6218-4D55-A3DB-56FE88ED609F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{C0E3D069-F1BD-43DD-86DC-AEAF66261237}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C2DE06E3-B3C5-491D-B816-331DA5B1DE0F}" = rport=5357 | protocol=6 | dir=out | app=system |
"{C695245D-A2B5-4D05-97C6-547B3A70451D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CB8B955E-9D5E-4327-A45D-ED9C399DE95D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CF679572-B0E7-465E-9AC9-CB73B11BC13A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D5C66190-694C-402D-B0E0-0465C1A0A5C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D78D6972-A1BB-4B88-953A-1D0A5F3413D9}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{D948EDD3-3646-4522-A2BB-E13C90D14CDD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DC57C170-9EB2-4319-A247-CFA103B53EE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DE7FAA75-1131-4945-A4A3-AF5EF6AC86A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DFC33DCF-1F8D-4A12-B138-78C1CE8B3AC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{E33C3B08-AB41-4F60-BC32-5F2B2A55F421}" = lport=2178 | protocol=6 | dir=in | app=system |
"{E4CD4CD0-C0E9-4255-849D-F16D20C4957F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E5057A8C-AB79-4B6B-815C-13EECD40CEB3}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E8441291-DC14-4A0E-8001-834E0486E3D2}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{E8E176D9-BEC8-41C3-B60C-DB0ED004F298}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{EF10235B-A63F-4E2E-B0FD-0B589A35C371}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{F4DD96B0-5CAD-46A9-99E4-01A65D1972B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F82EEDC5-A86A-4585-AF2A-CD23A5C14BF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F9BFB30E-4BEA-432C-91B5-E2B94FE6A54B}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{FB2E68E1-18DC-4025-ADE9-85F18A9EC12D}" = rport=1701 | protocol=17 | dir=out | app=system |
"{FDC6932C-C080-4C84-A750-5A2CE66CA3B2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{FF4F9971-27E0-4DF1-B17D-985D58D9D142}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008AA397-CED2-433B-8EB7-38847926EAAE}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{02E17AE3-7770-464E-A933-9A14E48535F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0493E3FE-D69E-4A8D-B15E-3A90BC757B1F}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{05099283-2EB3-455B-8A38-1EAE3D75CF5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{09762EDE-3AF2-433B-83BE-6397E58E5866}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{0EE0B771-0B81-4C29-BB3E-8E2028D3755E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1213901768\ee\aolsoftware.exe |
"{134A9A52-B9DF-491A-8871-727C788A3AEB}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{149B2FC6-301F-4B3A-BDCD-FF581910D88F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{152C1DAB-CDA2-4FF4-A6E1-25EFF685C60B}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1900C630-2D65-4EEA-8344-7DD3A805685B}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{1D208BA0-90EE-4FB4-997E-84AE90E665E8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2008AD94-9A3F-446A-8444-A60024DF5288}" = protocol=6 | dir=out | app=system |
"{2041271B-5DC5-44A8-B3B6-67F7F7FEA874}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{217C3922-36A0-467B-BA77-881EA8BFFB22}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{217EAF1F-EDDB-4903-96E0-0E766F9A22B7}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{21EE1DB1-EE58-497A-BBD7-5BE3A3B697DF}" = protocol=6 | dir=in | app=c:\users\filiz\appdata\local\microsoft\windows\temporary internet files\content.ie5\b8orin6r\facemoods.exe |
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{25BB944A-389A-4265-B26E-19CF7DC3E70A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{270CD491-4B33-4083-84C9-D00D1003BC1F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{278C1642-8B18-43D5-A6E8-BA8F1B805465}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{2BF4CB48-7F94-4A5A-8108-AE21513FAA7A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{2DC29940-D60C-4894-9301-2A7F0BA2242D}" = protocol=17 | dir=in | app=c:\users\filiz\appdata\local\microsoft\windows\temporary internet files\content.ie5\b8orin6r\facemoods.exe |
"{2E42583F-3899-4989-9F80-E7E233943B16}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{368C9C21-E9BE-475D-AF45-27B410C77590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3789D9A1-FB41-4757-931F-54594A913347}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{42876BB7-833E-4C11-BEA2-CF85B7D7A1E3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4756BC26-1D89-4E1A-9772-959A7C67B6CB}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{49E6D427-F151-41C1-9806-E9565B49D495}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{4CF16028-769D-458A-94CA-AEA15E9CB3AC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4DBF5A05-3E4E-40A6-9DE8-1BC90802D3EF}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{50AFC9C9-02EC-47AC-85EA-11B24CA96330}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5775EF0A-DDF1-4780-AB71-75F60F6F545A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{581D504D-103E-42F8-BD55-987FC4F84C7C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{5A14B987-1B54-49A2-AFD1-41A578448096}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B6CDCB8-C631-490F-B674-747353763288}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5BDDFCE8-74E1-41A3-A362-4F55D42F8726}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{5E85670B-6EAF-4319-AA87-9D7BBD59DE7F}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{5F4CE7AF-BDB8-4E61-A991-199061F97F44}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{606FEE49-4CB7-45CA-9736-08C1CD8C6856}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{66BFC5D7-0C9A-474E-A97B-D88B5B72B0C1}" = protocol=6 | dir=in | app=d:\stronghold2.exe |
"{6781ECC0-8674-4A88-A9A0-EF45F24D6F9B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{67C4DF38-87AA-4F28-BBBD-2C20F3FBAC6D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{6B320E44-564C-4866-8747-0CAA5DE7A5FA}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{6D5501BB-FAC2-4083-B55E-96CCB34F9133}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D9815EB-8A40-4F5E-BB78-92ACC6106B88}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{6DCB2AF2-26A6-46B3-8F87-4C1DBE032D8D}" = protocol=6 | dir=out | app=system |
"{6E9AB5D5-2032-4E6A-803B-BA58A2AEBD9A}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{6F85D589-E6B1-47C1-AD0B-32C01A872E92}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7620BFA3-B0D0-4088-929D-9D07F449F510}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{7D4A729E-4F60-44EB-9102-262FAEF38C5E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7DEE7B26-52EF-4BD4-B7C8-BB29522FC264}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{804A8523-0B1A-4678-97CE-9B1C5BCFAFA1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{82CDC088-3459-4CD3-9099-7FF6C43B21F7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{838DC87A-2682-4386-A9B5-B259395FCE06}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{85A9F660-15E4-452E-B187-22A3652DE2B9}" = dir=in | app=c:\users\filiz\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{87535030-26E8-47A9-BF50-3DA0D3489A45}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{88BF7F93-D198-42C0-BA4A-DE5117899356}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8BCBE432-0061-45BB-985C-1B979B42A5FE}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{8D304577-C5AD-4BA0-94B5-C7EFADCC703F}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{8E8BE690-9D6D-4293-AD90-67B645857022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{91AB4117-AA08-4B96-9065-1EC934401983}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{98130D14-873A-4FB0-BCCC-11F9D6D02210}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{994261A1-9C98-4BD7-8F02-CD9E4EBC81F0}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{9E1D6AAD-9905-41C4-8A37-3894C0EDAEA5}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A44F76B2-7194-43F7-87E2-06AD29521E0C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0C28C92-93E2-42A4-83A1-8A7FF9D05934}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1213901768\ee\aolsoftware.exe |
"{B38180DE-EA0E-44E7-87FC-D279EC245E5E}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{B5CD7E17-E2CF-4545-9F3F-BD423E082F20}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{B7ADA983-301D-4273-82A4-529F32E236A7}" = protocol=17 | dir=in | app=d:\stronghold2.exe |
"{B92FF813-E72A-475F-B259-B8BC40F40C96}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BAF33F84-16C6-4000-B953-701161D1F0B4}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{BC839062-F947-4753-B999-2B7BAE3B53DC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C8C98984-CD60-428B-B48C-DB0E72D9C716}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{C9892981-87E3-4B2D-B508-4211B7E2B826}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{CA942F9B-B809-44AC-A48E-EB55E29CA72A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CB29B865-6E94-400E-A449-007F6D8B4AC5}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{D205F1E9-204D-4CCE-92BD-D3992DCFC760}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{D7367C20-E55F-4FB3-A459-1EF2FB40D045}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{E1572AB4-BC74-43DC-96F6-BB35AE86FBFF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E1B8FD3D-4505-42FE-A89D-691A129B9A53}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{E4EE2C5F-F605-4E94-B333-6B939EF516CC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E988321E-A7B9-4F83-94BC-4D137BB45F1E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{E99FC5A1-C8E0-4952-9EEB-3E89353BFABC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF342179-49AC-4650-AD89-690F9815D543}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{FA7D8F68-43EE-4008-BA03-C0E99812322E}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"TCP Query User{2050DE18-E7AD-4823-BDEA-CC46738B636B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3B6B239E-B6ED-4706-AFA5-AD6721CEE0F0}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{4136D892-A38F-4D0C-AB25-FB92FBF5EE3F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{862ADDA5-444D-4BE2-B797-9F6233075AA8}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{884039BE-53BD-44E5-B356-CE9AB52233C8}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{8BC1CF93-7727-4F24-8DA8-151F872428CE}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{CFCFD5A4-F615-4976-BF04-46F907A4218D}C:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=6 | dir=in | app=c:\program files\lego media\constructive\lego loco\exe\loco.exe |
"TCP Query User{D139C222-A3AE-45F4-82AE-7C9239924817}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"TCP Query User{EF47BBA3-4BD2-46FE-A07E-95C4AD351EF9}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"TCP Query User{F60D40F6-49B3-468E-9487-F7F0413EB8BE}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{213885E2-C706-4567-9491-1893AA5DEFD4}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{334056DF-3B40-4230-A54C-ED6DBEA9167C}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe |
"UDP Query User{362CDDB3-4F99-46ED-A696-07599FD378C3}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{3D23410F-FB96-414D-896C-3EFFC82BED21}C:\program files\lego media\constructive\lego loco\exe\loco.exe" = protocol=17 | dir=in | app=c:\program files\lego media\constructive\lego loco\exe\loco.exe |
"UDP Query User{42F82518-F47D-4144-A588-D5731FD4C016}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"UDP Query User{6B02D4F9-F605-478B-B7AC-2BD56D6150CE}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{9ED16594-D837-4A67-8070-D79BC91A1244}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A9948AE2-B8EA-4A49-95E9-C885E77AB560}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{B4532383-D286-4D5D-B429-4218058BEBB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CBCB71CD-B776-4FF0-BDB3-498A7BAD03C1}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021661E0-C377-C87B-9583-E0A69E61A489}" = Catalyst Control Center Localization Thai
"{023387B5-AF74-D690-D2C6-C8D474597284}" = CCC Help Polish
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{042B8532-E27C-C06E-A8F5-71F36B98B2DE}" = Catalyst Control Center Localization Portuguese
"{0459FAF6-D4CA-406C-BA6F-9A3D225ABD1A}" = Epson Customer Research Participation
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07AE9F43-360F-7412-577B-2B4B73E5EAB9}" = CCC Help Hungarian
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C09E020-9996-4E1C-9839-97DA8F9C8D6B}" = CCC Help Danish
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1861D449-590B-71F5-2C62-21730731FC4C}" = ccc-utility
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21565317-7E58-CEED-E5BE-6916533442F4}" = Catalyst Control Center Localization Czech
"{2224B408-E7E4-15CF-0674-EC7C36D68741}" = Catalyst Control Center Localization Hungarian
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236D1288-99DB-C3D6-D132-EDE6317BF619}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{2AABA091-41DF-D0D3-83F8-0133F8C7AA97}" = Catalyst Control Center Localization Swedish
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{317DE552-B622-0DD2-4E7E-28400D64C100}" = Catalyst Control Center Localization Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42DF661F-6351-B582-DE2C-B8C46B30303F}" = CCC Help Dutch
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F5641C5-409C-7E5A-A2F9-B6D00A190B55}" = Catalyst Control Center Graphics Previews Vista
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5AA2CD16-706F-41F3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EA96EEF-4E57-C1F0-6A06-088191FE110C}" = CCC Help Thai
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = PTP
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{6467DDF9-718F-4FC3-8606-A975468DF541}" = SymNet
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B73D186-ED5C-6EB1-96EE-8F866269243C}" = Catalyst Control Center Localization Danish
"{7007D9E6-F820-CFEA-EB87-9C9377A967F7}" = CCC Help Swedish
"{710EA46C-2A49-F39A-5EC7-3884DC5329D7}" = Catalyst Control Center Localization Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF0F2A-A87D-B6B7-6671-61B53F98254B}" = Catalyst Control Center Localization Turkish
"{760F3E42-B1E4-5324-4C4A-0459C8938B6A}" = Catalyst Control Center Localization Italian
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760B7DD-C922-C286-AB6C-2E06B32C1D4F}" = Catalyst Control Center Graphics Full Existing
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837F9742-DCC8-3FF4-5066-E11E48EE2391}" = Catalyst Control Center Localization Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86861408-CB40-247E-B851-608792116658}" = CCC Help Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E71966-9EE0-9AD3-2C17-FC3A0B8BB810}" = Catalyst Control Center Localization Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCA7792-CF78-46C6-66A7-EB9A8F0FB0A2}" = Catalyst Control Center Localization Russian
"{8C42C789-B0EF-3226-9069-D1956B220B38}" = Catalyst Control Center Localization Greek
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE1CAAF-31C0-6B2A-45EE-7761FDEFC806}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C353B52-07E4-07A7-B95F-392D8AA37210}" = Catalyst Control Center Localization Japanese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBB76DD-812B-26E9-C681-B7CD2DA27A78}" = CCC Help French
"{9E6D81B8-1FA4-4F32-AEE2-D9F81971B4C0}" = Simtrain's - Gotthard Route 2
"{9F96AFEF-28F1-2479-1D6A-33F8D4A7BF11}" = CCC Help Chinese Standard
"{A10FCB8E-F4C3-0C5E-4FFC-8C9A560095A8}" = CCC Help Russian
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A6038CD2-72AF-2C0A-C1A3-93D360F5A889}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE223864-BFA1-1F17-49B2-13C8971DACA2}" = Catalyst Control Center Localization German
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B22D8435-CB77-849A-B9AE-D1737A073914}" = Catalyst Control Center Localization Polish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BA8D55-5397-6712-1B6C-5A8849AF19F5}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1722D10-8C05-B66D-A160-7C2CFF589176}" = Catalyst Control Center Graphics Light
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C485A66D-3521-20E8-2A7B-F060B1773491}" = Catalyst Control Center Localization French
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1C40A4-2836-1911-673E-18572FD2B62A}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6FE5A8-1338-188F-35B3-8372FA31D822}" = Skins
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5E905F1-7657-7B1E-E5BD-2C69C89C8ABE}" = CCC Help Italian
"{D6DB00A1-4BCC-AB1B-24C2-0999BDA43D85}" = CCC Help Greek
"{D7D4DB0F-9070-AED1-D2F4-D11BD42C7588}" = CCC Help Chinese Traditional
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{D7F01E28-9D36-F8EC-872F-9FD71792F858}" = CCC Help Finnish
"{DA6AB13B-4D72-6EBB-AA4D-656CE9C0E512}" = CCC Help English
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF59BA36-54DC-6BB4-FCED-C9B9F2BCB4AE}" = CCC Help Spanish
"{E0325EFE-9D02-0F1E-7306-F4D95979715A}" = Catalyst Control Center Localization Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63AA3F4-5647-0BC8-24FC-F40CFE56B579}" = Catalyst Control Center Localization Norwegian
"{E6541F6A-3D2D-30E5-57F9-4DD411C2E4F0}" = CCC Help German
"{E720B248-D9F5-5E20-8E72-3E419D45D703}" = Catalyst Control Center Localization Finnish
"{E8E32E53-18F7-095E-CC75-F77E412F1AD9}" = CCC Help Portuguese
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{ECF106D2-86F4-49A3-8761-57D736C8D660}" = Karamalz Racer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09030B7-7B8A-30DE-539B-607C9B1831DB}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F76D7388-A433-E572-4718-CD3421738166}" = CCC Help Turkish
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Toolbar 4.0" =
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"BabylonToolbar" = Babylon toolbar
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Diccuric" = Diccuric
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProTrain 23 Raildriver 1.0" = ProTrain 23 Raildriver 1.0
"RealPlayer 6.0" = RealPlayer Basic
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

user1999 19.03.2012 18:37
und jetzt ?! :D

Swisstreasure 19.03.2012 18:46
Schritt 1
Code:
:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9c5bd038000000000000001c254ffb8b&tlver=1.4.19.19&affID=17162
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

So, nun führst Du einen Scan mit GMER aus und postest das Log.

user1999 19.03.2012 19:00
aber wenn ich dann neustarte startet der pc im normalen modus auto. und der geht ja nicht...

user1999 19.03.2012 19:17
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:671329E4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Filiz
->Temp folder emptied: 618870920 bytes
->Temporary Internet Files folder emptied: 1528439693 bytes
->Java cache emptied: 63711848 bytes
->FireFox cache emptied: 2904538 bytes
->Flash cache emptied: 77449 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106395517 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 15442574 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 5951550996 bytes

Total Files Cleaned = 7.904,00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03192012_190726

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

user1999 19.03.2012 20:36
GMER Logfile:
Code:
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-19 20:34:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-00PSA0 rev.05.06H05
Running: zh7hlvh2.exe; Driver: C:\Users\Filiz\AppData\Local\Temp\kwdoypod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73F27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [73F7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [73F2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [73F1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [73F275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73F1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73F58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [73F2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [73F1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73F1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [73F171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [73FACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73F4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [73F1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [73F16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73F1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT  C:\Windows\Explorer.EXE[1608] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [73F22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

user1999 19.03.2012 20:38
und nun??

____
mfg :

Swisstreasure 19.03.2012 20:48
Geht der Normalmodus wieder?

user1999 19.03.2012 22:24
jaaaaaaaaaaaa!!!!! ich bin dir sehr dankbar! fuer deine muehe und aufmerksamkeit.
___________________________________________________________________________________________________________

der rechner hatt an geschwindigkeit verloren.. liegt das vlt. daran das der virus hintergruende /spuren hinterlassen hatt oder weil der pc knapp 2 tage ohne unterbrechung an war?oder ist das normal nach einem virus?? ich hoffe der pc wird wieder schneller wie frueher..
___________________________________________________________________________________________________________

also der normale modus geht wieder muss ich noch i. etwas machen?? ( nochmalen zur sicherheit scannen oder so meime ich damit) oder sind wir komplet fertig??
___________________
mfg: Denis

Swisstreasure 19.03.2012 22:42
Nein wir sind noch nicht durch :)

Update Malwarebytes und mache einen Fullscan.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:51 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55