| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen Meldung in AntivirWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2012, 08:43
| #1 |
| |  TR/ATRAPS.Gen Meldung in Antivir Ich habe auf meinem Rechner die Meldung bekommen, dass der TR/ATRAPS.Gen in einer dll gefunden wurde Mein Rechner ASUS Notebook Windows 7 64-bit Antivir 10.2.0.707 Windows Firewall Spybot 1.6.2 Ich habe mit die Anleitung für das OTL Tool durchgelesen und hier sind die beiden Datein: OTL.txt Code:
ATTFilter OTL logfile created on: 4/27/2012 3:15:54 AM - Run 2 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Rahman\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 23.59% Memory free 7.89 Gb Paging File | 4.01 Gb Available in Paging File | 50.85% Paging File free Paging file location(s): e:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 14.70 Gb Free Space | 19.73% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 41.41 Gb Free Space | 4.44% Space Free | Partition Type: NTFS Drive E: | 208.92 Gb Total Space | 81.66 Gb Free Space | 39.09% Space Free | Partition Type: NTFS Computer Name: SPUTNIK | User Name: Rahman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rahman\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits) PRC - C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Users\Rahman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - E:\Program Files (x86)\Miranda IM\miranda32.exe ( ) PRC - E:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - E:\Program Files (x86)\LaunchBarCommander\LaunchBarCommander.exe (DonationCoder.com) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (GFI Software Ltd.) PRC - C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (GFI Software Ltd.) PRC - C:\Users\Rahman\AppData\Roaming\Telekom Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\tools\n52te\razerhid.exe (Razer USA Ltd.) PRC - C:\tools\n52te\razertra.exe () PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\tools\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.) PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - E:\Program Files (x86)\WinHotKey\WinHotKey.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Program Files (x86)\1Password\js3215R.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - E:\Program Files (x86)\Miranda IM\Plugins\srmm.dll () MOD - E:\Program Files (x86)\Miranda IM\zlib.dll () MOD - E:\Program Files (x86)\Miranda IM\Plugins\ICQ.dll () MOD - E:\Program Files (x86)\Miranda IM\Plugins\dbx_mmap.dll () MOD - E:\Program Files (x86)\Miranda IM\Plugins\clist_classic.dll () MOD - E:\Program Files (x86)\Miranda IM\Plugins\chat.dll () MOD - E:\Program Files (x86)\Miranda IM\Plugins\Aim.dll () MOD - E:\Program Files (x86)\Miranda IM\Plugins\IRC.dll () MOD - C:\Windows\SysWOW64\d3dyxom5s.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\SysWOW64\IS_ContextMenu.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\tools\n52te\razertra.exe () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () MOD - C:\tools\totalcmd\TCUNZLIB.DLL () MOD - C:\tools\totalcmd\WCMZIP32.DLL () MOD - E:\Program Files (x86)\WinHotKey\WinHotKey.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\aptwbvy8v.dll () SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Agile1Password) -- C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (rtpMIDIService) -- C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (GFIBckHAtt) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (GFI Software Ltd.) SRV - (GFIBckHSched) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (GFI Software Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (ipMIDI) nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM) -- C:\Windows\SysNative\drivers\ipmidi.sys (nerds.de) DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.) DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare) DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare) DRV:64bit: - (teVirtualMIDI64) -- C:\Windows\SysNative\drivers\teVirtualMIDI64.sys (Tobias Erichsen) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (bomebus) -- C:\Windows\SysNative\drivers\bomebus.sys (Bome Software) DRV:64bit: - (bomemidi) -- C:\Windows\SysNative\drivers\bomemidi.sys (Bome Software) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:64bit: - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1039unic.sys (MCCI Corporation) DRV:64bit: - (s1039obex) -- C:\Windows\SysNative\drivers\s1039obex.sys (MCCI Corporation) DRV:64bit: - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1039nd5.sys (MCCI Corporation) DRV:64bit: - (s1039mdm) -- C:\Windows\SysNative\drivers\s1039mdm.sys (MCCI Corporation) DRV:64bit: - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1039mgmt.sys (MCCI Corporation) DRV:64bit: - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\SysNative\drivers\s1039bus.sys (MCCI Corporation) DRV:64bit: - (s1039mdfl) -- C:\Windows\SysNative\drivers\s1039mdfl.sys (MCCI Corporation) DRV:64bit: - (RL_DJIFIE2_USB) -- C:\Windows\SysNative\drivers\rldjif2u.sys (Ploytec GmbH) DRV:64bit: - (RL_DJIFIE2_WDM) -- C:\Windows\SysNative\drivers\rldjif2a.sys (Ploytec GmbH) DRV:64bit: - (RL_DJIFIE2_MIDI) -- C:\Windows\SysNative\drivers\rldjif2m.sys (Ploytec GmbH) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (SRS_PremiumSound_Service) -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys () DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vhidmini.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (JmtFltr) -- C:\Windows\SysNative\drivers\JmtFltr.sys () DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys () DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (GETPADD64) -- C:\Program Files (x86)\ASUS\WinFlash\GETPADD64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/tempcleaner/{AC877D46-89A1-4D1E-91E1-BDB49287334D} IE - HKLM\..\URLSearchHook: - SOFTWARE\Classes\CLSID\\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - SOFTWARE\Classes\CLSID\\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\DealBulldog Toolbar\tbhelper.dll () IE - HKCU\..\SearchScopes,DefaultScope = {D9D829B2-7DFF-4A5C-90C0-6506364DD688} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/tempcleaner/{AC877D46-89A1-4D1E-91E1-BDB49287334D}?q={searchTerms} IE - HKCU\..\SearchScopes\{CC47177A-5DC6-42F5-B03D-CD647F85375F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=STC3&o=APN10175&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A7U&apn_dtid=^YYYYYY^YY^DE&apn_uid=DAA5F1E6-2C93-4D75-80DE-5B74868F1597&apn_sauid=C1600372-407A-4892-85EE-410FE55B2051 IE - HKCU\..\SearchScopes\{D9D829B2-7DFF-4A5C-90C0-6506364DD688}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rahman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rahman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/22 01:35:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 11:25:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/08 07:29:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/22 10:55:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/22 01:35:43 | 000,000,000 | ---D | M] [2010/02/05 17:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahman\AppData\Roaming\mozilla\Extensions [2010/02/05 17:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahman\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/04/26 14:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahman\AppData\Roaming\mozilla\Firefox\Profiles\bzar4i1z.rachi\extensions [2012/01/17 00:40:40 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Rahman\AppData\Roaming\mozilla\Firefox\Profiles\bzar4i1z.rachi\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012/04/25 11:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/25 11:25:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/18 03:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/08 16:14:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/08 16:14:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/08 16:14:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/08 16:14:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/26 01:05:31 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2011/10/08 16:14:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/08 16:14:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Private delicious = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfagpejgjjbooinnahooadnlbfhnbcid\1.3_0\ CHR - Extension: Google-Suche = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: 1Password = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkndfifopckmhdkohjeoljlbfnjhekfg\3.9.4.39499_0\ CHR - Extension: Save in Delicious = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd\1.1_0\ CHR - Extension: Google Mail = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/11/20 18:16:37 | 000,438,702 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15087 more lines... O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found. O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - Locked - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [EasyMessage] E:\Program Files (x86)\Easy Message\em2.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Jomantha] C:\tools\n52te\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [GoogleContactSync] E:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET) O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [LaunchBarCommander] E:\Program Files (x86)\LaunchBarCommander\LaunchBarCommander.exe (DonationCoder.com) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [MtdAcqu] C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WinHotKey] E:\Program Files (x86)\WinHotKey\WinHotKey.exe () O4 - Startup: C:\Users\Rahman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rahman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: In RSS Bandit abonnieren - C:\Users\Rahman\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: In RSS Bandit abonnieren - C:\Users\Rahman\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : 1Password Ctrl+Alt+AKUT - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\SysWOW64\d3dyxom5s.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CFBC708-27E0-4ACF-927A-E701D7123DBE}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CAD134E-017D-469B-91D3-CFE3E4D3594D}: NameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC6A3074-1BDD-415A-A80F-91AB11E2A17D}: NameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF365844-9F87-47D8-AA55-4BCD2EB15B71}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{42af1e3e-58e8-11e0-a639-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{42af1e3e-58e8-11e0-a639-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{458ae1d5-0c33-11e0-be50-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{458ae1d5-0c33-11e0-be50-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6eb7e275-640d-11e0-b501-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{6eb7e275-640d-11e0-b501-002243d52601}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{a6ebe72b-2853-11e1-911c-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{a6ebe72b-2853-11e1-911c-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a6ebe743-2853-11e1-911c-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{a6ebe743-2853-11e1-911c-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a6ebe76a-2853-11e1-911c-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{a6ebe76a-2853-11e1-911c-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b5ab2430-2850-11e1-8e2a-90e6bae9a26d}\Shell - "" = AutoRun O33 - MountPoints2\{b5ab2430-2850-11e1-8e2a-90e6bae9a26d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d5df726f-ff41-11df-9f3e-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{d5df726f-ff41-11df-9f3e-002243d52601}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{def33b65-8f2d-11e1-a771-002243d52601}\Shell - "" = AutoRun O33 - MountPoints2\{def33b65-8f2d-11e1-a771-002243d52601}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/04/26 01:49:35 | 000,000,000 | ---D | C] -- C:\Users\Rahman\AppData\Local\FeedDemon [2012/04/26 01:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedDemon [2012/04/26 01:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FeedDemon [2012/04/25 11:25:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/04/24 17:23:23 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/04/24 17:23:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/04/24 17:23:22 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/04/24 17:23:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/04/24 17:23:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/04/24 17:23:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/04/24 17:23:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/04/24 17:23:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/04/24 17:23:20 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/04/24 17:23:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/04/24 17:23:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/04/24 17:22:37 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/04/24 17:22:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/04/24 17:22:36 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/04/24 17:17:54 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/04/24 17:17:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/04/24 17:17:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/04/13 04:35:58 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/04/13 04:10:29 | 000,000,000 | ---D | C] -- C:\Users\Rahman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/04/13 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/04/13 03:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/13 03:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/04/13 03:55:08 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rahman\Desktop\mbam-setup-1.60.0.1800.exe [2012/03/30 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/03/30 16:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/03/30 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/03/30 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/27 03:30:28 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001UA.job [2012/04/27 03:11:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/27 02:54:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/27 00:54:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/27 00:43:41 | 000,026,278 | ---- | M] () -- C:\Users\Rahman\_viminfo [2012/04/27 00:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/26 18:40:51 | 000,032,070 | ---- | M] () -- C:\Users\Rahman\.recently-used.xbel [2012/04/26 17:45:02 | 001,817,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/26 17:45:02 | 000,769,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/04/26 17:45:02 | 000,724,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/26 17:45:02 | 000,175,866 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/04/26 17:45:02 | 000,148,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/26 01:49:33 | 000,001,867 | ---- | M] () -- C:\Users\Rahman\Desktop\FeedDemon.lnk [2012/04/26 01:33:52 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/26 01:33:52 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/26 01:26:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/04/26 01:26:30 | 000,002,459 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/04/26 01:25:04 | 3212,697,600 | -HS- | M] () -- C:\hiberfil.sys [2012/04/25 11:30:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001Core.job [2012/04/23 17:32:15 | 000,289,280 | ---- | M] () -- C:\Windows\SysNative\aptwbvy8v.dll [2012/04/20 03:36:49 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/04/20 03:36:49 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/04/18 03:03:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/04/18 03:03:51 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/04/18 03:03:51 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/04/18 03:03:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/04/13 04:34:04 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/04/13 04:10:32 | 000,002,981 | ---- | M] () -- C:\Users\Rahman\Desktop\HiJackThis.lnk [2012/04/13 04:09:29 | 001,402,880 | ---- | M] () -- C:\Users\Rahman\Desktop\HiJackThis-2-04.msi [2012/04/13 03:57:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/04/13 03:55:27 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rahman\Desktop\mbam-setup-1.60.0.1800.exe [2012/04/11 12:44:56 | 000,093,506 | ---- | M] () -- C:\Users\Rahman\Documents\kompetenz.PDF [2012/04/04 17:06:38 | 000,000,981 | ---- | M] () -- C:\Users\Rahman\Desktop\1Password.lnk [2012/04/04 17:06:11 | 000,001,004 | ---- | M] () -- C:\Users\Rahman\Desktop\Dropbox.lnk [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/03/30 16:26:10 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/03/30 16:24:41 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/03/30 11:59:03 | 000,969,043 | ---- | M] () -- C:\Users\Rahman\Documents\interkulturelle kompetenz.PDF [2012/03/30 11:56:14 | 000,078,366 | ---- | M] () -- C:\Users\Rahman\Documents\konpentenz relevanz.PDF [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/26 18:40:51 | 000,032,070 | ---- | C] () -- C:\Users\Rahman\.recently-used.xbel [2012/04/26 01:49:33 | 000,001,867 | ---- | C] () -- C:\Users\Rahman\Desktop\FeedDemon.lnk [2012/04/23 17:32:15 | 000,289,280 | ---- | C] () -- C:\Windows\SysNative\aptwbvy8v.dll [2012/04/13 04:36:41 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/13 04:10:32 | 000,002,981 | ---- | C] () -- C:\Users\Rahman\Desktop\HiJackThis.lnk [2012/04/13 04:09:27 | 001,402,880 | ---- | C] () -- C:\Users\Rahman\Desktop\HiJackThis-2-04.msi [2012/04/13 03:56:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/04/11 12:46:12 | 000,093,506 | ---- | C] () -- C:\Users\Rahman\Documents\kompetenz.PDF [2012/04/04 17:06:11 | 000,001,004 | ---- | C] () -- C:\Users\Rahman\Desktop\Dropbox.lnk [2012/03/30 16:26:10 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012/03/30 16:24:41 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/03/30 11:59:21 | 000,969,043 | ---- | C] () -- C:\Users\Rahman\Documents\interkulturelle kompetenz.PDF [2012/03/30 11:57:48 | 000,078,366 | ---- | C] () -- C:\Users\Rahman\Documents\konpentenz relevanz.PDF [2012/03/23 10:50:07 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/03/23 10:50:06 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012/02/23 15:18:11 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2012/02/22 01:27:07 | 000,234,716 | ---- | C] () -- C:\Windows\hpoins21.dat [2012/02/22 01:27:07 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat [2012/02/17 12:46:43 | 000,000,036 | ---- | C] () -- C:\Windows\SysWow64\doc2pdf_config.ini [2012/02/12 16:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll [2012/02/12 16:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll [2012/02/12 16:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll [2012/02/09 04:23:03 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_LaunchBarCommander_InstallInfo.dat [2012/02/09 04:23:03 | 000,000,058 | ---- | C] () -- C:\Users\Rahman\AppData\Local\DonationCoder_LaunchBarCommander_InstallInfo.dat [2012/02/09 03:29:23 | 000,000,000 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\Stardockfences_debug_snapshot.dat [2012/02/06 16:51:13 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2012/01/31 22:57:10 | 000,004,096 | -H-- | C] () -- C:\Users\Rahman\AppData\Local\keyfile3.drm [2012/01/15 17:53:33 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\d3dyxom5s.dll [2012/01/08 07:14:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/12/24 23:05:11 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll [2011/10/11 01:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Rahman\AppData\Local\{0809AAF6-117F-47BE-92D5-345142EAF55B} [2011/09/17 02:27:33 | 001,153,159 | ---- | C] () -- C:\Windows\SysWow64\libvorbisenc-2.dll [2011/09/17 02:27:33 | 001,138,027 | ---- | C] () -- C:\Windows\SysWow64\libfftw3-3.dll [2011/09/17 02:27:33 | 001,086,487 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll [2011/09/17 02:27:33 | 000,434,914 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll [2011/09/17 02:27:33 | 000,177,273 | ---- | C] () -- C:\Windows\SysWow64\libvorbis-0.dll [2011/09/17 02:27:33 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\libgnurx-0.dll [2011/09/17 02:27:33 | 000,047,490 | ---- | C] () -- C:\Windows\SysWow64\libvorbisfile-3.dll [2011/09/17 02:27:33 | 000,027,071 | ---- | C] () -- C:\Windows\SysWow64\libogg-0.dll [2011/09/17 02:27:33 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\libdl.dll [2011/09/17 02:25:57 | 000,029,803 | ---- | C] () -- C:\Windows\SysWow64\cyclist.exe [2011/09/17 02:25:57 | 000,014,322 | ---- | C] () -- C:\Windows\SysWow64\pdreceive.exe [2011/09/17 02:25:57 | 000,009,579 | ---- | C] () -- C:\Windows\SysWow64\pdsend.exe [2011/09/11 01:08:11 | 000,188,308 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/05/20 03:45:47 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011/04/21 21:27:07 | 000,000,600 | ---- | C] () -- C:\Users\Rahman\AppData\Local\PUTTY.RND [2011/02/20 04:37:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011/02/16 07:48:52 | 000,000,067 | ---- | C] () -- C:\Windows\A1 DVD Ripper.INI [2011/01/25 07:22:02 | 000,005,260 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\servetome-fonts.conf [2011/01/12 16:58:10 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2011/01/11 15:42:43 | 000,037,058 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010/12/29 01:28:29 | 000,000,000 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\AVSMediaPlayer.m3u [2010/12/29 01:25:00 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/12/29 01:25:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/12/16 04:05:10 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe [2010/12/14 07:48:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/11/21 19:27:31 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\virport.dll [2010/07/03 08:09:16 | 000,012,477 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\ShortcutSettings.xml ========== LOP Check ========== [2010/08/07 11:36:17 | 000,000,000 | -HSD | M] -- C:\Users\Rahman\AppData\Roaming\.# [2012/02/03 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\.purple [2011/11/18 00:18:26 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\.servetome-fontconfig [2011/09/14 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Ableton [2010/12/14 01:14:36 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Agile Web Solutions [2011/02/16 11:51:14 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\All Free DVD Ripper [2011/01/13 03:22:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Asus WebStorage [2012/01/31 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Audacity [2010/12/02 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2012/01/31 03:59:08 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\BitTorrent [2010/12/13 14:49:20 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\CD Art Display [2010/10/11 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\CheckPoint [2011/09/17 03:28:07 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Cycling '74 [2010/11/30 01:59:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Digiarty [2012/02/09 04:23:03 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\DonationCoder [2012/04/27 02:36:36 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Dropbox [2012/02/22 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\DVDVideoSoft [2012/02/22 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers [2010/12/08 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Foxit [2010/12/08 21:13:53 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Foxit Software [2012/02/15 03:30:52 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GetRightToGo [2011/01/07 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GHISLER [2012/01/18 03:14:01 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GoContactSyncMOD [2011/01/14 03:00:47 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GoodSync [2012/04/26 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\gtk-2.0 [2011/02/20 04:33:13 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Gutscheinmieze [2011/02/18 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\HandBrake [2011/08/31 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\hexler [2011/09/21 18:53:48 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\IrfanView [2011/12/24 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\iSkysoft Video Converter Ultimate [2012/02/11 21:36:13 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de) [2010/12/13 15:55:58 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\iTSfv [2010/11/30 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Jumping Bytes [2010/01/16 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Juniper Networks [2010/01/15 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Leadertech [2011/11/25 13:48:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\LinkeSOFT [2011/01/30 06:06:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Memeo [2012/02/03 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Miranda [2010/04/27 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\MobMapUpdater [2011/01/13 03:14:12 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\NCH Swift Sound [2010/04/21 03:14:45 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Nokia [2010/02/22 23:41:17 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Nokia Ovi Suite [2012/01/20 02:30:22 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Nvu [2011/11/16 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\OpenOffice.org [2010/02/22 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\PC Suite [2010/11/30 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\PersBackup5 [2011/03/23 00:13:51 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\PhotoSync [2011/10/25 23:35:52 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\RCP 6 [2011/11/18 23:13:09 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\redsn0w [2011/10/03 21:52:59 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\rinsebyreal [2012/01/17 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\RssBandit [2011/01/28 15:18:01 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Seagate [2012/02/06 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\SoftMaker [2012/02/09 03:29:14 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Stardock [2010/12/04 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\T-Mobile [2010/12/18 04:09:02 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\T-Mobile Internet Manager [2011/01/06 23:24:28 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\TeamViewer [2011/12/17 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Telekom [2011/12/17 04:35:59 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Telekom Internet Manager [2010/02/05 17:09:49 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Thunderbird [2010/12/15 04:42:14 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\tidysongs16 [2012/01/10 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\toolplugin [2012/01/15 12:56:24 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Trillian [2012/03/12 06:38:53 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\TuneUp Software [2011/01/28 17:44:43 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\WD [2011/03/25 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Windows Live Writer [2012/02/15 03:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\WordToPDF [2010/11/30 01:31:08 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Xilisoft [2012/04/21 00:47:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Ich hoffe ihr könnt mir weiterhelfen. Ich habe einiges über den Virus gelesen und hoffe, dass ich meinen Rechner nicht neu aufsetzen muss. |
|
27.04.2012, 08:45
| #2 |
| | TR/ATRAPS.Gen Meldung in Antivir Und hier noch das zweite LOG
__________________Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/27/2012 3:15:54 AM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Rahman\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 23.59% Memory free
7.89 Gb Paging File | 4.01 Gb Available in Paging File | 50.85% Paging File free
Paging file location(s): e:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 14.70 Gb Free Space | 19.73% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 41.41 Gb Free Space | 4.44% Space Free | Partition Type: NTFS
Drive E: | 208.92 Gb Total Space | 81.66 Gb Free Space | 39.09% Space Free | Partition Type: NTFS
Computer Name: SPUTNIK | User Name: Rahman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021757AA-C8EE-44A0-8C6A-27C145BCBC0C}" = lport=35722 | protocol=6 | dir=in | name=photosync |
"{081621D0-981E-4EB3-847D-5DA03A792DBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08669822-97FE-47B7-9158-AB045B422672}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{19212C3C-84D6-4A52-8327-AA3F6D523847}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19C5F5A1-5BBB-4FE7-9D43-B709840B31F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AFFC854-3786-4B09-BF7F-3003A590A0CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F11DE9A-22D3-49D5-A2FD-269AF08E5688}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DB305E8-40BE-40B9-A025-B37BE4F0A127}" = rport=10243 | protocol=6 | dir=out | app=system |
"{35D6F950-3703-4A94-BF1A-144697CD47B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E2DBA3F-30E3-4C08-BF42-3006191AF656}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56915D01-78F2-491C-AFD0-12BD6D563363}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5CC1F9B2-3F8E-42BC-904F-72F92268470F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5D954935-95CD-48AD-B446-818C3A9ADA77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DB49556-20D3-437F-96C2-BC230BB61465}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{61401B2F-CADD-4007-8B00-50B4F56EA35B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63F4BF32-F17B-46F2-A259-32E36FC66B32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79BFBD8E-E944-4F6B-A43F-ED445EC77CF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CDA2BB8-1545-487E-BCC5-6959E1C8C0C4}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD77C36E-E5A7-4575-85BE-3C825314B242}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B7B425D9-8DF0-4F24-9111-CE356B4BEB6C}" = rport=138 | protocol=17 | dir=out | app=system |
"{BA71F74E-76FF-43B8-B305-AFB50275CB88}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE7DDB8E-DE0D-4626-B298-285DE5A4C74F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF25CCCA-3768-45F3-BE85-C280921CBA71}" = rport=137 | protocol=17 | dir=out | app=system |
"{C5485C0A-2ACE-4F13-AE2B-C363096954E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6C6A257-8902-41DB-B97B-DFC85712B512}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB276834-1D70-45D7-9804-37897DFFFA8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBC73643-8CF5-4520-9225-E5C27DAA0F00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF5F2D48-1B50-4F9B-A426-5966D881624C}" = lport=445 | protocol=6 | dir=in | app=system |
"{F02C9B1E-A85A-4948-B87F-082BDD3EAF80}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00819DCF-C64B-4C40-AD2E-6FBF50FAE68E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{00FDB826-9604-4F65-87DB-4F8A397A7C00}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0183329F-F53B-4184-9403-04E4BD4F34D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{03AC73B3-AB74-49AA-9AA6-98F331178E32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{04580BE4-8893-406B-81D6-C30232071CC3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{04ABE78C-87F9-456A-9627-99304EF1DCFE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{05A8E119-7BF2-4E5A-8B4D-03D0B437428C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{08781D13-8217-462D-9298-5E78E7497715}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0902202D-9208-4213-9E24-4ABED41366DD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{090BA9E1-C4D3-4701-92D7-32FFCE694FD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A172182-8286-4EAF-B214-56F0D67B9E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{0C5842BA-1D5C-4002-857A-98DA757899F7}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0D98A1BC-BD25-47B7-BA71-B908865A8A73}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0DF8C64F-1A0A-4BFD-8E91-D2CAFEB8D9C4}" = protocol=17 | dir=in | app=e:\programme\ftp-uploader\ftpuploader.exe |
"{0E30D45C-AEDF-49EF-955D-ACB27DB8B487}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0E78D71F-FE1A-40A4-BECA-A8438B41C763}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0EA923CD-45C3-4719-966B-6548407CA845}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F76A01D-5396-4857-AB4B-709A1178F3A4}" = protocol=6 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{12BC110D-3122-469E-B6A7-E7D690379C35}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{12E440EE-4F65-4E0B-B0CD-09A2A96227C3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{1315DCFD-0EDA-430D-9B65-C5AF164F7AA9}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{139BED7D-1713-4596-9523-71277B9A608B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{143B9F63-5913-4EDF-A5FF-6E813AF7A6E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14783DD1-406F-4AC6-9611-EDF92CF86DEB}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{15F7B945-C61F-43A2-B20A-0E5E726C6430}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{16D441F0-153E-4EC6-9D30-A2DFF8937646}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{17758446-59B3-4968-8469-7D66A2B6B0A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19F2E277-8F29-4C25-AC8F-68AC51F98290}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1ACF7D25-9A35-4CE4-97E5-71584967A68A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B432697-A4DB-4B4C-8643-3ECDDEC68F2E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{1E7489BA-5D5A-4D71-BDF8-BB4299F7A8CE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{20DE0759-39CB-449F-BDC3-9AF6CC9E6C54}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{212FDF54-41E6-437D-9DC0-87D3F983F3B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{22BF1669-D2CB-4E8E-A1B4-24506A2C0F05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{24FD9F5A-8531-4AB6-AD88-DE6EF9143BAF}" = protocol=6 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"{26A4AB7A-13E8-437C-9A26-656CCCBF368D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{27EBDA86-5ED0-4E80-AAD5-AAC91ABF91A8}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{28494330-D3F6-41E0-883B-89F22C5D1510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A0ADFF9-BD8C-44EA-8996-C2FD9A983638}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{2A8E7F95-3B8A-4A0D-9596-32A0E4E679F2}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{2E61C7D2-886A-4970-9993-87914BF49F3B}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{2FB803A7-D1F6-459C-8D8E-1E6A63A15885}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{32035D65-F707-4C03-AFBE-E532C8215884}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{32CF8404-D680-4F79-B3D0-7CE1CEBD76BC}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{38E5CC09-5821-461F-9FF9-7F7C98593801}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{39ABB0C3-9C8D-42E2-9FA3-34466D052C7C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3C148422-631E-4880-90D2-1C8BB6EBB1FA}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{3CB3B186-D7C9-457F-A2A8-D8AB8FBF36D8}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{3CD0CEE0-B6D1-42F9-9085-2AF32D3BF244}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FAD7BBF-F34C-4C4C-80CA-61494E7DC7C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4038142E-8534-4D70-B16F-C22969F13068}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{417A185D-A0CB-4CB1-8F27-41B1A1CF358F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{441C7916-EF3B-4101-8D0B-5B5866708299}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{44306F78-59AA-4951-81F3-8F5FA71124F6}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{44498938-C59C-4123-85AD-B43595E8AE94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{444F650D-CB04-4B83-AC0A-82868237A463}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{4790CD1C-1484-44D4-AF9F-67B78ACABDBE}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{4A4F47B2-8089-4679-A183-3C181C6ACA7C}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{4ABF6997-694B-4646-822D-20C256509415}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{4AD05A30-2D34-414F-882A-E9CCE15562A4}" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{4C655A75-E55E-49E9-9AEA-725AC83B624F}" = protocol=6 | dir=out | app=system |
"{4E74221E-C0E7-4F88-8589-7E72F9F0220F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{5048A4B5-7C3F-4CF8-A318-2915939D628C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5131D381-B2A7-4A5F-A295-E66C45CD2186}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{51857F60-66B7-439E-8141-E73C0AB23503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{52C51A88-64AB-4504-B650-57754CCC81B6}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{53AE5C32-FAC5-40BA-8EC2-1A1BD166AFBE}" = protocol=6 | dir=in | app=c:\program files (x86)\splashdata\splashshopper for iphone\splashshopper desktop.exe |
"{5538EE88-D55F-4E24-8C0D-4D2AD2776C96}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{59406EF4-3860-4D75-B3A1-6A26FCA2E588}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{59574E6C-87F9-4517-960B-1995027D0E0A}" = protocol=17 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{5B64914B-0EF5-4C2E-88AA-6C7F1AC97CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5CED72D7-1670-47DA-9162-F8AD0ED9A82A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{5D3F2162-05DC-4834-B08D-7135DB8F3681}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D82C1EB-3A71-44E6-9D66-0CAA1F29417D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5E7ABAA5-CCA1-45D1-B84E-1EF347274F07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{5EF10C47-D51E-4251-8EF7-C8E55E9660F2}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{61DCACC4-92E4-4334-BDDD-611F63A7EE32}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{648412ED-B16D-4A64-BF5F-777943D0B816}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{64A30DCF-B278-41EE-9E85-908D40627F88}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{64DBF783-D024-48F0-84DB-93FCF87BE5BA}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{64E2E434-21BE-4950-A157-192562666737}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{68B92F2D-8DAD-4AD7-9618-499282E56225}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{68FF1848-AD90-415F-8A0A-6B702DA67555}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{6926DC2B-4B8F-47CD-8C40-8E8C450FCCA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BA78AEA-7254-495D-81AA-0550DC4563AF}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{6CCC3F2E-9BD2-4B78-9CEF-8FDA716C42F9}" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{6CE5E96D-772F-4FC3-BD35-0B88AB06892D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{71747EC6-D7D7-4901-AC35-25F5FA864812}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7198248C-96AB-4048-8628-C17FBEBFA331}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{72B95448-3631-430F-8280-1ABC9B204132}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{72BCA4F9-98EF-40D1-860D-525C387B3094}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{73088DF8-82D6-4195-B9B9-43A860F5E1F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75489286-11C1-43D3-B90E-723E61B57425}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{75F71360-880B-4639-8DBB-D1C5D86E1477}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7620B090-1E2A-4C62-95B9-0B3EECE8C870}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{77DC13A0-28EF-4CE8-9799-0126B56DB181}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{780D1812-CBE3-4077-9D6C-98F8CC350946}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7AB40F16-4402-4719-BF79-6A54328C5F5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C074D13-1727-4409-A3B4-B1A57AF85497}" = protocol=17 | dir=in | app=e:\program files (x86)\bittorrent\bittorrent.exe |
"{7D3D532F-1F4A-4EC5-8C4F-A5D02D247ACE}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7D4DCB85-257B-4CFE-B3A2-EA7C839318A9}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7DDFFA00-E949-469B-B8A1-36CF2F8EE853}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7E0B946A-6018-4140-84D8-7EAE19C991BF}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7E75F993-7FCC-4F6B-8FF5-B15380AE8F47}" = protocol=17 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{7ECDA63A-DC5F-44B6-B3AB-9351B85E7B46}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7F540334-A62B-4487-973E-84F43BEFE9ED}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7FA5409A-2D25-470D-AB0D-E83A79D03152}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{83AA3446-FE4B-4EBE-8A60-69FCE6269E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{8462C6EB-74A7-4B57-B7D1-C3DC668214DD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{84F0C345-DF2E-412A-80ED-0D9CA598C04A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{86B8B374-9B07-432A-9D88-64ED18E6565F}" = dir=in | app=c:\users\rahman\appdata\local\temp\7zs716d\setup\hpznui40.exe |
"{87E034E4-539E-4F51-93BC-6E732B711294}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{8ACF8480-B0C9-41EB-8D4E-D8CE933D24AA}" = protocol=17 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"{8C1F5E21-C5EC-4752-BCF0-0776D8DA7A94}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{8D4976CC-E4CE-4B75-9D8A-264AD35176E4}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{8FFC5DE0-B807-4A89-A5B3-E3D84274BBD2}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9114DA49-6641-45D0-B919-D0FEF566CC8A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9519D735-7D4A-4095-95D5-52551DAA5500}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{95945119-3047-41D6-BE6E-A1EC022362EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98358A78-F2BC-405D-B2E3-813BB4AD72B2}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9A7B0D92-5301-49F5-BFFF-5E788B8BD748}" = dir=in | app=%systemdrive%\tools\totalcmd\totalcmd.exe |
"{9C041C49-BEDD-4184-A1FC-9A96C14131C3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9ED0E535-C80D-4539-8A45-C2D836B76296}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9FA06E9C-961A-4176-9823-A28E3D269461}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{9FB144F8-A8CE-4FF6-88C7-0D7D9A88BDBE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A00621E0-B878-40F5-9D65-BACB0DA3CC61}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A5F22054-4349-4EBA-85BE-735AB9408EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\splashdata\splashshopper for iphone\splashshopper desktop.exe |
"{A8F89DB9-E888-400B-AE00-F002FAF06FF9}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A9AF36DE-D4A8-4F0C-9DA0-31419C52AB66}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A9CCA6C6-77CC-42C5-BBA3-ADD1199EC1B6}" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{AC042FCE-34AC-42FC-85B5-AFF046D39D8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{AC236626-7C43-47EB-8197-9A5CCB3FD915}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{AF969B63-3B7E-4EF2-A0D4-6868BBC722C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B02A0B67-2899-4967-A148-747E4E137FC7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B0A989A2-5CAC-45D3-8CF1-510C1F2B2C07}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B18F349B-C54E-467B-80F6-0CBDF00CD802}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2452230-BBD1-4D6B-AFE7-CBF76D4A6177}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B52779F1-FDE8-40B9-96EB-C49C115116D8}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B5281240-9659-4618-B6B3-83B99CFA85D9}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B5EB5984-38E8-48C6-9D45-D7CDA5E7097A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B70FB715-7454-4976-A6DB-A21670A7EB62}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B8B493F3-9B39-48A4-880D-59ECC6C4C17E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BAD15783-95C1-4B2B-8764-1801CC7B4B0E}" = protocol=6 | dir=in | app=e:\programme\ftp-uploader\ftpuploader.exe |
"{BB3E4CED-AEDA-4E44-8992-B5EBB6991F6C}" = protocol=6 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{BC0CD23A-C648-42F0-8613-341A07A1766F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BDE22C40-3B22-49D9-B5EC-883A0F42829D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BE0352A2-98D3-4171-BFEA-0A178638E3FD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BE23282A-4954-48B8-8AB1-FBD4B9E37218}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{BEEF2B29-1DF6-4C9B-8582-CEAB244B8046}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BF08F666-3C76-4FC4-A7BB-BB23D1C60371}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BFB16578-C547-4C92-B448-49B74CB79EA2}" = dir=in | app=c:\program files (x86)\skype\ |
"{C11C8D10-947F-44A9-BD32-E8A60DF5E571}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C36149A3-3156-435F-B9D9-F8C16005EC34}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C5B45567-21A2-4ED6-BAB3-B60B9FB93EBC}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C692DA99-797C-4FA7-B1BA-14EAF72E1522}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7986D31-3245-4146-A592-6ABD2257C8EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C97B0867-64B3-4B3A-92FE-346299CBFF00}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C9835078-5D89-471A-8F5B-6600B6B3E62C}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C9E163CF-963F-493C-9F74-1C29464FBA1B}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{CC76C097-481E-46B1-803C-57E54F8B1F7E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D032E111-2800-49B2-9301-4E702A0EE89B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D0B74D52-C28D-4A40-95D5-9F6E95083D95}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D0FFD8E7-ECA8-43DE-9E0E-032E543E641D}" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{D260B7D0-C699-46F4-9508-D369A2B6A4CB}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D306E576-68BA-4B9B-971C-6062A0AA3108}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D35EC545-130C-4676-97B8-640D98EC4E0F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D7BA24F7-BF5B-4051-86AA-E42DA2773DA3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D94010A1-7A79-4909-A27C-A713789D5BFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{DADDC3A8-2A10-4B69-8B46-96B52B7E0EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DB3B3027-EAFC-422A-9362-65F3A7DB360E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{DB5AE90B-CF9C-4735-BA8C-826337DCD009}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC781E3F-E472-4179-BFB5-62CB68AB0BA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DCF1D948-441A-42B1-81EE-AC15539152BB}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{DD2FEA10-C038-488D-A50B-ED0935E0D17A}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{DD6D4BA2-C109-4271-B61C-524E94C87D11}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{DF45DA4F-0359-476B-B1AD-06E64F719841}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E1A4422A-216C-4706-8861-0781EDEAE728}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{E200E6AC-D738-4B41-96E4-592B6EF28F6B}" = protocol=6 | dir=in | app=e:\program files (x86)\bittorrent\bittorrent.exe |
"{E4BECFA1-20FE-4612-AA53-5327E75A534F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E4EDD8FB-6244-4C8E-9DD4-E9F548E437CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{E543624A-E860-4D91-8D17-4600FC8533CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E67BFBEA-D1B4-42C5-B9F9-718701838B54}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E6BDA648-8DE0-4146-AE3C-2DBF159AEFDD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E8E26653-5071-40A2-9C7A-14387D0C7FCE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E9309CC8-FC7A-4860-9D7A-8C87DCE14208}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{E960765E-3483-40BD-9E1D-A8FA7F864199}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{EAA99B16-7E8A-43D1-A115-1A341EEE3A2C}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{EB28902F-8977-4C5D-BFA9-1EF70406DD7E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{ECFFA522-16D9-4B72-AF27-1ACD81801852}" = protocol=6 | dir=in | app=c:\program files\displaylink core software\displaylinkmanager.exe |
"{EDB5DC77-94CD-4586-9D0F-C3EA6FF6A5CC}" = protocol=17 | dir=in | app=c:\program files\displaylink core software\displaylinkmanager.exe |
"{EFBE882C-D736-4292-8AEC-7135F7441A76}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F03D2A46-F186-4525-82BA-659193B97AB6}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F18DA97A-7E9D-47ED-9799-6BFA8953418D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F92E838E-4933-4CF2-A1DA-16C82CB948F4}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F95F54D9-825A-4025-A333-CDEFF7CF21AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FA959F18-E6EA-44CD-B60C-E961F80BDA8F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{FC451163-7925-40F3-99C5-FD5EFCAEEDC2}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{FE4414BE-8A45-4F61-B1A4-C97FC0D465AC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FE7A685A-ECAE-49EA-AFCC-05B8633F9BDC}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{FFA3969F-BCD1-4E6D-B21D-DE5403CC0FD1}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"TCP Query User{0D24EFBE-377B-48EF-84BA-436FC61AFD6D}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe |
"TCP Query User{145554F9-1318-49DA-B23A-7C3196958642}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"TCP Query User{24EC778B-C421-42A4-B982-70AFAFB2156D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{29D43BA8-C4C4-4FCE-BF75-41C295B3955B}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe |
"TCP Query User{396D71DF-0EB0-42A0-9E37-5536104983E1}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe |
"TCP Query User{46913AE2-8AD3-43E6-AAB5-9680E479A44E}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{46E6E5AE-B578-46C0-8972-F17387E4D329}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{5C5400AC-B796-49C2-B0CC-169D1773108E}C:\windows\syswow64\doc2pdf_service.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"TCP Query User{60D813C2-E252-4B43-BE76-3BA70C7CA909}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{64B26007-26E3-4C1D-A59F-8F1715D3E02B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6E026E55-0CE4-4D83-B394-BE603AE739A6}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"TCP Query User{6E270442-E9A5-4FA3-8937-526D95FFF638}C:\tools\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\tools\eclipse\eclipse.exe |
"TCP Query User{775521D9-F24C-4661-9B9F-3B3B41D2B8B7}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=6 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"TCP Query User{787032D3-B377-41E2-BF55-3C4CC677FAC5}G:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=g:\wd discovery software\wd discovery.exe |
"TCP Query User{82045D52-8BFB-429F-A5B6-670BFE4B58FD}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe |
"TCP Query User{85CD862F-7553-4EB7-B84F-8F25CDCD5C44}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe |
"TCP Query User{88C2C1BB-BFE0-45DE-9221-843964FBDD0A}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"TCP Query User{8AF55983-8D64-40E6-9BEA-2E06689C091D}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe |
"TCP Query User{8E6AFA0D-C977-4AE9-A193-92A83FF2947A}E:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{8E7196B5-1146-4DF9-84AA-580200541002}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe |
"TCP Query User{94DA3D38-16A5-4DA5-9D9C-7FC1CD11C2E5}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{976005B3-084D-4883-8C69-DD6544A51879}E:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{9E06C501-D98E-4FE8-8396-D96E1C35ABBA}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{9E585DBD-9D31-4F39-BB14-02151822BAA0}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=6 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"TCP Query User{9F5C8A23-9248-4B05-9295-0DE835EE2635}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{AAB0DC68-FDF5-47EE-8F02-BD805AFD6988}C:\tools\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"TCP Query User{ABA34A84-AF9C-446D-979A-25E4522B157F}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{ACD75B99-008B-4FA0-B3ED-E1141F27FAA4}E:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{B1029FC1-127D-454E-888D-004B761C11D9}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe |
"TCP Query User{B4FAD8DE-93C1-44EB-AC99-1A2DBB895BC5}C:\users\rahman\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\rahman\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B9AA430C-D49C-4ED2-A0C0-E922B5175723}C:\tools\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"TCP Query User{C8660145-0788-47D0-BDD9-48DA0289AA8E}C:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe |
"TCP Query User{CE3F9C3A-E8B9-4E4A-9A67-F5D36164B686}C:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D08EE191-B152-4071-BB0C-6B3B4DEBAA46}E:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{D396FEDE-27BE-42E4-94B4-4D8BF08054E3}E:\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\repair.exe |
"TCP Query User{D70B0D54-FEFC-4EA1-86E6-E9F49BB082FA}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{E13D09AE-7D4D-4629-B6A4-63EDD11CDEA7}C:\windows\syswow64\doc2pdf_service.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"TCP Query User{EA03F60B-81B3-4F9E-9D20-A68EF2F60023}C:\program files (x86)\java\jdk1.6.0_20\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\java.exe |
"TCP Query User{F8A59106-6731-422D-B6A0-5AF402E59B07}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"UDP Query User{059AC2C2-F3D9-4639-B3E6-088283F93426}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{237F82E5-C140-4775-95AD-4B81A9EBE775}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{2A2B5EE6-98A8-4F86-AA8B-48ED41726E07}C:\tools\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"UDP Query User{38C68CB6-7D43-46C1-A9A2-06C82FEDCCFF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4BABAB24-92D7-4C01-851B-0347CC84AE15}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"UDP Query User{56FD95AA-DB3F-467E-A008-BB50D7AF5723}E:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{585CEDA4-FE04-4FBE-B07E-A22475C99965}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"UDP Query User{6A5FC119-456B-4562-A478-50F15394B39D}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe |
"UDP Query User{6F6CA0E3-D7FC-4F5D-860C-6B3DB656AE27}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe |
"UDP Query User{705AA028-2446-426B-86E4-24F3A9EA520B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{71ABBD0F-CFD9-4D03-B1E7-C336F9F41B13}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe |
"UDP Query User{758A8B1E-0D28-449D-A6FB-F0A0490AB8FE}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{774FC265-D624-4BEA-B263-44DDD9BB3BC2}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe |
"UDP Query User{774FC8E8-9931-49C3-B6C3-504603C3D3E3}C:\users\rahman\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\rahman\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{8460E644-7D1B-47D0-AFD1-83D7EFE4A5EB}C:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{85336369-3959-4920-8782-022A5968FB29}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=17 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"UDP Query User{8D81D673-6DBF-477E-B952-5E8143A57E5E}C:\tools\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"UDP Query User{8E0D6B3B-183A-4DE8-B60A-BDAFFEB66B07}E:\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\repair.exe |
"UDP Query User{92742F24-EB43-45C2-9EEF-DE2833B04E1D}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"UDP Query User{965F9B41-C61F-4B97-A01C-99759990472A}E:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{9FDFCD91-7AC0-4C5C-9F7D-59F863696177}C:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe |
"UDP Query User{A32DFFFD-D6D0-46E1-804D-5FC0F28DC5B6}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{A38B33BA-8FB2-4B2A-9A8B-AD4604279730}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=17 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"UDP Query User{B4362D99-3AE5-451A-AD9B-4844C536F711}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe |
"UDP Query User{BF4C40D7-F390-4E71-97A0-3D70C3CEB226}C:\windows\syswow64\doc2pdf_service.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"UDP Query User{BFF935BB-4EBA-4FE7-9A93-BB9DA59F6105}C:\windows\syswow64\doc2pdf_service.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"UDP Query User{C508BBD2-022C-43D9-80E5-B6968DB2AA08}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{C52F0F04-51A6-41F7-926D-D0C15A860CF7}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{CF645C23-9225-47A3-A368-B2A89154D185}E:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D12499C7-584B-47A3-BD02-8F71D405BE34}C:\tools\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\tools\eclipse\eclipse.exe |
"UDP Query User{D3E09174-1C79-4FDD-A4CB-0CEEE723AC9D}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"UDP Query User{D7A439E3-6710-406A-9F53-8D8CD611123C}G:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=g:\wd discovery software\wd discovery.exe |
"UDP Query User{DD078CC2-03F2-42AD-B5D4-A8DFA6921A47}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E28674E2-965B-45BE-AF08-E60B9BD9E0F6}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe |
"UDP Query User{E6930D47-7FED-42B3-9D7A-2C199F5F2849}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"UDP Query User{ECEC0DB7-89CD-4369-A7AF-0ACB8C225CB4}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe |
"UDP Query User{ED778649-B659-477F-88FF-9F0CAEFBA494}E:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"UDP Query User{FC58D2F1-C384-415F-9EA0-C6BAE83FF65F}C:\program files (x86)\java\jdk1.6.0_20\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\java.exe |
"UDP Query User{FEE59B30-C447-4590-B49F-4F0162FC0CC2}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour-Druckdienste
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{621B8613-153C-46CC-BA86-BDBCA6C96C7B}" = DisplayLink iPad Software
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE6790D2-29EA-4642-A2AD-B6852F82F66E}" = DisplayLink Graphics
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D92C2B8D-F372-4920-BDB3-AA0BDD613BC2}" = PhotoSync
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ICP install2_is1" = ICP 9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB_AUDIO_DEusb-audio.deRLDJIF2" = Digital Jockey - IE2
"Vim 7.3" = Vim 7.3 (self-installing)
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.05.02.02
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBE6C15-21D4-4F88-AB52-72446A6C6429}" = RssBandit
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{60D6618B-153F-4353-8185-908E676E5888}" = ASUS FancyStart
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{968A6AD3-E1BB-290E-D92B-AA9AB2702080}" = Rinse
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD937297-84C3-41A5-B5DF-1FAEEE669D68}" = rtpMIDI
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1Password_is1" = 1Password 1.0.9.291
"7-Zip" = 7-Zip 9.20
"Ableton Live_is1" = Ableton Live v6.0.7
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All Free DVD Ripper_is1" = All Free DVD Ripper 5.2.6
"ASIO4ALL" = ASIO4ALL
"ASUS_ScreenSaver_GSeries" = ASUS_ScreenSaver_GSeries
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"BitTorrent" = BitTorrent
"conduitEngine" = Conduit Engine
"DealBulldog Toolbar" = DealBulldog Toolbar
"Doro_is1" = Doro 1.54
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedDemon_is1" = FeedDemon
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Freeware Faktura" = Freeware Faktura 2012.01.25
"ftp-uploader" = ftp-uploader
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"GPL Ghostscript 9.05" = GPL Ghostscript
"HandBrake" = HandBrake 0.9.5
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 3.2.1.0)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MenuCommander_is1" = LaunchBar Commander 1.129.01
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.42
"MobMap_is1" = MobMap 3.53
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Nvu_is1" = Nvu 1.0
"OpenSSL Light (32-bit)_is1" = OpenSSL 1.0.0g Light (32-bit)
"pd_is1" = Pd-0.42.5-extended
"Picasa 3" = Picasa 3
"rinsebyreal" = Rinse
"ServeToMe_is1" = ServeToMe 3.6.4.4
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"SplashShopper iPhone Desktop" = SplashShopper iPhone Desktop 3.0.2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 7" = TeamViewer 7
"Telekom Internet Manager" = Telekom Internet Manager
"Temp File Cleaner" = Temp File Cleaner
"TextMaker Viewer" = TextMaker Viewer
"Totalcmd" = Total Commander (Remove or Repair)
"touchAble Server & Scripts 1.2.0-r1" = touchAble Server & Scripts
"Trillian" = Trillian
"VMware_Player" = VMware Player
"VMware_Workstation" = VMware Workstation
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinHotKey_is1" = WinHotKey 0.70
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Softonic Toolbar Updater
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
27.04.2012, 13:20
| #3 |
| /// Malware-holic   | TR/ATRAPS.Gen Meldung in Antivir hi
__________________vorbereitung: lade lspfix: LSPfix - Freeware - DE - Download.CHIP.eu dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\aptwbvy8v.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\SysWOW64\d3dyxom5s.dll ()
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. führe lspfix aus • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. Drücke bitte die  + E Taste.
__________________ |
|
27.04.2012, 15:21
| #4 |
| | TR/ATRAPS.Gen Meldung in Antivir Hallo, erstmal danke für die prompte Hilfe. Das upload des ZipFiles hat geklappt. Das packen der Ordners MovedFiles hat nicht ganz geklappt Eine Datei C:\_OTL\MovedFiles\04272012_160433\C_Windows\SysNative\aptwbvy8v.dll konnte nicht geöffnet werden und wurde dem zip file nicht hinzugefügt. Ich habe die Datei mit Antivit in den QUarantänebereich verschoben. Hier die Meldung von Antivir Name: TR/Mediyes.EB.1 Entdeckt am: 24/04/2012 Art: Trojan In freier Wildbahn: Nein Gemeldete Infektionen: Niedrig Verbreitungspotenzial: Niedrig Schadenspotenzial: Niedrig Dateigröße: 289280 Bytes MD5 Prüfsumme: 130ca53bb6f270a54cab5db7545b8c50 VDF Version: 7.11.28.140 - Dienstag, 24. April 2012 IVDF Version: 7.11.28.140 - Dienstag, 24. April 2012 Und hier der Text der Datei die nach dem Neustart des Rechners geöffnet wurde Code:
ATTFilter All processes killed
========== OTL ==========
Error: Unable to stop service LanmanWorkstation!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully.
C:\Windows\SysNative\aptwbvy8v.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000011\ deleted successfully.
File C:\Windows\SysWOW64\d3dyxom5s.dll not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: admin
User: All Users
User: AppData
User: Default
User: Default User
User: Public
User: Rahman
->Flash cache emptied: 14305 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: admin
User: All Users
User: AppData
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Rahman
->Temp folder emptied: 31631084 bytes
->Temporary Internet Files folder emptied: 218636070 bytes
->Java cache emptied: 351427 bytes
->FireFox cache emptied: 722774230 bytes
->Google Chrome cache emptied: 281886657 bytes
->Apple Safari cache emptied: 874496 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1986121 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1266902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102427 bytes
RecycleBin emptied: 6247748626 bytes
Total Files Cleaned = 7,160.00 mb
OTL by OldTimer - Version 3.2.42.1 log created on 04272012_160433
Files\Folders moved on Reboot...
C:\Users\Rahman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3536.log moved successfully.
Registry entries deleted on Reboot...
|
|
27.04.2012, 16:35
| #5 | |
| /// Malware-holic | TR/ATRAPS.Gen Meldung in Antivir ok thx Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.04.2012, 00:34
| #6 |
| | TR/ATRAPS.Gen Meldung in Antivir So, habe Combofix ausgeführt und hier das Ergebnis: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-04-27.02 - Rahman 28.04.2012 0:47.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4085.2648 [GMT 2:00]
ausgeführt von:: c:\users\Rahman\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\DealBulldog Toolbar\affid.dat
c:\program files (x86)\DealBulldog Toolbar\alert_plugin.dll
c:\program files (x86)\DealBulldog Toolbar\basis.xml
c:\program files (x86)\DealBulldog Toolbar\CustomTabPage.dll
c:\program files (x86)\DealBulldog Toolbar\icons.bmp
c:\program files (x86)\DealBulldog Toolbar\info.txt
c:\program files (x86)\DealBulldog Toolbar\install.ico
c:\program files (x86)\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files (x86)\DealBulldog Toolbar\mbback.bmp
c:\program files (x86)\DealBulldog Toolbar\mbbigopen.bmp
c:\program files (x86)\DealBulldog Toolbar\mbclose.bmp
c:\program files (x86)\DealBulldog Toolbar\mbfwd.bmp
c:\program files (x86)\DealBulldog Toolbar\mbsep.bmp
c:\program files (x86)\DealBulldog Toolbar\nav1c.bmp
c:\program files (x86)\DealBulldog Toolbar\somoto.dll
c:\program files (x86)\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.inf
c:\program files (x86)\DealBulldog Toolbar\tbhelper.dll
c:\program files (x86)\DealBulldog Toolbar\TbHelper2.exe
c:\program files (x86)\DealBulldog Toolbar\uninstall.exe
c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files (x86)\DealBulldog Toolbar\update.exe
c:\program files (x86)\DealBulldog Toolbar\version.txt
c:\programdata\FullRemove.exe
c:\users\Rahman\AppData\Local\TempDIR
c:\users\Rahman\AppData\Roaming\.#
c:\users\Rahman\AppData\Roaming\Mozilla\Firefox\Profiles\bzar4i1z.rachi\weave\toFetch
c:\windows\IsUn0407.exe
c:\windows\jestertb.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd11.dll
c:\windows\SysWow64\dlumd9.dll
E:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-27 bis 2012-04-27 ))))))))))))))))))))))))))))))
.
.
2012-04-27 14:10 . 2012-04-27 14:10 -------- d-----w- c:\users\Rahman\AppData\Roaming\EurekaLog
2012-04-27 14:04 . 2012-04-27 14:15 -------- d-----w- C:\_OTL
2012-04-25 23:49 . 2012-04-25 23:49 -------- d-----w- c:\users\Rahman\AppData\Local\FeedDemon
2012-04-25 23:49 . 2012-04-25 23:49 -------- d-----w- c:\program files (x86)\FeedDemon
2012-04-25 09:25 . 2012-04-25 09:26 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 09:25 . 2012-04-25 09:25 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 09:25 . 2012-04-25 09:25 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 15:22 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-24 15:22 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-24 15:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-24 15:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-24 15:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-24 15:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-24 15:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-24 15:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-24 15:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-24 15:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-13 02:35 . 2012-04-20 01:36 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 02:10 . 2012-04-13 02:10 388096 ----a-r- c:\users\Rahman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-13 01:57 . 2012-04-13 01:57 -------- d-----w- c:\program files (x86)\Ask.com
2012-04-13 01:56 . 2012-04-13 01:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-30 14:24 . 2012-03-30 14:24 -------- d-----w- c:\program files\iPod
2012-03-30 14:24 . 2012-03-30 14:24 -------- d-----w- c:\program files\iTunes
2012-03-30 14:24 . 2012-03-30 14:24 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 23:26 . 2010-03-27 14:04 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-20 01:36 . 2011-05-30 00:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 01:03 . 2010-04-20 20:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2011-09-22 19:38 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-02-17 06:38 . 2012-03-14 05:25 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:25 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:25 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-12 14:55 . 2012-02-12 14:55 0 ----a-w- c:\windows\system32\dlumd9.dll
2012-02-12 14:55 . 2012-02-12 14:55 0 ----a-w- c:\windows\system32\dlumd11.dll
2012-02-12 14:55 . 2012-02-12 14:55 0 ----a-w- c:\windows\system32\dlumd10.dll
2012-02-10 06:36 . 2012-03-14 05:25 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:25 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 05:25 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 13:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MtdAcqu"="c:\program files (x86)\Creative\MediaSource5\MtdAcqu.exe" [2008-10-30 278528]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"GoogleContactSync"="e:\program files (x86)\WebGear\GO Contact Sync\GOContactSync.exe" [2012-01-18 862208]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"WinHotKey"="e:\program files (x86)\WinHotKey\WinHotKey.exe" [2004-11-11 480768]
"LaunchBarCommander"="e:\program files (x86)\LaunchBarCommander\LaunchBarCommander.exe" [2011-11-21 4483072]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-02 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"Jomantha"="c:\tools\n52te\razerhid.exe" [2007-12-12 163840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]
"DataCardMonitor"="c:\program files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe" [2011-12-17 253952]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2012-03-31 2204424]
"EasyMessage"="e:\program files (x86)\Easy Message\em2.exe" [2004-06-27 538624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Rahman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rahman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-15 1207312]
Miranda IM.lnk - e:\program files (x86)\Miranda IM\miranda32.exe [2012-1-23 820309]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]
R3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\DRIVERS\bomebus.sys [x]
R3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-18 79360]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.24075.0.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GETPADD64;GETPADD64;c:\program files (x86)\ASUS\WinFlash\GETPADD64.SYS [2007-09-04 13880]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RL_DJIFIE2_MIDI;Digital Jockey - IE2 WDM MIDI Device;c:\windows\system32\drivers\rldjif2m.sys [x]
R3 RL_DJIFIE2_USB;usb-audio.de driver for Reloop Digital Jockey - IE2;c:\windows\system32\Drivers\rldjif2u.sys [x]
R3 RL_DJIFIE2_WDM;Digital Jockey - IE2 WDM Audio;c:\windows\system32\drivers\rldjif2a.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe [2012-03-31 768776]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~2\GFI\GFIBAC~1\GFIHInst.exe [2010-07-30 858480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2010-11-27 1126400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:36]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 03:40]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 03:40]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001Core.job
- c:\users\Rahman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 03:08]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001UA.job
- c:\users\Rahman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 03:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"combofix"="c:\combofix\CF10694.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{AC877D46-89A1-4D1E-91E1-BDB49287334D}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: In RSS Bandit abonnieren - c:\users\Rahman\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8}
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8CAD134E-017D-469B-91D3-CFE3E4D3594D}: NameServer = 10.111.81.129 10.129.32.1
TCP: Interfaces\{BC6A3074-1BDD-415A-A80F-91AB11E2A17D}: NameServer = 10.111.81.129 10.129.32.1
FF - ProfilePath - c:\users\Rahman\AppData\Roaming\Mozilla\Firefox\Profiles\bzar4i1z.rachi\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
Toolbar-Locked - (no file)
Notify-LBTWlgn - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3097918765-73550788-2010583491-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96657FD0-477C-D1F4-1A9A-B0BA7C3D579C}*]
@Allowed: (Read) (RestrictedCode)
"oaicmhbkmbnepodnjaaonclfihgbhl"=hex:64,61,69,61,6d,66,63,64,00,fc
"oaeddlllejndjhbmjpnffdilnoohnd"=hex:6b,61,6c,61,69,66,6c,62,66,6b,6f,61,6f,6d,
68,6c,6e,64,6c,6a,62,6f,00,00
"naoajkielloemabklbbgjihiaibd"=hex:6b,61,6c,61,69,66,6c,62,66,6b,6f,61,6f,6d,
68,6c,6e,64,6c,6a,62,6f,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\GFI\GFIBAC~1\GFIHSC~1.EXE
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-28 01:27:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-27 23:27
.
Vor Suchlauf: 19 Verzeichnis(se), 18.644.316.160 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 18.004.942.848 Bytes frei
.
- - End Of File - - CB8E68791B9A697628C817D047DAF936
|
|
30.04.2012, 15:42
| #7 |
| /// Malware-holic | TR/ATRAPS.Gen Meldung in Antivir hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.05.2012, 13:17
| #8 |
| | TR/ATRAPS.Gen Meldung in Antivir Maleware ist durchgelaufen und hat keinen Fehler gefunden. Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.30.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rahman :: SPUTNIK [Administrator] 01.05.2012 10:56:50 mbam-log-2012-05-01 (10-56-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 928638 Laufzeit: 2 Stunde(n), 59 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
01.05.2012, 16:33
| #9 |
| /// Malware-holic | TR/ATRAPS.Gen Meldung in Antivir hi, gabs noch avira funde? lade den CCleaner standard: CCleaner Download - CCleaner 3.18.1707 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2012, 02:11
| #10 |
| | TR/ATRAPS.Gen Meldung in Antivir Hi, also Antivir hat seit meiner ersten Aktion die ihr mir hier im Forum aufgetragen habt keine Meldung mehr gebracht. Hier die Liste meine Programme Code:
ATTFilter 1Password 1.0.9.291 AgileBits 03.04.2012 26,1MB notwendig 7-Zip 9.20 15.11.2011 notwendig Ableton Live v6.0.7 AiR, Inc. 07.10.2011 notwendig Acrobat.com Adobe Systems Incorporated 17.11.2009 1,61MB 1.6.65 notwendig Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 17.11.2009 unbekannt Adobe AIR Adobe Systems Incorporated 02.10.2011 2.7.1.19610 notwendig Adobe Download Manager NOS Microsystems Ltd. 25.10.2010 1.6.2.91 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.01.2011 10.0.12.36 notwendig Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 19.04.2012 6,00MB 11.2.202.233 notwendig All Free DVD Ripper 5.2.6 AllFreeVideoSoft Co., Ltd. 15.02.2011 26,6MB notwendig Apple Application Support Apple Inc. 11.03.2012 61,0MB 2.1.7 notwendig Apple Mobile Device Support Apple Inc. 11.03.2012 24,9MB 5.1.1.4 notwendig Apple Software Update Apple Inc. 12.11.2011 2,38MB 2.1.3.127 notwendig ASIO4ALL Michael Tippach 15.09.2011 2.10 notwendig ASUS AI Recovery ASUS 17.11.2009 2,89MB 1.0.6 notwendig ASUS FancyStart ASUSTeK Computer Inc. 17.11.2009 10,5MB 1.0.5 notwendig ASUS LifeFrame3 ASUS 17.11.2009 27,7MB 3.0.20 notwendig ASUS Live Update ASUS 17.11.2009 2.5.9 notwendig ASUS Power4Gear Hybrid ASUS 17.11.2009 10,8MB 1.1.22 notwendig ASUS SmartLogon ASUS 17.11.2009 10,9MB 1.0.0007 notwendig ASUS Splendid Video Enhancement Technology ASUS 17.11.2009 24,4MB 1.02.0028 notwendig ASUS Virtual Camera asus 17.11.2009 3,15MB 1.0.17 notwendig ASUS_ScreenSaver_GSeries 17.11.2009 unbekannt Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 17.11.2009 1.0.0.7 notwendig ATK Generic Function Service ATK 17.11.2009 1.00.0008 unbekannt ATK Hotkey ASUS 17.11.2009 5,70MB 1.0.0050 notwendig ATKOSD2 ASUS 17.11.2009 8,08MB 7.0.0005 unbekannt Audacity 1.3.12 (Unicode) Audacity Team 03.12.2010 32,6MB notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH 12.02.2012 61,8MB 10.2.0.707notwendig AviSynth 2.5 25.02.2010 notwendig BeatportDownloader Beatport LLC 01.12.2010 1.003 notwendig BitTorrent BitTorrent Inc. 21.01.2012 7.6.0 notwendig Bonjour Apple Inc. 12.11.2011 2,00MB 3.0.0.10 notwendig Bonjour-Druckdienste Apple Inc. 12.11.2011 3,21MB 2.0.2.0 notwendig CCleaner Piriform 01.05.2012 3.18 notwendig ControlDeck ASUS 17.11.2009 1,82MB 1.0.4 notwendig Creative MediaSource 5 Creative Technology Limited 17.11.2009 5.00 unbekannt CyberLink LabelPrint CyberLink Corp. 17.11.2009 88,6MB 2.5.1720 notwendig CyberLink Power2Go CyberLink Corp. 17.11.2009 108,1MB 6.1.2713 notwendig Debugging Tools for Windows (x64) Microsoft Corporation 12.01.2011 39,8MB 6.12.2.633 unbekannt DHTML Editing Component Microsoft Corporation 19.12.2011 0,54MB 6.02.0001 notwendig Digital Jockey - IE2 20.11.2010 notwendig DisplayLink Core Software DisplayLink Corp. 11.02.2012 20,9MB 5.6.31854.0 notwendig DisplayLink Graphics DisplayLink Corp. 19.01.2010 1,93MB 5.2.21675.0 notwendig DisplayLink iPad Software DisplayLink Corp. 11.02.2012 1,30MB 5.6.33227.0 notwendig Doro 1.54 CompSoft 22.03.2010 notwendig Driver Sweeper 2.1.0 Phyxion.net 25.08.2010 unbekannt Dropbox Dropbox, Inc. 28.02.2012 1.2.52 notwendig DVD Shrink 3.2 DVD Shrink 17.02.2011 notwendig Express Gate DeviceVM, Inc. 17.11.2009 383MB 1.2.13.23 unbekannt Fast Boot ASUS 17.11.2009 1,45MB 1.0.4 unbekannt FeedDemon NewsGator Technologies, Inc. 25.04.2012 11,9MB 4.0.0.22 notwendig Foxit Reader Foxit Corporation 07.12.2010 11,1MB 4.3.0.1110 notwendig Freeware Faktura 2012.01.25 IT-Service Christian Hau 10.02.2012 2012.01.25 notwendig ftp-uploader Firma Gregor Schommer Systemberatung, Raderthaler Str. 31, D-50968 Köln 22.01.2012 3.3.0.0 notwendig GFI Backup 2009 - Home Edition GFI Software Ltd. 05.12.2010 3.0 notwendig GIMP 2.6.11 The GIMP Team 25.10.2011 107,7MB 2.6.11 notwendig GO Contact Sync Mod WebGear, Create Software, Stru.be, saller.NET 14.01.2012 2,76MB 3.5.7 notwendig Google Chrome Google Inc. 15.01.2010 18.0.1025.162 notwendig GPL Ghostscript Artifex Software Inc. 14.02.2012 9.05 notwendig GPL Ghostscript Artifex Software Inc. 25.10.2011 9.04 notwendig HP Customer Participation Program 13.0 HP 21.02.2012 13.0 notwendig HP Imaging Device Functions 13.0 HP 21.02.2012 13.0 notwendig HP Photosmart All-In-One Driver Software 13.0 Rel. 2 HP 21.02.2012 13.0 notwendig HP Smart Web Printing 4.51 HP 21.02.2012 4.51 notwendig HP Solution Center 13.0 HP 21.02.2012 13.0 notwendig HP Update Hewlett-Packard 23.02.2012 3,98MB 5.003.001.001 notwendig iCloud Apple Inc. 11.03.2012 33,2MB 1.1.0.40 notwendig ICP 9.0 24.10.2011 0,91MB unbekannt ImageConverter Plus 8.0 fCoder Group, Inc. 24.10.2011 75,2MB 8.0.105 (build: 110201) notwendig IrfanView (remove only) Irfan Skiljan 20.09.2011 1,50MB 4.30 notwendig iSkysoft Video Converter Ultimate(Build 3.2.1.0) iSkysoft Software 23.12.2011 111,5MB notwendig iTunes Apple Inc. 29.03.2012 156,9MB 10.6.1.7 notwendig Java(TM) 6 Update 22 Oracle 15.11.2011 97,1MB 6.0.220 notwendig Java(TM) 6 Update 31 Oracle 17.04.2012 95,1MB 6.0.310 notwendig Java(TM) SE Development Kit 6 Update 20 Sun Microsystems, Inc. 19.04.2010 140,8MB 1.6.0.200 notwendig Juniper Networks Host Checker Juniper Networks 15.01.2010 6.3.0.14357 notwendig Juniper Networks Setup Client Juniper Networks 15.01.2010 0,78MB 1.3.2.12875 notwendig Juniper Networks Setup Client Activex Control Juniper Networks 15.01.2010 1.3.1.6 notwendig LaunchBar Commander 1.129.01 08.02.2012 6,55MB notwendig Logitech SetPoint Logitech 14.01.2010 17,00KB 4.80 notwendig Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 29.04.2012 18,0MB 1.61.0.1400 notwendig Media Player Classic - Home Cinema v1.4.2499.0 MPC-HC Team 28.12.2010 30,9MB 1.4.2499.0 unbekannt Medieval CUE Splitter Medieval Software 14.12.2010 1,66MB 1.2.0 unbekannt Memeo Instant Backup Memeo Inc. 29.01.2011 4.60.0.7876 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.07.2010 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.01.2011 2,94MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 12.01.2011 52,0MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 12.01.2011 10,7MB 4.0.30319 notwendig Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 05.01.2012 83,5MB 4.0.30319 notwendig Microsoft Help Viewer 1.1 Microsoft Corporation 22.01.2012 3,97MB 1.1.40219 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 06.12.2011 12.0.6612.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 09.10.2011 7,95MB 14.0.5130.5003 notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 02.06.2010 0,50MB 2.0.4024.1 notwendig Microsoft Office Outlook Connector Microsoft Corporation 21.03.2011 3,36MB 14.0.5118.5000 notwendig Microsoft Silverlight Microsoft Corporation 17.02.2012 220MB 4.1.10111.0 notwendig Microsoft Speech Recognition Engine 4.0 (English) 13.05.2010 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.01.2010 1,72MB 3.1.0000 notwendig Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 05.01.2012 notwendig Microsoft SQL Server 2008 Browser Microsoft Corporation 05.01.2012 8,00MB 10.1.2531.0 notwendig Microsoft SQL Server 2008 Native Client Microsoft Corporation 05.01.2012 7,08MB 10.1.2531.0 notwendig Microsoft SQL Server VSS Writer Microsoft Corporation 05.01.2012 3,59MB 10.1.2531.0 notwendig Microsoft Visual C# 2010 Express - DEU Microsoft Corporation 22.01.2012 10.0.40219 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 15.01.2010 0,25MB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 15.01.2010 0,25MB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.07.2011 0,29MB 8.0.61001 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 14.01.2010 0,69MB 8.0.61000 notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 22.01.2010 0,21MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 18.02.2010 0,20MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 21.01.2010 0,77MB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 14.11.2011 0,23MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 26.07.2011 0,77MB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 17.02.2010 4,96MB 9.0.21022 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.11.2011 0,22MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 26.07.2011 0,59MB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 07.09.2011 13,7MB 10.0.30319 notwendig Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Corporation 22.01.2012 33,5MB 10.0.40219 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 07.09.2011 11,0MB 10.0.30319 notwendig Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Corporation 22.01.2012 26,3MB 10.0.40219 notwendig Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU Microsoft Corporation 22.01.2012 21,7MB 10.0.40219 notwendig Microsoft Visual Studio 2010 Service Pack 1 Microsoft Corporation 22.01.2012 76,0MB 10.0.40219 notwendig Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 22.01.2012 10.0.31119 notwendig Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU Microsoft Corporation 22.01.2012 10.0.31007 notwendig Microsoft Windows SDK for Windows 7 (7.1) Microsoft Corporation 12.01.2011 7.1.7600.0.30514 notwendig MIDI Yoke JOConnell 07.10.2011 25,00KB 1.75.53 notwendig MIDI-OX MIDIOX Computing 07.10.2011 1,99MB 7.02.372 notwendig MiKTeX 2.9 MiKTeX.org 22.05.2011 2.9 notwendig Miranda IM 0.9.42 02.02.2012 notwendig Move Networks Media Player for Internet Explorer 15.01.2010 unbekannt Mozilla Firefox 12.0 (x86 de) Mozilla 24.04.2012 37,8MB 12.0 notwendig Mozilla Maintenance Service Mozilla 24.04.2012 0,21MB 12.0 notwendig Mozilla Thunderbird 11.0.1 (x86 de) Mozilla 29.03.2012 37,5MB 11.0.1notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.02.2010 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.02.2010 1,33MB 4.20.9876.0 unbekannt n52te Editor Razer USA Ltd. 14.01.2010 5.01 notwendig Native Instruments Controller Editor 21.11.2010 notwendig Native Instruments Controller Editor Native Instruments 01.12.2010 notwendig Native Instruments Service Center 21.11.2010 notwendig Native Instruments Service Center Native Instruments 01.12.2010 notwendig Native Instruments Traktor 30.11.2010 notwendig Native Instruments Traktor Native Instruments 01.12.2010 notwendig NVIDIA Display Control Panel NVIDIA Corporation 25.10.2010 135,0MB 6.14.12.5896 notwendig NVIDIA Drivers NVIDIA Corporation 25.10.2010 63,0MB 1.10.62.40 notwendig Nvu 1.0 Thorsten Fritz 20.09.2011 1.0 notwendig OCR Software by I.R.I.S. 13.0 HP 21.02.2012 13.0 notwendig OpenSSL 1.0.0g Light (32-bit) OpenSSL Win32 Installer Team 02.02.2012 4,39MB notwendig Phase 5 HTML-Editor Systemberatung Schommer 03.08.2011 3,72MB 5.6.2.3 notwendig PhotoSync touchbyte GmbH 07.09.2011 3,59MB 1.4.0 notwendig Picasa 3 Google, Inc. 22.12.2010 3.8 notwendig QuickTime Apple Inc. 21.11.2011 73,3MB 7.71.80.42 notwendig RICOH R5U230 Media Driver ver.2.05.02.02 RICOH 17.11.2009 2.05.02.02 unbekannt rtpMIDI Tobias Erichsen 30.08.2011 2,49MB 1.0.6.219 notwendig Safari Apple Inc. 29.03.2012 104,3MB 5.34.55.3 notwendig Seagate Dashboard Memeo Inc. 04.09.2011 1.1.0.1421 notwendig ServeToMe 3.6.4.4 11.09.2011 18,0MB notwendig Shop for HP Supplies HP 21.02.2012 13.0 unbekannt Skype web features Skype Technologies S.A. 15.01.2010 4,95MB 1.0.3971 notwendig Skype™ 4.1 Skype Technologies S.A. 14.01.2010 31,1MB 4.1.179 notwendig Sound Blaster Audigy HD Creative Technology Limited 17.11.2009 1.0 notwendig Spybot - Search & Destroy Safer Networking Limited 10.10.2010 1.6.2 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 17.11.2009 14.0.1.1 unbekannt TeamSpeak 2 RC2 Dominating Bytes Design 14.01.2010 2.0.32.60 notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 21.01.2010 notwendig TeamViewer 7 TeamViewer 15.01.2012 7.0.12313 notwendig Telekom Internet Manager Huawei Technologies Co.,Ltd 16.12.2011 11.301.05.04.748 notwendig Temp File Cleaner 22.01.2012 unbekannt TextMaker Viewer SoftMaker Software GmbH 05.02.2012 notwendig Total Commander (Remove or Repair) Ghisler Software GmbH 14.01.2010 7.50a notwendig touchAble Server & Scripts AppBC 16.09.2011 9,19MB 1.2.0-r1 notwendig Trillian Cerulean Studios, LLC 07.01.2012 notwendig Turbo Lister 2 eBay Inc. 19.12.2011 68,0MB 2.00.0000 notwendig Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 05.01.2012 33,7MB 10.1.2731.0 notwendig Vim 7.3 (self-installing) 14.10.2010 notwendig Virtual Audio Cable 4.10 14.09.2011 notwendig VMware Player VMware, Inc 15.11.2011 391MB 4.0.0.18997 notwendig WIDCOMM Bluetooth Software Broadcom Corporation 17.11.2009 144,3MB 6.2.0.9600 notwendig Windows Live Essentials Microsoft Corporation 22.03.2011 15.4.3508.1109 unbekannt Windows Live Sync Microsoft Corporation 25.10.2010 2,79MB 14.0.8117.416 unbekannt WinHotKey 0.70 Brian Mathis 16.01.2012 notwendig Wireless Console 3 ASUS 17.11.2009 2,43MB 3.0.10 notwendig |
|
02.05.2012, 15:33
| #11 |
| /// Malware-holic | TR/ATRAPS.Gen Meldung in Antivir deinstaliere: Adobe Flash Player 10 Debugging Tools Driver Sweeper Java beide Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: Move Networks Mozilla Firefox : du hast doch chrome instaliert, wesendlich sicherer und sollte auch schneller sein, würd komplett auf chrome umsteigen. Spybot weg damit, nicht mehr sonderlich sinnvoll. Temp File Windows Live alle die du nicht nutzt. öffne otl cleanup, pc startet neu. öffne CCleaner analysieren CCleaner starten, testen wie der pc läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.05.2012, 17:06
| #12 |
| | TR/ATRAPS.Gen Meldung in Antivir Hi, zu früh gefreut. Gerade sehe ich über 100 Meldungen von In der Datei 'C:\Windows\SysWOW64\d3dyxom5s.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Mediyes.D.2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern im Antivir log. Ich glaube mittlerweile macht es mehr Sinn meine Kiste mal neu aufzusetzen oder was meinst du? Grüße Michi |
|
03.05.2012, 18:12
| #13 |
| /// Malware-holic | TR/ATRAPS.Gen Meldung in Antivir jo, 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.05.2012, 15:53
| #14 |
| | TR/ATRAPS.Gen Meldung in Antivir Ok, wird alles erledigt, sollte kein Problem sein. Noch eine kurze Nachfrage. Ich habe in meinem Rechner 3 Partitionen 1. Festplatte a) Partition 1: C: Windows b) Partition 2: D: Daten 2. Festplatte a) Partition 1: E: Mediathek Soll ich D: und E: auch formatieren? Ich denke mal eher JA um 100% sicher zu gehen. Grüße Michi Hat sich erledigt der letzte Post, habe alle Partitionen formatiert |
|
| Themen zu TR/ATRAPS.Gen Meldung in Antivir |
| adobe flash player, antivir, application/pdf, application/pdf:, avira, bho, bonjour, converter, defender, desktop, dll, error, explorer, firefox, flash player, format, gfnexsrv.exe, hijack, home, hotkey, intranet, lanmanworkstation, logfile, microsoft, mozilla, neu aufsetzen, plug-in, registry, safer networking, scan, searchscopes, softonic, software, t-mobile, usb, version=1.0, virus |
Linear-Darstellung
