| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU 2.07 Trojaner auf Win 7 64 BITWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2012, 14:43
| #1 |
 |  GVU 2.07 Trojaner auf Win 7 64 BIT Hallo zusammen, habe einen Laptop mit dem GVU 2.07 Trojaner von einem Freund erhalten, der nicht weiter weiß. Wolte mich über diverse Anleitungen selber heranwagen, allerdings sind meine PC Kenntnisse dem nicht gewachsen. Laptop wird sofort nach Anmeldung gesperrt. Ich komme nur in den abgesicherten Modus. Sonst geht nichts. Bitte um eure Hilfe! System: Win 7 Home Premium 64 Bit Service Pack 1 Intel(R) Core(TM) i5-2450M CPU @ 2.50 GHz 6 GB RAM |
|
30.07.2012, 16:01
| #2 |
| /// Helfer-Team  | GVU 2.07 Trojaner auf Win 7 64 BIT Von einem sauberen PC OTL.exe runterladen auf USB Stick. Infizierteen Rechner ohne Internet starten. OTL.exe auf Desktop kopieren un Log erstellen. Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
30.07.2012, 17:10
| #3 |
| | GVU 2.07 Trojaner auf Win 7 64 BIT Hier die Logs und vielen Dank vorab!
__________________OTL.txt Code:
ATTFilter OTL logfile created on: 30.07.2012 17:57:26 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Hafidem\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,92 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 73,54% Memory free 11,83 Gb Paging File | 10,13 Gb Available in Paging File | 85,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 177,00 Gb Total Space | 57,56 Gb Free Space | 32,52% Space Free | Partition Type: NTFS Drive D: | 265,59 Gb Total Space | 77,22 Gb Free Space | 29,07% Space Free | Partition Type: NTFS Computer Name: HAFIDEM-PC | User Name: Hafidem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hafidem\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Users\Hafidem\AppData\Local\Temp\g7i0ol_kaz.exe () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\BrowserCompanion\sqlite3.dll () MOD - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SGDrv) -- C:\Windows\SysNative\drivers\SGDrv64.sys (Phoenix Technologies Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 IE - HKLM\..\SearchScopes\{5C003F3C-A511-D65E-2F7F-7C280972F286}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.05.14 21:06:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.18 23:16:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.05.14 20:37:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:12:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.18 23:16:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:12:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.18 23:16:15 | 000,000,000 | ---D | M] [2012.02.25 17:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hafidem\AppData\Roaming\mozilla\Extensions [2012.06.25 20:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions [2012.06.22 01:32:11 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions\bbrs_002@blabbers.com [2012.06.22 01:34:15 | 000,002,303 | ---- | M] () -- C:\Users\Hafidem\AppData\Roaming\Mozilla\Firefox\Profiles\agc02pce.default\searchplugins\Search.xml [2012.06.08 10:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.18 18:12:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - Extension: YouTube = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: FunDial = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\ CHR - Extension: Browser Companion Helper = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\ CHR - Extension: Google-Suche = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Funmoods = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Hafidem\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9C25AC-30C1-4408-9A5E-D0AD46F95E8E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27EB8CE-408F-4D08-BBAF-269B6CF5CCD7}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.30 17:55:56 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Hafidem\Desktop\OTL.exe [2012.07.29 20:09:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.27 05:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\202DE [2012.07.12 15:40:44 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\xlilhox1asez2eokiazwpwfjdlonuvmk [2012.07.11 04:58:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.07.11 04:58:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.07.11 04:58:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.07.11 04:58:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.07.11 04:58:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.07.11 04:58:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.07.11 04:58:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.07.11 04:58:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.07.11 04:58:51 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.07.11 04:58:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.07.11 04:58:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.07.11 04:58:51 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.07.11 04:58:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.07.11 04:07:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2012.07.11 04:07:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2012.07.11 04:07:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012.07.11 04:07:13 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll [2012.07.11 04:07:13 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll [2012.07.09 13:48:47 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Local\{5E307BCC-ACDC-40C5-AF03-D64C6CEE5F2F} [2012.07.09 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Local\{3A7D4ABA-5D96-49DC-8FA0-C2FBF7BCB616} [2012.07.09 13:40:20 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\Desktop\Sessions [2012.07.09 13:35:40 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\Desktop\beats [2012.07.09 13:34:12 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\Audacity [2012.07.09 13:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2012.07.09 13:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg [2012.07.07 00:53:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe [2012.07.06 00:26:17 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Local\SCE [2012.07.06 00:26:04 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx [2012.07.04 04:52:58 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\Xotue [2012.07.04 04:52:58 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\Nebia [2012.07.04 04:52:58 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\Berai [2012.07.04 03:44:56 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Local\{B9782458-B585-48F1-B3D8-8D4CE6E5A212} [2012.07.04 03:39:36 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Local\{8BABE0B0-3FD1-422A-AC71-06296B8E6398} [2012.07.03 00:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.07.03 00:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi ========== Files - Modified Within 30 Days ========== [2012.07.30 18:01:00 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 18:01:00 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 17:59:51 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.07.30 17:59:51 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.07.30 17:59:51 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.07.30 17:59:51 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.07.30 17:59:51 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.07.30 17:54:04 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.30 17:53:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.30 17:53:29 | 2056,830,975 | -HS- | M] () -- C:\hiberfil.sys [2012.07.30 17:49:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hafidem\Desktop\OTL.exe [2012.07.30 15:15:45 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad [2012.07.29 17:27:49 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.29 13:13:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\idqehl.dat [2012.07.28 05:00:55 | 000,001,889 | ---- | M] () -- C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.12 15:17:11 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.11 11:35:52 | 000,279,168 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.07.09 13:34:10 | 000,001,007 | ---- | M] () -- C:\Users\Hafidem\Desktop\Audacity.lnk [2012.07.09 13:22:00 | 000,000,051 | ---- | M] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg [2012.07.06 02:06:18 | 000,002,624 | ---- | M] () -- C:\Users\Hafidem\Desktop\DC Universe Online Live.lnk ========== Files Created - No Company Name ========== [2012.07.29 13:13:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\idqehl.dat [2012.07.28 05:00:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad [2012.07.28 05:00:55 | 000,001,889 | ---- | C] () -- C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.09 13:34:10 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.07.09 13:34:10 | 000,001,007 | ---- | C] () -- C:\Users\Hafidem\Desktop\Audacity.lnk [2012.07.06 00:25:56 | 000,002,624 | ---- | C] () -- C:\Users\Hafidem\Desktop\DC Universe Online Live.lnk [2012.07.06 00:25:56 | 000,002,514 | ---- | C] () -- C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk [2012.06.26 01:10:23 | 000,003,584 | ---- | C] () -- C:\Users\Hafidem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.22 01:32:40 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg [2012.06.22 01:32:39 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe [2012.02.25 18:05:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.10.11 04:28:02 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011.10.11 03:27:55 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini [2011.07.21 07:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.07.21 07:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.07.21 07:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.05.14 22:43:37 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\.minecraft [2012.07.09 14:20:56 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Audacity [2012.07.04 23:13:07 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Berai [2012.05.14 20:37:13 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\CheckPoint [2012.04.12 00:20:42 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Command and Conquer 4 [2012.04.18 23:12:47 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\loadtbs [2012.06.26 01:10:00 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\MusicNet [2012.07.09 13:17:52 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Nebia [2012.04.11 23:36:52 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Origin [2012.06.21 18:59:22 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Sierra [2012.06.26 01:57:43 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Sierra Entertainment [2012.03.11 18:14:12 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Ubisoft [2012.04.17 12:12:39 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\WildTangent [2012.05.03 17:45:23 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Windows Live Writer [2012.07.15 21:14:26 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\xlilhox1asez2eokiazwpwfjdlonuvmk [2012.07.04 04:52:58 | 000,000,000 | ---D | M] -- C:\Users\Hafidem\AppData\Roaming\Xotue [2012.05.24 19:26:40 | 000,032,642 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.07.2012 17:57:26 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Hafidem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,92 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 73,54% Memory free
11,83 Gb Paging File | 10,13 Gb Available in Paging File | 85,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 177,00 Gb Total Space | 57,56 Gb Free Space | 32,52% Space Free | Partition Type: NTFS
Drive D: | 265,59 Gb Total Space | 77,22 Gb Free Space | 29,07% Space Free | Partition Type: NTFS
Computer Name: HAFIDEM-PC | User Name: Hafidem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F157B59-A45A-4C97-B8F1-D87D3F6189F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15E9F6A0-64C8-4693-8FFF-D3FFC7347D46}" = lport=139 | protocol=6 | dir=in | app=system |
"{1669023D-C8DE-43B6-9E07-17ED09F37772}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{18AFD0EC-29C0-4384-9A11-399ECC6E5C45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21829653-0E85-4DA4-972C-34A273D22DC5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45238DEC-5CE6-4657-B89D-D251F2BC6FFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BD7F551-3C80-49B1-AF64-16CD6C9E6F79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C16CE35-20AA-44D1-9188-1A09D2068D2D}" = rport=137 | protocol=17 | dir=out | app=system |
"{718B46CB-E0A5-48DF-A0D2-D6FD606FEE66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{73E26D4F-9F83-4E1B-B89A-6261806B38E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7443EC81-F02A-4982-8554-6DB83B560E6F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8692C1D0-D0CC-4331-B3A3-B52B28BA68B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DD53A39-B266-4070-AF9C-1B0B41012F2A}" = rport=445 | protocol=6 | dir=out | app=system |
"{921B38C5-ED90-4A03-9739-47C242962650}" = lport=445 | protocol=6 | dir=in | app=system |
"{952188CC-E441-4006-9C3F-BA2B2DF736F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AE8B2639-B14B-46F8-B1E3-B79AB3ADD3B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9D24D55-7343-42C6-BE0E-E880F9E01CD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{BB53985F-C22F-41AF-A5EC-9E6F272EE5DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C75D3CF4-6DCF-4E12-9C86-432DDD8775F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8EE799E-F8C9-4883-BC59-348F4301D3DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFD82DF6-AF72-439A-A140-AF1F4FF6BE47}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8195653-FDF2-44A7-814B-3FDDD5CEF40C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F57E639F-5470-4275-A5F5-2BBF65649C10}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06397755-DB90-416A-BC3E-4FFA53874927}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0CDC1006-1394-4A4C-9200-C40BA8410160}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F754A53-1D8C-405C-988F-846BFECBD705}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{17F062C9-3FAE-46EE-87C0-C13B75E45ABD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1996E001-D7B5-49DB-91D6-5E620F708CA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe |
"{23992606-3CAD-41C0-800E-E3E29A42E1E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{295DFE41-2F95-4702-BAE2-76FA1780EAB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2E260E56-758F-4437-ABFF-DA649B96DE18}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe |
"{34101386-F405-4AF3-8BCB-E3AF1F64C916}" = protocol=6 | dir=out | app=system |
"{3565E2F4-23A5-452B-90F9-DC2AEBD7D9F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B01BB2E-92D0-4F86-A123-974A90A79B63}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{3CF1FE2B-581F-422A-8623-BF4D3A93AA57}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D6D3C8B-85E4-47A4-9C5E-67E4734867E2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe |
"{4921215A-24C9-447F-9A5A-8ED3285C0B07}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{4C635842-A30D-4043-A5B4-E7B159E4DAB5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe |
"{4CB4D7AC-12FE-4C75-A3AF-2E2516FDB9E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4FB4D578-8285-4C92-B72C-A7F5B215159A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5839C5DA-3837-4EA3-A5CF-BADCD6610491}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{5879E124-D61B-432C-AF1F-8E071689C77E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59312312-165B-4A69-ADE2-CC5310A2A2EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe |
"{6179AFEF-5F73-4A32-BEFA-E53A23191581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{727D0728-B4C0-4A1E-809F-812E12789F27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77D205FE-C32C-4DC2-B5E6-F49C87F62A47}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B5D3B8F-1965-40FF-968A-45B5AF5434A3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe |
"{964D83C0-1A54-4B12-BC0C-06C28D266315}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96D12AA3-F2B8-4ECC-9FC0-89DD6607ABE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FA889CE-B8BB-4A99-B31C-B53AB083CE1E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe |
"{A2AF4A49-2C67-44BD-9247-61D5BE3C38F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A4ADF332-16E4-4775-8EDF-723D7E14B54F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{A5601431-EF5C-4B60-BC43-6CD557948736}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7BFC5C8-290B-4521-9790-0EE2926FE4C1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe |
"{B104B422-DAD6-463F-A7B5-71FDDD2DF822}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1710E19-0F82-4635-880D-CFE9E01C781C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B6E08190-78A0-4F35-8FAF-0A2BC9520740}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{BD5A6047-F888-488D-821F-301576B37DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe |
"{BFD53EED-6FB7-4E39-9079-D03740703B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe |
"{C2E438A2-9B59-47A8-B65A-9FFF09432DA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1434EEA-256E-4291-8D2A-8F9004BDFECB}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{D35A0D42-1AB4-4B16-A291-3889E44F700A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D3919906-6D12-47F2-AB09-AB2422E5DC3B}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{D4A0D698-4093-4200-ADB5-F7891008611D}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{D93F8A26-2A89-4816-96CB-527048940419}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E50294C5-809E-4223-9D95-3F3CB6E0F21B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E58F8FE9-56D5-40AA-98C8-78411604820A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6A96630-35ED-4F43-90E4-F5270AD823F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{E72DA9D4-BFE8-4792-9C15-0CB0930DB061}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E8AC9B05-E2F0-4237-814D-7DB416B0715F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA0EFB10-C9F5-45D6-B568-FFFF75A7C0F6}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
"{FDC55B70-EC45-45DB-A2C5-7B1F72EA2508}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{57C8891B-F1AE-4C0A-B8E5-456418F8DC80}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{12463C92-D7AB-4128-86D0-5CD98745B34A}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrowserCompanion" = BrowserCompanion
"DivX Setup" = DivX-Setup
"eLicenser Control" = eLicenser Control
"Game Console - WildGames" = WildTangent ORB Game Console
"Google Chrome" = Google Chrome
"iMesh" = iMesh
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"loadtbs-2.1" = loadtbs-2.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"Steam App 8930" = Sid Meier's Civilization V
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
"Xfire" = Xfire (remove only)
"ZoneAlarm Free" = ZoneAlarm Free
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FLV Player" = FLV Player
"Funmoods Web Search" = Funmoods Web Search
"SOE-DC Universe Online Live" = DC Universe Online Live
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2012 18:55:03 | Computer Name = Hafidem-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 18.05.2012 20:28:09 | Computer Name = Hafidem-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2012 19:23:05 | Computer Name = Hafidem-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2012 20:14:20 | Computer Name = Hafidem-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.05.2012 07:22:41 | Computer Name = Hafidem-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.05.2012 15:28:25 | Computer Name = Hafidem-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2012 04:08:05 | Computer Name = Hafidem-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2012 04:44:29 | Computer Name = Hafidem-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.05.2012 13:40:31 | Computer Name = Hafidem-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.05.2012 21:05:32 | Computer Name = Hafidem-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 11.03.2012 15:45:49 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 20:45:45 - Fehler beim Herstellen der Internetverbindung. 20:45:45
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 15:07:13 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 21:07:13 - Fehler beim Herstellen der Internetverbindung. 21:07:13
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 15:07:47 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 21:07:42 - Fehler beim Herstellen der Internetverbindung. 21:07:42
- Serververbindung konnte nicht hergestellt werden..
Error - 15.05.2012 15:42:13 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 21:42:13 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 15.05.2012 15:43:25 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 21:43:21 - Fehler beim Herstellen der Internetverbindung. 21:43:21
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2012 18:43:26 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 00:43:26 - Broadband konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 27.06.2012 20:56:14 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 02:56:14 - Fehler beim Herstellen der Internetverbindung. 02:56:14
- Serververbindung konnte nicht hergestellt werden..
Error - 27.06.2012 20:56:24 | Computer Name = Hafidem-PC | Source = MCUpdate | ID = 0
Description = 02:56:20 - Fehler beim Herstellen der Internetverbindung. 02:56:20
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12.07.2012 19:02:33 | Computer Name = Hafidem-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 13.07.2012 07:14:24 | Computer Name = Hafidem-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 13.07.2012 07:14:24 | Computer Name = Hafidem-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 13.07.2012 07:14:25 | Computer Name = Hafidem-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 13.07.2012 07:14:25 | Computer Name = Hafidem-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 13.07.2012 07:14:26 | Computer Name = Hafidem-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 14.07.2012 08:24:05 | Computer Name = Hafidem-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 16.07.2012 11:31:23 | Computer Name = Hafidem-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 16.07.2012 11:31:23 | Computer Name = Hafidem-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 18.07.2012 17:11:47 | Computer Name = Hafidem-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
< End of report >
|
|
30.07.2012, 18:02
| #4 |
| /// Helfer-Team | GVU 2.07 Trojaner auf Win 7 64 BIT Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\Hafidem\AppData\Local\Temp\g7i0ol_kaz.exe ()
MOD - C:\Program Files (x86)\BrowserCompanion\sqlite3.dll ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778
IE - HKLM\..\SearchScopes\{5C003F3C-A511-D65E-2F7F-7C280972F286}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2012.06.22 01:32:11 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions\bbrs_002@blabbers.com
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: FunDial = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\
CHR - Extension: Browser Companion Helper = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - Startup: C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.07.27 05:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\202DE
[2012.07.12 15:40:44 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\xlilhox1asez2eokiazwpwfjdlonuvmk
[2012.07.06 00:26:17 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Local\SCE
[2012.07.04 04:52:58 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\Xotue
[2012.07.04 04:52:58 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\Nebia
[2012.07.04 04:52:58 | 000,000,000 | ---D | C] -- C:\Users\Hafidem\AppData\Roaming\Berai
[2012.07.30 15:15:45 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.28 05:00:55 | 000,001,889 | ---- | M] () -- C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.09 13:22:00 | 000,000,051 | ---- | M] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg
:Files
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
30.07.2012, 18:16
| #5 |
| | GVU 2.07 Trojaner auf Win 7 64 BIT Hallo t´john, hier der Inhalt des Logfiles: Code:
ATTFilter ========== OTL ==========
Service vsmon stopped successfully!
Service vsmon deleted successfully!
File move failed. C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C003F3C-A511-D65E-2F7F-7C280972F286}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C003F3C-A511-D65E-2F7F-7C280972F286}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions\bbrs_002@blabbers.com\components folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\mozilla\Firefox\Profiles\agc02pce.default\extensions\bbrs_002@blabbers.com folder moved successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\jquery folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\images folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\icons folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\css\ui-lightness\menu\theme folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\css\ui-lightness\menu folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\css\ui-lightness folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\css\tango folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\css folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0 folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\cache folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0 folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales folder moved successfully.
C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
C:\Program Files (x86)\BrowserCompanion\jsloader.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
File C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
File C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browser companion helper deleted successfully.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm scheduled to be deleted on reboot.
File move failed. C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk moved successfully.
C:\Program Files (x86)\Xfire\Xfire.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\202DE folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\xlilhox1asez2eokiazwpwfjdlonuvmk folder moved successfully.
C:\Users\Hafidem\AppData\Local\SCE\wws_crashreport folder moved successfully.
C:\Users\Hafidem\AppData\Local\SCE\CrashReport folder moved successfully.
C:\Users\Hafidem\AppData\Local\SCE folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\Xotue folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\Nebia folder moved successfully.
C:\Users\Hafidem\AppData\Roaming\Berai folder moved successfully.
C:\ProgramData\zak_lo0i7g.pad moved successfully.
C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\SysWOW64\SYNSOPOS.exe.cfg moved successfully.
========== FILES ==========
OTL by OldTimer - Version 3.2.55.0 log created on 07302012_191246
Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe : MD5=7DA79898130A766A21328A3B61F957CF
[2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe : MD5=A9CF5B35BC5C59CD538B54788E9110AF
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm scheduled to be deleted on reboot.
|
|
30.07.2012, 18:28
| #6 |
| /// Helfer-Team | GVU 2.07 Trojaner auf Win 7 64 BIT Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> GVU 2.07 Trojaner auf Win 7 64 BIT |
|
30.07.2012, 18:57
| #7 |
| | GVU 2.07 Trojaner auf Win 7 64 BIT Hallo t´john, habe mich mit dem Internet verbunden, um Malwarebytes usw. zu downloaden (und wegen manuellem Update) und der Rechner wurde sofort wieder gesperrt. Kann ich das ganze auch im abgesicherten Modus machen bzw. wie gehts nun weiter? Ich komme wieder nicht ins System. |
|
30.07.2012, 19:01
| #8 |
| /// Helfer-Team | GVU 2.07 Trojaner auf Win 7 64 BIT Bist du im Benutzer "Hafidem"? Mach den Scan mal im abgesicherten Modus. |
|
30.07.2012, 19:07
| #9 |
| | GVU 2.07 Trojaner auf Win 7 64 BIT Ja, hab nur den einen Benutzer zur Auswahl. Ok, werde das jetzt gleich alles über den abgesicherten Modus installieren und scannen lassen. Sobald ich fertig bin, poste ich die Logs Hallo t´john, nach dem Malwarebytes Scan im abgesicherten Modus, konnte ich wieder in Windows rein. Juhuuu, endlich ein Erfolg  Vielen Dank!!! Bitte teile mir noch mit, ob nun mein System sauber ist, oder noch was zu tun ist.Hier die Malwarebytes Logs und ganz unten der adwcleaner: Code:
ATTFilter 2012/07/30 21:17:40 +0200 HAFIDEM-PC (null) MESSAGE Executing scheduled update: Daily
2012/07/30 21:17:45 +0200 HAFIDEM-PC (null) MESSAGE Scheduled update executed successfully: database updated from version v2012.07.30.09 to version v2012.07.30.10
2012/07/30 21:20:28 +0200 HAFIDEM-PC Hafidem MESSAGE Starting protection
2012/07/30 21:20:31 +0200 HAFIDEM-PC Hafidem MESSAGE Protection started successfully
2012/07/30 21:20:34 +0200 HAFIDEM-PC Hafidem MESSAGE Starting IP protection
2012/07/30 21:20:35 +0200 HAFIDEM-PC Hafidem MESSAGE IP Protection started successfully
2012/07/30 21:20:35 +0200 HAFIDEM-PC Hafidem MESSAGE Starting database refresh
2012/07/30 21:20:35 +0200 HAFIDEM-PC Hafidem MESSAGE Stopping IP protection
2012/07/30 21:22:00 +0200 HAFIDEM-PC Hafidem MESSAGE IP Protection stopped
2012/07/30 21:22:02 +0200 HAFIDEM-PC Hafidem MESSAGE Database refreshed successfully
2012/07/30 21:22:02 +0200 HAFIDEM-PC Hafidem MESSAGE Starting IP protection
2012/07/30 21:22:03 +0200 HAFIDEM-PC Hafidem MESSAGE IP Protection started successfully
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.09 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Hafidem :: HAFIDEM-PC [Administrator] Schutz: Deaktiviert 30.07.2012 20:12:49 mbam-log-2012-07-30 (20-12-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 427220 Laufzeit: 44 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 21 HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 16 C:\Users\Hafidem\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\installer_wavelab.exe (PUP.Adbundler) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07302012_191246\C_Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Hafidem\AppData\Local\Temp\g7i0ol_kaz.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hafidem\Downloads\setup.exe (Trojan.FakeVLC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.09 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Hafidem :: HAFIDEM-PC [Administrator] Schutz: Deaktiviert 30.07.2012 20:12:49 mbam-log-2012-07-30 (20-12-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 427220 Laufzeit: 44 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 21 HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 16 C:\Users\Hafidem\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\installer_wavelab.exe (PUP.Adbundler) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07302012_191246\C_Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Hafidem\AppData\Local\Temp\g7i0ol_kaz.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hafidem\Downloads\setup.exe (Trojan.FakeVLC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hafidem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/30/2012 at 21:22:32
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Hafidem - HAFIDEM-PC
# Running from : C:\Users\Hafidem\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Found : C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Found : C:\Users\Hafidem\AppData\LocalLow\bbrs_002.tb
Folder Found : C:\Users\Hafidem\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Hafidem\AppData\Roaming\loadtbs
Folder Found : C:\Program Files (x86)\BrowserCompanion
***** [Registry] *****
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Key Found : HKLM\SOFTWARE\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
[x64] Key Found : HKCU\Software\BrowserCompanion
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
[x64] Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\f
[x64] Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
[x64] Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
[x64] Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Hafidem\AppData\Roaming\Mozilla\Firefox\Profiles\agc02pce.default\prefs.js
Found : user_pref("extensions.funmoods.aflt", "fmtgl");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Found : user_pref("extensions.funmoods.cntry", "DE");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dfltlng", "en");
Found : user_pref("extensions.funmoods.dfltsrch", "false");
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "C49DDC48A5F3DA08F91B6E9F6B099904");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2Xzut[...]
Found : user_pref("extensions.funmoods.hrdid", "769a62d600000000000078929c74ea93");
Found : user_pref("extensions.funmoods.id", "769a62d600000000000078929c74ea93");
Found : user_pref("extensions.funmoods.instlDay", "15513");
Found : user_pref("extensions.funmoods.instlRef", "fmtgl");
Found : user_pref("extensions.funmoods.instlday", "15513");
Found : user_pref("extensions.funmoods.instlref", "fmtgl");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.keywordurl", "");
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.221:32:7");
Found : user_pref("extensions.funmoods.logicsmngrdailyreporttime", "25-06-2012");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2Xz[...]
Found : user_pref("extensions.funmoods.newtab", true);
Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2Xz[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
Found : user_pref("extensions.funmoods.savedVrsnTs", "1");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.smplgrp", "none");
Found : user_pref("extensions.funmoods.srch", "");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.srchprvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Found : user_pref("extensions.funmoods.tlbrid", "base");
Found : user_pref("extensions.funmoods.tlbrsrchurl", "");
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.221:32:7");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.221:32:7");
Found : user_pref("extensions.funmoods.xpestat\\xpereportdata", "25-5-2012");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.221:32:7");
-\\ Google Chrome v20.0.1132.57
File : C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "icon_url": "hxxp://start.funmoods.com/favicon.ico",
Found : "keyword": "funmoods.com",
Found : "name": "Web Search",
Found : "search_url": "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd[...]
Found : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Found : "name": "Funmoods",
Found : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Found : "homepage": "hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCy[...]
*************************
AdwCleaner[R1].txt - [21124 octets] - [30/07/2012 21:22:32]
########## EOF - C:\AdwCleaner[R1].txt - [21253 octets] ##########
|
|
30.07.2012, 20:29
| #10 |
| /// Helfer-Team | GVU 2.07 Trojaner auf Win 7 64 BIT
|
|
30.07.2012, 22:32
| #11 |
| | GVU 2.07 Trojaner auf Win 7 64 BIT Hier die gewünschte Textdatei ;-) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/30/2012 at 23:27:31
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Hafidem - HAFIDEM-PC
# Running from : C:\Users\Hafidem\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Hafidem\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Hafidem\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Hafidem\AppData\Roaming\loadtbs
Folder Deleted : C:\Program Files (x86)\BrowserCompanion
***** [Registry] *****
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Key Deleted : HKLM\SOFTWARE\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCyDtC0AzyyDyCtB0DyCtN0D0TzutBtDtCtBtDyCtBtB&cr=1706480778 --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Hafidem\AppData\Roaming\Mozilla\Firefox\Profiles\agc02pce.default\prefs.js
C:\Users\Hafidem\AppData\Roaming\Mozilla\Firefox\Profiles\agc02pce.default\user.js ... Deleted !
Deleted : user_pref("extensions.funmoods.aflt", "fmtgl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "DE");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "C49DDC48A5F3DA08F91B6E9F6B099904");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2Xzut[...]
Deleted : user_pref("extensions.funmoods.hrdid", "769a62d600000000000078929c74ea93");
Deleted : user_pref("extensions.funmoods.id", "769a62d600000000000078929c74ea93");
Deleted : user_pref("extensions.funmoods.instlDay", "15513");
Deleted : user_pref("extensions.funmoods.instlRef", "fmtgl");
Deleted : user_pref("extensions.funmoods.instlday", "15513");
Deleted : user_pref("extensions.funmoods.instlref", "fmtgl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.221:32:7");
Deleted : user_pref("extensions.funmoods.logicsmngrdailyreporttime", "25-06-2012");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "");
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.221:32:7");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.221:32:7");
Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "25-5-2012");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.221:32:7");
-\\ Google Chrome v20.0.1132.57
File : C:\Users\Hafidem\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "icon_url": "hxxp://start.funmoods.com/favicon.ico",
Deleted : "keyword": "funmoods.com",
Deleted : "name": "Web Search",
Deleted : "search_url": "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd[...]
Deleted : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Deleted : "name": "Funmoods",
Deleted : "update_url": "hxxp://funmoods.com/public/download/chrome/update.xml",
Deleted : "homepage": "hxxp://start.funmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0AtCy[...]
*************************
AdwCleaner[R1].txt - [21087 octets] - [30/07/2012 21:22:32]
AdwCleaner[R2].txt - [21148 octets] - [30/07/2012 21:29:53]
AdwCleaner[R3].txt - [21209 octets] - [30/07/2012 23:27:23]
AdwCleaner[S1].txt - [17083 octets] - [30/07/2012 23:27:31]
########## EOF - C:\AdwCleaner[S1].txt - [17212 octets] ##########
|
|
30.07.2012, 23:18
| #12 |
| /// Helfer-Team | GVU 2.07 Trojaner auf Win 7 64 BIT 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
31.07.2012, 11:53
| #13 |
| | GVU 2.07 Trojaner auf Win 7 64 BIT Hallo t´john, hier der emisoft log: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.07.2012 09:41:39
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 31.07.2012 09:41:58
c:\program files (x86)\imesh applications\imesh gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\skins\images gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\html gefunden: Trace.File.imesh!E1
c:\program files (x86)\gamespy arcade gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\imesh applications\imesh\skins gefunden: Trace.File.imesh!E1
c:\program files (x86)\gamespy arcade\install.log gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\imesh applications\imesh\html\error.html gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\html\loading.html gefunden: Trace.File.imesh!E1
c:\users\hafidem\appdata\roaming\microsoft\internet explorer\quick launch\imesh.lnk gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\discoveryhelper.dll gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\license.txt gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\lame_enc.dll gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\imesh.exe gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\shw32.dll gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\imwebcontrol.dll gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\resourcesloc.dll gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\skins\default.skn gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\skins\default.xml gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\skins\images\defartwork.jpg gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\skins\images\taflogo.png gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\skins\images\togologo.png gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\skins\settings.xml gefunden: Trace.File.imesh!E1
c:\program files (x86)\imesh applications\imesh\updateinst.exe gefunden: Trace.File.imesh!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\imesh --> displayname gefunden: Trace.Registry.imesh 6!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\imesh --> uninstallstring gefunden: Trace.Registry.imesh 6!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\imesh --> publisher gefunden: Trace.Registry.imesh 6!E1
Value: hkey_current_user\software\imesh\player --> volume gefunden: Trace.Registry.imesh mediabar!E1
Value: hkey_current_user\software\imesh\preferences\portableplayers\0 --> autostart gefunden: Trace.Registry.imesh mediabar!E1
Value: hkey_current_user\software\imesh\preferences\portableplayers\0 --> autosync gefunden: Trace.Registry.imesh mediabar!E1
Value: hkey_current_user\software\imesh\preferences\portableplayers\0 --> noremove gefunden: Trace.Registry.imesh mediabar!E1
Value: hkey_current_user\software\imesh\preferences\portableplayers\0 --> serialnumber gefunden: Trace.Registry.imesh mediabar!E1
Value: hkey_current_user\software\imesh\preferences\portableplayers\0 --> usages gefunden: Trace.Registry.imesh mediabar!E1
Value: hkey_current_user\software\imesh\preferences\portableplayers --> devices gefunden: Trace.Registry.imesh mediabar!E1
Value: hkey_current_user\software\imesh\general --> appdata gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> downloaddir gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> downloadlimit gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> dsuniqueid gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> limittime gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> login gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> mnenabled gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> networkpaneshow gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> okhashes gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\general --> statisticsfilename gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> accessuploading gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> maxconnforfile gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> maxdownload gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> enablelocalconnections gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> maxupload gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> maxuploadspeed gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> previewport gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> reassignslowsources gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> smarttraffic gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> maxdownloadspeed gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> timelibraryreportsent gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> timeuploadport gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\proxy --> password gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\proxy --> serveraddress gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\proxy --> serverport gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\proxy --> type gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\proxy --> useauthentication gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\proxy --> username gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\filelist --> deletefromdisk gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\filelist --> mediatypefilter gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\iehomepage --> dontshowiehomepageoffer gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\iehomepage --> dontshowiehomepageoffernever gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\iehomepage --> iehomepage gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\iehomepage --> lasthomepagecheck gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\invite --> downloadcount gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\invite --> inviteshowcount gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\invite --> playcount gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\search --> maxresultscount gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\search --> mediatypefilter gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\search --> premiumenabled gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences\security --> donotshare gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> audeclinedate gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> autoresetplaycount gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> copyfromremovable gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> imhistoryfolderpath gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> impicturefolderpath gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isautovolume gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> iscrossfadeenable gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isimalertcontacts gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> statusuploadport gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isimdontplaywhenplaying gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isimeveryone gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isimspecialalers gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isneedupdatehisory gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isnotpresentanyvideo gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isnotshownick gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isplaydownloadsound gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> connectip gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> issecuritylock gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isshowcrqdialog gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isshowdownloadtray gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isshowftpdialog gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isshowlqdialog gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> issearchautosuggest gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> receivelooking gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> rootlicensedate gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> sendlooking gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> shownilwarning gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> substype gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isshowtoday gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> usedmnportable gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> usedportable gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> videoregime gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> isimalertmessages gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\network\im2net --> antport gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> updaterlocation gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh --> lastopenfiledir gefunden: Trace.Registry.imesh!E1
Key: hkey_local_machine\software\imesh gefunden: Trace.Registry.imesh!E1
Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\imesh gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> visualenabled gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh\preferences --> visualregime gefunden: Trace.Registry.imesh!E1
Key: hkey_current_user\software\imesh gefunden: Trace.Registry.imesh!E1
C:\Users\Hafidem\AppData\Local\Temp\jar_cache6177892399086946944.tmp -> Byte.class gefunden: Java.CVE!E2
C:\Users\Hafidem\AppData\Local\Temp\is87173921\MyBabylonTB.exe gefunden: Riskware.Win32.Toolbar.Babylon.AMN!E1
Gescannt 723604
Gefunden 117
Scan Ende: 31.07.2012 10:37:13
Scan Zeit: 0:55:15
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hafidem :: HAFIDEM-PC [Administrator] Schutz: Aktiviert 31.07.2012 02:17:06 mbam-log-2012-07-31 (02-17-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 428156 Laufzeit: 1 Stunde(n), 8 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Hafidem\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\installer_wavelab.exe (PUP.Adbundler) -> Keine Aktion durchgeführt. C:\Users\Hafidem\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\07302012_191246\C_Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) |
|
31.07.2012, 11:55
| #14 |
| /// Helfer-Team | GVU 2.07 Trojaner auf Win 7 64 BIT Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
31.07.2012, 16:09
| #15 |
| | GVU 2.07 Trojaner auf Win 7 64 BIT Hallo t´john, bei Emisoft gab es keine Löschfunktion, sondern lediglich in Quarantäne verschieben. Das habe ich gemacht und das Programm wie beschrieben anschließend deinstalliert. Gruß Robokopter Hier der ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b0119325f0ce04fa2b63a447ee6fd56
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 02:59:15
# local_time=2012-07-31 04:59:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6717777 6717777 0 0
# compatibility_mode=5893 16776574 100 94 6888463 95369552 0 0
# compatibility_mode=8192 67108863 100 0 119 119 0 0
# compatibility_mode=9217 16777214 75 4 6719078 6719078 0 0
# scanned=235198
# found=17
# cleaned=17
# scan_time=7052
C:\Users\Hafidem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY6WTTSB\brand_files[1].7zip a variant of Win32/Toolbar.SearchSuite application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Hafidem\AppData\Local\Temp\SetupDataMngr_iMesh.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hafidem\AppData\Local\Temp\is87173921\ezLooker-S-Setup_Suite1.exe probably a variant of Win32/Adware.DFJFHGU application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hafidem\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\2238013b-685b9bdf Java/Exploit.CVE-2012-1723.S trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Hafidem\Downloads\etypesetup.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hafidem\Downloads\installer_wavelab.exe Win32/Toggle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Hafidem\Downloads\video_downloader.exe Win32/Adware.Bundlore application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-02-26 164952\Backup Files 2012-02-26 164952\Backup files 1.zip Win32/Adware.ToolPlugin application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-03-04 190000\Backup Files 2012-03-04 190000\Backup files 3.zip Win32/Adware.ToolPlugin application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-03-25 205416\Backup Files 2012-03-25 205416\Backup files 2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-03-25 205416\Backup Files 2012-04-15 193324\Backup files 1.zip Win32/Adware.Bundlore application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-03-25 205416\Backup Files 2012-05-29 115408\Backup files 1.zip a variant of Win32/InstallCore.T application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-03-25 205416\Backup Files 2012-06-25 200707\Backup files 5.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-07-01 232800\Backup Files 2012-07-01 232800\Backup files 14.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-07-01 232800\Backup Files 2012-07-08 231932\Backup files 3.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-07-01 232800\Backup Files 2012-07-15 212101\Backup files 3.zip JS/Kryptik.RK trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\HAFIDEM-PC\Backup Set 2012-07-01 232800\Backup Files 2012-07-29 205807\Backup files 2.zip Java/Exploit.CVE-2012-1723.S trojan (deleted - quarantined) 00000000000000000000000000000000 C
|
|
| Themen zu GVU 2.07 Trojaner auf Win 7 64 BIT |
| 64 bit, abgesicherte, abgesicherten, anleitungen, anmeldung, cpu, diverse, erhalte, erhalten, freund, gen, gvu 2.07, hallo zusammen, home, laptop, meldung, premium, ram, service, sofort, troja, trojaner, ukash, win, win 7, win 7 64 bit, zusammen |
Linear-Darstellung
