| |
| |||||||
Log-Analyse und Auswertung: GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.08.2012, 20:46
| #1 |
| |  GVU Trojaner Hallo, Auch mich hat es erwischt und ich habe den Trojaner auf dem Laptop, der diese Meldung aufgehen lässt, dass mein Computer gesperrt wurde. Hab nun Malewarebytes im abgesicherten Modus laufen lassen und diesen Log erhalten: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.02.08 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Cécile :: CÉCILE-PC [Administrator] 02.08.2012 21:05:54 mbam-log-2012-08-02 (21-05-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218041 Laufzeit: 2 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gqxndlftzyihpjy (Trojan.Winlock) -> Daten: C:\ProgramData\gqxndlft.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\gqxndlft.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Cécile\0.2358728497820991.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL: Code:
ATTFilter OTL logfile created on: 8/2/2012 9:20:15 PM - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Cécile\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 5.91 Gb Total Physical Memory | 4.45 Gb Available Physical Memory | 75.23% Memory free 11.83 Gb Paging File | 10.22 Gb Available in Paging File | 86.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 250.05 Gb Total Space | 113.44 Gb Free Space | 45.36% Space Free | Partition Type: NTFS Drive D: | 321.12 Gb Total Space | 160.88 Gb Free Space | 50.10% Space Free | Partition Type: NTFS Computer Name: CÉCILE-PC | User Name: Cécile | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/01 16:42:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Cécile\Desktop\OTL.exe PRC - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Cécile\AppData\Local\Akamai\netsession_win.exe PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/05/31 12:34:44 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011/01/25 20:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010/11/15 19:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010/10/07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010/09/24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010/08/17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010/07/10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/07/10 16:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe PRC - [2009/07/10 16:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/09/24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/07/10 16:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe MOD - [2009/07/10 16:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe MOD - [2009/06/23 13:13:33 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll MOD - [2009/06/23 13:13:02 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll MOD - [2009/06/23 13:11:53 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll MOD - [2009/06/22 15:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL MOD - [2009/06/22 15:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\customui.dll MOD - [2009/06/22 15:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL MOD - [2009/06/22 15:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL MOD - [2009/06/22 15:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL MOD - [2009/05/29 16:09:48 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll MOD - [2009/05/29 16:08:53 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll MOD - [2009/05/27 14:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll MOD - [2009/05/27 14:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacats.dll MOD - [2009/05/26 22:17:13 | 000,086,118 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll MOD - [2009/04/28 09:57:02 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsmr.dll MOD - [2009/04/07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll MOD - [2009/03/10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll MOD - [2009/03/05 19:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll MOD - [2009/03/02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll MOD - [2009/02/20 10:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsm.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2011/01/25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/09/17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2010/04/17 01:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/04/07 15:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Start_Pending] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/01 15:13:44 | 001,054,888 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device) SRV:64bit: - [2009/07/01 15:13:39 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService) SRV - [2012/07/27 11:46:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/17 23:17:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/11 15:28:27 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/10 20:29:21 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009/07/01 15:13:39 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService) SRV - [2009/07/01 15:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dleacoms.exe -- (dlea_device) SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/15 12:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/13 13:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/12/13 23:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/09/23 10:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010/09/17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010/09/17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010/09/17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010/09/13 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/08/03 20:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010/04/17 01:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/03/06 01:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010/07/26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/01/12 18:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 23:17:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 23:17:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/18 18:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cécile\AppData\Roaming\mozilla\Extensions [2012/07/17 23:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cécile\AppData\Roaming\mozilla\Firefox\Profiles\kg1enml1.default\extensions [2012/07/17 23:17:14 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Cécile\AppData\Roaming\mozilla\Firefox\Profiles\kg1enml1.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2012/05/01 21:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\CéCILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG1ENML1.DEFAULT\EXTENSIONS\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} File not found (No name found) -- C:\USERS\CéCILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG1ENML1.DEFAULT\EXTENSIONS\FIREFOX@FACEBOOK.COM.XPI File not found (No name found) -- C:\USERS\CéCILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG1ENML1.DEFAULT\EXTENSIONS\HOTMAILWATCHER@SONTHAKIT.XPI [2012/07/17 23:17:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/28 15:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/28 15:12:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/28 15:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/28 15:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/28 15:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/28 15:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll () O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe () O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Cécile\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7247476-E102-4483-92B6-71F5D9DA530F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA9ED754-E605-482C-B4A0-3842609106E7}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (c:/windows/explorer.exe) - c:/windows/explorer.exe () O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a989c1f0-d964-11e1-afef-f46d0422f648}\Shell - "" = AutoRun O33 - MountPoints2\{a989c1f0-d964-11e1-afef-f46d0422f648}\Shell\AutoRun\command - "" = F:\SISetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2099/02/28 19:16:01 | 000,000,000 | ---D | C] -- C:\Users\Cécile\Documents\gegl-0.0 [2099/02/28 19:16:01 | 000,000,000 | ---D | C] -- C:\Users\Cécile\.gimp-2.6 [2099/02/28 19:04:25 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\WinRAR [2099/02/28 19:04:25 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2099/02/28 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2099/02/28 19:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012/08/02 21:05:01 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\Malwarebytes [2012/08/02 21:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/02 21:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/02 21:04:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/02 21:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/02 21:03:35 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Cécile\Desktop\OTL.exe [2012/08/02 21:03:26 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cécile\Desktop\mbam-setup-1.62.0.1300.exe [2012/08/01 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\fdrvlcnbztbgwjt [2012/07/29 12:19:52 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012/07/29 12:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012/07/29 12:18:14 | 000,020,480 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mvusbews.sys [2012/07/29 12:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012/07/17 23:39:59 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\NVIDIA [2012/07/14 19:28:27 | 000,000,000 | ---D | C] -- C:\Users\Cécile\Documents\ANNO 2070 [2012/07/14 19:12:37 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\Ubisoft [2012/07/14 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012/07/11 22:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Setup Helper [2012/07/11 22:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hobbyist Software [2012/07/11 14:49:11 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\SPORE Creature Creator [2012/07/11 14:49:11 | 000,000,000 | ---D | C] -- C:\Users\Cécile\Documents\MeinSPORE-Kreationen [2012/07/11 14:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2012/07/03 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\TS3Client [2012/07/03 21:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012/07/03 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client ========== Files - Modified Within 30 Days ========== [2012/08/02 21:26:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/02 21:26:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/02 21:25:57 | 001,529,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/02 21:25:57 | 000,665,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/08/02 21:25:57 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/02 21:25:57 | 000,133,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/08/02 21:25:57 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/02 21:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/02 21:17:53 | 467,496,959 | -HS- | M] () -- C:\hiberfil.sys [2012/08/02 21:04:21 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/08/02 20:52:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cécile\Desktop\mbam-setup-1.62.0.1300.exe [2012/08/01 16:47:02 | 147,308,108 | ---- | M] () -- C:\Users\Cécile\Desktop\EmsisoftEmergencyKit.zip [2012/08/01 16:42:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Cécile\Desktop\OTL.exe [2012/08/01 16:22:11 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat [2012/08/01 16:13:55 | 000,002,106 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/08/01 15:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/01 15:34:42 | 000,000,051 | ---- | M] () -- C:\ProgramData\ivnmehlgrkkhvgb [2012/08/01 13:08:36 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/07/30 16:00:12 | 000,001,367 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/07/29 12:19:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf [2012/07/17 21:53:22 | 000,034,317 | ---- | M] () -- C:\Users\Cécile\.recently-used.xbel [2012/07/11 21:28:17 | 000,416,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/03 21:42:37 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk ========== Files Created - No Company Name ========== [2012/08/02 21:04:21 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/08/02 21:03:27 | 147,308,108 | ---- | C] () -- C:\Users\Cécile\Desktop\EmsisoftEmergencyKit.zip [2012/08/01 16:22:11 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat [2012/08/01 15:34:34 | 000,000,051 | ---- | C] () -- C:\ProgramData\ivnmehlgrkkhvgb [2012/07/29 12:19:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf [2012/07/29 12:18:39 | 001,695,232 | ---- | C] () -- C:\Windows\SysNative\HP1100SM.EXE [2012/07/29 12:18:39 | 000,289,280 | ---- | C] () -- C:\Windows\SysNative\HP1100LM.DLL [2012/07/29 12:18:16 | 000,350,720 | ---- | C] () -- C:\Windows\SysNative\mvhlewsi.dll [2012/07/29 12:18:14 | 000,082,432 | ---- | C] () -- C:\Windows\SysNative\mvusbews.dll [2012/07/29 12:18:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\HP1100SMs.dll [2012/07/17 21:53:22 | 000,034,317 | ---- | C] () -- C:\Users\Cécile\.recently-used.xbel [2012/07/03 21:42:37 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/03/05 18:34:36 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll [2012/03/05 18:34:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll [2012/03/05 18:34:36 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll [2012/03/05 18:34:36 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll [2012/03/05 18:34:35 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll [2012/03/05 18:34:35 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll [2012/03/05 18:34:35 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll [2012/03/05 18:34:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll [2012/03/05 18:34:34 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll [2012/03/05 18:34:34 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll [2012/03/05 18:34:34 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll [2012/03/05 18:34:34 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll [2012/03/05 18:34:33 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll [2012/03/05 18:34:33 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll [2012/03/05 18:34:32 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll [2012/03/05 18:34:32 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll [2012/03/05 18:34:32 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe [2012/03/05 18:34:31 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll [2012/03/05 18:34:31 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe [2012/03/05 18:34:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll [2012/03/05 18:34:30 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe [2012/03/05 18:34:27 | 000,086,118 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll [2012/03/05 18:32:28 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll [2012/03/05 18:32:27 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll [2011/03/08 05:39:03 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/01/12 18:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012/03/18 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\.jfwupdate [2012/03/18 15:16:56 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\.Kanton GR [2012/02/18 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\Asus WebStorage [2012/04/11 17:45:54 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\Atari [2012/07/20 20:43:26 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\BitTorrent [2012/07/17 21:53:23 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\gtk-2.0 [2012/02/28 18:15:06 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\Leadertech [2012/04/12 12:57:22 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\Nuance [2012/07/11 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\SPORE Creature Creator [2012/07/03 22:05:56 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\TS3Client [2012/07/14 19:12:37 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\Ubisoft [2012/03/01 23:56:08 | 000,000,000 | ---D | M] -- C:\Users\Cécile\AppData\Roaming\Zeon [2012/05/13 16:49:51 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 8/2/2012 9:20:15 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Cécile\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
5.91 Gb Total Physical Memory | 4.45 Gb Available Physical Memory | 75.23% Memory free
11.83 Gb Paging File | 10.22 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 250.05 Gb Total Space | 113.44 Gb Free Space | 45.36% Space Free | Partition Type: NTFS
Drive D: | 321.12 Gb Total Space | 160.88 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Computer Name: CÉCILE-PC | User Name: Cécile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E7D7E36-5CFF-4DC3-B633-6C46E3C46A32}" = lport=139 | protocol=6 | dir=in | app=system |
"{11E66DA3-C265-41EA-A9FB-009F1A4CAAD9}" = lport=445 | protocol=6 | dir=in | app=system |
"{12BD3A5E-5DE6-47CD-B4E3-B36C3800E053}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe |
"{19451413-6CF3-403E-8BDC-52DC44E66A09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B8FBDAD-8EEA-4D65-AF67-627E6B31608D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DC822A6-B600-45D0-8A85-DC5D333BBA8F}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DEF9043-1413-470B-B7AC-463B9A6D6772}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{22465745-B9D9-45C1-B8C1-9D1E2BDA1B8B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe |
"{24D688BD-9297-4AF7-8E7E-ABC76A7B8169}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E181253-964D-4C22-862E-103E268C0CFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3480E69A-CBB9-41E8-BF09-171BBC61189C}" = lport=137 | protocol=17 | dir=in | app=system |
"{37031338-5C27-47F7-8B7E-7301F09932E9}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe |
"{3B2D6E27-6F8A-47D0-8F73-7AA9B9DB2770}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{3CEFAF51-22A8-432D-BD32-F0B3943F2026}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D9872E2-D614-42AA-BD9E-32DB67B43C24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B417481-E26E-4C83-A28E-1AF4A38FEE58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CCD9FB5-2273-4C60-AA48-C7FF7EF8AF78}" = rport=139 | protocol=6 | dir=out | app=system |
"{53158159-126F-443C-8507-1D4526A6A587}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6386DF36-F496-4A7E-B441-0EF30B8C04A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6523CCFD-FFCF-4EB0-B4EA-8A066FA6A26D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BA5A3C3-BC6E-47E1-980C-5BE6500018A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{76E3D0D7-F01F-4B5A-956C-7DBAF78260A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{787EB5D0-AAC8-459A-BDEF-6213B39D3B4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87153BFF-9632-47B3-92D9-6676D7B0ADB8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DD613AA-2496-438E-9884-3CD26925538E}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe |
"{99E5A8D6-C057-4735-B9B2-159DA7EEF011}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{9BA626EC-DD71-48EE-8F1A-37748EAD8D85}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AE309B91-778A-4726-A606-9E6703881E1A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4136A0B-E771-4EB7-A2F4-7AF32275261D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BB662957-3341-41ED-AD30-73CBEB0F7E16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{CC6811ED-8162-4F2B-B5C8-EB8888BF2504}" = lport=445 | protocol=6 | dir=in | app=system |
"{CCDCD014-2E73-4038-8C6E-1EF2AF1C4DF2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D6639E83-278E-46EC-9AFF-EE1282627C47}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA78110C-2370-4EB5-9B93-16E4CC27C9EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DE53F7DB-6EBA-415D-B7AC-9B4ECE19EEE7}" = rport=138 | protocol=17 | dir=out | app=system |
"{DEA662A9-D577-42C4-A369-653926035F5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{DF92479C-BF63-43C7-AED1-ABF2810A120F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0729A4E-F3AA-4F62-ABF8-257297D0DAC5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E29D7774-48A9-4624-A381-2FF217AA476F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E9C5D2D1-D09A-4D80-90B7-A79733AE1DC3}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe |
"{FD4A19C4-B8BA-4B2A-8C7B-3BF521F61A16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE5B70AC-E8EF-40F3-9FE8-2538197B89DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014E1F39-E620-436F-9B96-86D03930968D}" = protocol=6 | dir=in | app=c:\users\cécile\appdata\local\akamai\netsession_win.exe |
"{0234C825-8617-4E00-9E97-31AE9F988D71}" = protocol=6 | dir=out | app=system |
"{02FBD3E0-FC93-48F7-A213-6E84796A976E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{06B1FBB9-1E10-451E-A729-6372CFB31F74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{07930D85-091A-4311-8095-64C68BDBEFED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{1069F33C-3D61-4727-9A43-38D87B89D4A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{1149CF3E-E74D-4D84-BA85-B38E07D6671F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{136EDE44-4F74-4DB2-94FD-A0C2BFE44D06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13AA3BD9-AF6A-4A05-A7D4-035B666252F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{215928F7-B0A1-4714-AB1D-3A42C88F12DD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2426A22D-BAC7-4E30-9589-EE8204E0DA91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2480C6F7-3690-4CEF-B97A-76FC829BA7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{24EA7858-E95A-474C-A79F-BDE7E8CAFB73}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{25B8798A-85E8-4F9F-B79A-282291D912A9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44525749-B906-4386-8BD9-783D56452999}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{44F8893D-2635-44C8-9093-322724640A5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{45881FFF-4BFE-40FF-B95F-98C5B5B6C996}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{465423EC-0915-46CA-BA76-A9FC64226E5C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4A0D3F63-CCD3-4AA5-A0FC-7B409752A28B}" = dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{4F7DE74D-E117-4B6B-9B03-6DF72E5850BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{507C57D3-DC7A-4DCC-8C7C-28966EC6CAB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5345F2F6-1E95-470E-883C-D25315BE7F08}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5A99C5A9-B305-48C1-84AE-22818FDD5B30}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\vlc setup helper.exe |
"{5CC02F87-32DF-449E-A05B-F73AF8326312}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{6203F289-EB31-4339-A316-68026BC5F39D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{6205F7C4-881F-4EB9-8B3B-7547CE2EB342}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{62BEE160-819F-42A0-9BB8-723C698E13A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{66901682-2601-4CCD-BF6A-ED3EDAA73659}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{69CCE2D6-7598-46BD-959B-62BD0225815D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AAD8560-380E-432D-ACB7-14F3C644F2F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C898FF4-C47B-4CD7-83F0-9EC23A511894}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7130FB7F-6DDB-48A9-BA88-F6C768850DDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7540A6D1-60B5-41D5-8DA0-068A9240E8D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F58C8E-9722-4FBC-B431-238A93299DA4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{79D58F03-68DC-402A-9BD8-446AD2FBECEC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{811318E6-78CF-428B-BC62-0BDAEE288B5D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{812C0C84-262C-4F3F-9033-0AF8EC9FE517}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8222556D-9D7F-45FB-A8E7-8A5620084DD9}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{8C1873CD-B180-437D-A2CD-0B4A96525471}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9323328D-F044-4851-A887-D2D32C202C58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B1C0C58-6580-4FF4-8FEB-2427E33C170B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9DCC870D-19BD-4B6D-9A28-59F5BBF502CB}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{A01A5B57-A0D6-4D48-9307-9DD3AA108556}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A4152570-B674-4F3A-B479-8C4DFB5A603A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A788F39D-42D9-461E-9054-C2E97FAC613A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AF5367F5-DE85-4B6B-9C6A-C050CFFA8D61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2E5BCCF-FDE0-4105-BA43-B9812F42F96A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{B5527D47-5199-428D-A34B-D80DECC58CC1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B6CE2B8A-3326-4CC7-A7B0-A840B904C03F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B75FE83A-EBA4-4B0D-8A1D-D34ABBB70983}" = protocol=17 | dir=in | app=c:\users\cécile\appdata\local\akamai\netsession_win.exe |
"{BAB5E82B-E612-4440-8226-73FA163DD04F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{BBC78DC9-5D6D-4C24-A855-A2B25E59A9F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDE1D3C4-3F4A-4042-9B1E-5502B62BC567}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BE355444-FE32-47C6-BECB-E3CABF65C60C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C166B6AD-DC7E-4B5F-A860-82477BC39130}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5731184-5FD7-4BC8-A257-EA4B519B2528}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E322EB91-BB8D-4AB5-84FA-12C95D20C951}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{E67355EF-EA1C-4E13-B4A7-10903444CA1E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{E71328FD-F655-43A7-A202-08085C0C08C3}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{E736D7AE-BF90-46A8-9A44-52F881BD2D62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F397C31F-DD57-46A6-B95C-A34649D7A5F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6C0FECC-AFCE-46EF-8519-49246D298F62}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{F8475322-F932-405B-B462-F7DD0C265898}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F931015E-8EFA-4914-8D27-E459A9EC3822}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{F97FA170-D3B8-489D-B204-2C7A2DE8D8BA}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{FA446BA8-4BCD-4856-AF6E-85364DDD33B0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FD60B0F2-AD6D-481C-A1DF-B134DA1597B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{9C983D64-70C8-40A6-9698-1F5D0130FF1D}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"TCP Query User{9E0B54E0-AB11-43AE-84D9-B83E6C634B56}C:\program files (x86)\alaplaya\loco\system\loco.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\loco\system\loco.exe |
"TCP Query User{A5BBB0EE-C451-4523-B404-4307A31DFFD6}C:\users\cécile\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cécile\appdata\local\akamai\netsession_win.exe |
"TCP Query User{DE5FF54E-24E5-4D03-8554-4B79A098C99F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{0BE8A120-9856-45FE-BEE4-66917D3FA866}C:\program files (x86)\alaplaya\loco\system\loco.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\loco\system\loco.exe |
"UDP Query User{4350D848-BD95-4631-BC7D-C42E3469D02B}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"UDP Query User{D8E732C4-21E7-467E-8ED4-13852CEB97D4}C:\users\cécile\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cécile\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E16557E3-23E9-416F-8311-0FFF2E005E10}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Dell V310-V510 Series" = Dell V310-V510 Series
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Symbolleiste
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"BitTorrent" = BitTorrent
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NosTale(DE)_is1" = Nostale(DE)
"Plants vs Zombies" = Plants vs Zombies
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SofTax GR 2011 NP" = SofTax GR 2011 NP
"Steam App 48240" = Anno 2070
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8980" = Borderlands
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.0
"VLC Setup Helper_is1" = VLC Setup Helper
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/14/2012 5:16:57 PM | Computer Name = Cécile-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/14/2012 5:17:25 PM | Computer Name = Cécile-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/14/2012 5:17:27 PM | Computer Name = Cécile-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/14/2012 5:17:30 PM | Computer Name = Cécile-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/14/2012 5:17:49 PM | Computer Name = Cécile-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/19/2012 8:07:59 AM | Computer Name = Cécile-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/19/2012 8:07:59 AM | Computer Name = Cécile-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46374948
Error - 6/19/2012 8:07:59 AM | Computer Name = Cécile-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46374948
Error - 6/24/2012 2:43:30 PM | Computer Name = Cécile-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b5c Startzeit:
01cd521afc1e0858 Endzeit: 109 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
7ace0eb3-be2c-11e1-8555-f46d0422f648
Error - 6/25/2012 6:34:00 PM | Computer Name = Cécile-PC | Source = Application Hang | ID = 1002
Description = Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1008 Startzeit: 01cd532237f72319 Endzeit: 25 Anwendungspfad:
C:\Windows\System32\rundll32.exe Berichts-ID:
[ System Events ]
Error - 7/16/2012 5:44:50 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 7/16/2012 5:44:50 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 7/17/2012 6:02:14 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
dleaCATSCustConnectService erreicht.
Error - 7/17/2012 6:02:14 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dleaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 7/17/2012 6:04:24 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 7/17/2012 6:04:24 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 7/18/2012 11:05:37 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
dleaCATSCustConnectService erreicht.
Error - 7/18/2012 11:05:37 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dleaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 7/18/2012 11:07:44 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 7/18/2012 11:07:44 AM | Computer Name = Cécile-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Geändert von Yuuki-Chan (02.08.2012 um 21:03 Uhr) |
|
03.08.2012, 14:30
| #2 |
| /// Helfer-Team  | GVU Trojaner Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - [2012/07/10 20:29:21 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
File not found (No name found) -- C:\USERS\CéCILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG1ENML1.DEFAULT\EXTENSIONS\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
File not found (No name found) -- C:\USERS\CéCILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG1ENML1.DEFAULT\EXTENSIONS\FIREFOX@FACEBOOK.COM.XPI
File not found (No name found) -- C:\USERS\CéCILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KG1ENML1.DEFAULT\EXTENSIONS\HOTMAILWATCHER@SONTHAKIT.XPI
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Cécile\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O20:64bit: - HKLM Winlogon: Shell - (c:/windows/explorer.exe) - c:/windows/explorer.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a989c1f0-d964-11e1-afef-f46d0422f648}\Shell - "" = AutoRun
O33 - MountPoints2\{a989c1f0-d964-11e1-afef-f46d0422f648}\Shell\AutoRun\command - "" = F:\SISetup.exe
[2012/08/01 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\fdrvlcnbztbgwjt
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
03.08.2012, 14:40
| #3 |
| | GVU Trojaner Danke für deine Hilfe t'john
__________________ Hier der Log: Code:
ATTFilter All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Cécile\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:c:/windows/explorer.exe deleted successfully.
File move failed. c:/windows/explorer.exe scheduled to be moved on reboot.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a989c1f0-d964-11e1-afef-f46d0422f648}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a989c1f0-d964-11e1-afef-f46d0422f648}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a989c1f0-d964-11e1-afef-f46d0422f648}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a989c1f0-d964-11e1-afef-f46d0422f648}\ not found.
File F:\SISetup.exe not found.
C:\ProgramData\fdrvlcnbztbgwjt folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Cécile\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Cécile
->Temp folder emptied: 317527432 bytes
->Temporary Internet Files folder emptied: 2196980 bytes
->Java cache emptied: 154799 bytes
->FireFox cache emptied: 591361441 bytes
->Flash cache emptied: 22697 bytes
User: C‚cile
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 281480925 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045802 bytes
RecycleBin emptied: 7558523864 bytes
Total Files Cleaned = 8,380.00 mb
[EMPTYFLASH]
User: All Users
User: Cécile
->Flash cache emptied: 0 bytes
User: C‚cile
User: Default
User: Default User
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 08032012_153535
Files\Folders moved on Reboot...
File move failed. c:/windows/explorer.exe scheduled to be moved on reboot.
C:\Users\Cécile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] () c:/windows/explorer.exe : MD5=332FEAB1435662FC6C672E25BEB37BE3
File C:\Users\Cécile\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
03.08.2012, 14:49
| #4 |
| /// Helfer-Team | GVU Trojaner Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
03.08.2012, 16:19
| #5 |
| | GVU Trojaner Einmal den Malwarebytes Log: (Ich weiss nicht ob du den brauchst..) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Cécile :: CÉCILE-PC [Administrator] 03.08.2012 15:56:16 mbam-log-2012-08-03 (15-56-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 408005 Laufzeit: 1 Stunde(n), 16 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/03/2012 at 17:15:42
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Cécile - CÉCILE-PC
# Running from : C:\Users\Cécile\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Cécile\AppData\Local\Conduit
Folder Found : C:\Users\Cécile\AppData\LocalLow\Conduit
Folder Found : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\ConduitCommon
Folder Found : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\CT2849855
Folder Found : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Folder Found : C:\Program Files (x86)\Conduit
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\prefs.js
Found : user_pref("CT2849855..clientLogIsEnabled", false);
Found : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Found : user_pref("CT2849855.CTID", "CT2849855");
Found : user_pref("CT2849855.CurrentServerDate", "3-8-2012");
Found : user_pref("CT2849855.DSInstall", false);
Found : user_pref("CT2849855.DialogsAlignMode", "LTR");
Found : user_pref("CT2849855.DialogsGetterLastCheckTime", "Fri Aug 03 2012 15:38:00 GMT+0200");
Found : user_pref("CT2849855.DownloadReferralCookieData", "");
Found : user_pref("CT2849855.EMailNotifierPollDate", "Thu May 31 2012 12:38:11 GMT+0200");
Found : user_pref("CT2849855.FeedLastCount129349796701375473", 213);
Found : user_pref("CT2849855.FeedPollDate129313974171006416", "Thu May 31 2012 16:38:14 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313975698350231", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313976370850190", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313976648818968", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313977444757117", "Thu May 31 2012 16:38:15 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980389131455", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980655381977", "Thu May 31 2012 16:38:14 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980886163259", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313981234756535", "Thu May 31 2012 16:38:15 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313983226631720", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313983607725691", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Found : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Found : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Found : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Found : user_pref("CT2849855.FirstServerDate", "31-5-2012");
Found : user_pref("CT2849855.FirstTime", true);
Found : user_pref("CT2849855.FirstTimeFF3", true);
Found : user_pref("CT2849855.FixPageNotFoundErrors", true);
Found : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2849855.HPInstall", false);
Found : user_pref("CT2849855.HasUserGlobalKeys", true);
Found : user_pref("CT2849855.HomePageProtectorEnabled", false);
Found : user_pref("CT2849855.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Found : user_pref("CT2849855.Initialize", true);
Found : user_pref("CT2849855.InitializeCommonPrefs", true);
Found : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2849855.InstallationId", "fftF137.tmp.exe");
Found : user_pref("CT2849855.InstallationType", "XPE");
Found : user_pref("CT2849855.InstalledDate", "Thu May 31 2012 12:38:11 GMT+0200");
Found : user_pref("CT2849855.IsGrouping", false);
Found : user_pref("CT2849855.IsInitSetupIni", true);
Found : user_pref("CT2849855.IsMulticommunity", false);
Found : user_pref("CT2849855.IsOpenThankYouPage", true);
Found : user_pref("CT2849855.IsOpenUninstallPage", false);
Found : user_pref("CT2849855.LanguagePackLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Found : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2849855.LastLogin_3.12.0.8", "Thu May 31 2012 16:42:23 GMT+0200");
Found : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jul 17 2012 21:24:18 GMT+0200");
Found : user_pref("CT2849855.LastLogin_3.14.1.0", "Fri Aug 03 2012 13:35:31 GMT+0200");
Found : user_pref("CT2849855.LatestVersion", "3.14.1.0");
Found : user_pref("CT2849855.Locale", "de");
Found : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Found : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Found : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2849855.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT2849855.SearchCaption", "BittorrentBar_DE Customized Web Search");
Found : user_pref("CT2849855.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Found : user_pref("CT2849855.SearchInNewTabEnabled", true);
Found : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Found : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2849855.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2849855.SearchProtectorEnabled", false);
Found : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2849855.SendProtectorDataViaLogin", true);
Found : user_pref("CT2849855.ServiceMapLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Found : user_pref("CT2849855.SettingsLastCheckTime", "Fri Aug 03 2012 13:35:31 GMT+0200");
Found : user_pref("CT2849855.SettingsLastUpdate", "1342353836");
Found : user_pref("CT2849855.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13");
Found : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Thu May 31 2012 12:38:11 GMT+0200");
Found : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Found : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2849855.UserID", "UN86369236285184345");
Found : user_pref("CT2849855.WeatherNetwork", "");
Found : user_pref("CT2849855.WeatherPollDate", "Thu May 31 2012 12:38:13 GMT+0200");
Found : user_pref("CT2849855.WeatherUnit", "C");
Found : user_pref("CT2849855.alertChannelId", "1241896");
Found : user_pref("CT2849855.autoDisableScopes", -1);
Found : user_pref("CT2849855.backendstorage./9b+7e+x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e,x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e-x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e.x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e/x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6E6A6F6E75706F6F");
Found : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473747075747B767575242F4B4947[...]
Found : user_pref("CT2849855.backendstorage./9b+7e0x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e1x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e2x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e3x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e4x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e5x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e6x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e7x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e8x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e9x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e:x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e;x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e<x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e=x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e>x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e?x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7e@x305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7eax305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2849855.backendstorage./9b+7ebx305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7ecx305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7edx305", "2423");
Found : user_pref("CT2849855.backendstorage./9b+7etx305", "2423");
Found : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3E6D6F6C6A6E40457A42794472204A784C21254E2225202A52[...]
Found : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Found : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Found : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "6B676F403E6D416D7A46777272767D4D4C794B5150");
Found : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6F706D6C6E7673707A76");
Found : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2849855.initDone", true);
Found : user_pref("CT2849855.isAppTrackingManagerOn", true);
Found : user_pref("CT2849855.myStuffEnabled", true);
Found : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2849855.navigateToUrlOnSearch", false);
Found : user_pref("CT2849855.revertSettingsEnabled", true);
Found : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Found : user_pref("CT2849855.testingCtid", "");
Found : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Found : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Thu May 31 2012 12:38:13 GMT+0200");
Found : user_pref("CT2849855.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Cécile\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Found : user_pref("CommunityToolbar.globalUserId", "7059d2a7-24cb-4cc7-8d93-c67209841c73");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 31 2012 12:38:1[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 31 2012 12:38:12 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "7bce2f2b-a67d-4923-8c14-91f26be2c879");
Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=[...]
*************************
AdwCleaner[R1].txt - [17018 octets] - [03/08/2012 17:15:42]
########## EOF - C:\AdwCleaner[R1].txt - [17147 octets] ##########
|
|
03.08.2012, 16:24
| #6 |
| /// Helfer-Team | GVU Trojaner Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> GVU Trojaner |
|
03.08.2012, 18:17
| #7 |
| | GVU Trojaner So weit so gut   Hier der Log von Adwcleaner: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/03/2012 at 17:55:12
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Cécile - CÉCILE-PC
# Running from : C:\Users\Cécile\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Cécile\AppData\Local\Conduit
Folder Deleted : C:\Users\Cécile\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\ConduitCommon
Folder Deleted : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\CT2849855
Folder Deleted : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
Folder Deleted : C:\Program Files (x86)\Conduit
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\kg1enml1.default\prefs.js
Deleted : user_pref("CT2849855..clientLogIsEnabled", false);
Deleted : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Deleted : user_pref("CT2849855.CTID", "CT2849855");
Deleted : user_pref("CT2849855.CurrentServerDate", "3-8-2012");
Deleted : user_pref("CT2849855.DSInstall", false);
Deleted : user_pref("CT2849855.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2849855.DialogsGetterLastCheckTime", "Fri Aug 03 2012 15:38:00 GMT+0200");
Deleted : user_pref("CT2849855.DownloadReferralCookieData", "");
Deleted : user_pref("CT2849855.EMailNotifierPollDate", "Thu May 31 2012 12:38:11 GMT+0200");
Deleted : user_pref("CT2849855.FeedLastCount129349796701375473", 213);
Deleted : user_pref("CT2849855.FeedPollDate129313974171006416", "Thu May 31 2012 16:38:14 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313975698350231", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976370850190", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976648818968", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313977444757117", "Thu May 31 2012 16:38:15 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980389131455", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980655381977", "Thu May 31 2012 16:38:14 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980886163259", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313981234756535", "Thu May 31 2012 16:38:15 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983226631720", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983607725691", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2849855.FirstServerDate", "31-5-2012");
Deleted : user_pref("CT2849855.FirstTime", true);
Deleted : user_pref("CT2849855.FirstTimeFF3", true);
Deleted : user_pref("CT2849855.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2849855.HPInstall", false);
Deleted : user_pref("CT2849855.HasUserGlobalKeys", true);
Deleted : user_pref("CT2849855.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2849855.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2849855.Initialize", true);
Deleted : user_pref("CT2849855.InitializeCommonPrefs", true);
Deleted : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2849855.InstallationId", "fftF137.tmp.exe");
Deleted : user_pref("CT2849855.InstallationType", "XPE");
Deleted : user_pref("CT2849855.InstalledDate", "Thu May 31 2012 12:38:11 GMT+0200");
Deleted : user_pref("CT2849855.IsGrouping", false);
Deleted : user_pref("CT2849855.IsInitSetupIni", true);
Deleted : user_pref("CT2849855.IsMulticommunity", false);
Deleted : user_pref("CT2849855.IsOpenThankYouPage", true);
Deleted : user_pref("CT2849855.IsOpenUninstallPage", false);
Deleted : user_pref("CT2849855.LanguagePackLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Deleted : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2849855.LastLogin_3.12.0.8", "Thu May 31 2012 16:42:23 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jul 17 2012 21:24:18 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.14.1.0", "Fri Aug 03 2012 17:35:32 GMT+0200");
Deleted : user_pref("CT2849855.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2849855.Locale", "de");
Deleted : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2849855.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT2849855.SearchCaption", "BittorrentBar_DE Customized Web Search");
Deleted : user_pref("CT2849855.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Deleted : user_pref("CT2849855.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Deleted : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2849855.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2849855.SearchProtectorEnabled", false);
Deleted : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2849855.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2849855.ServiceMapLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastCheckTime", "Fri Aug 03 2012 13:35:31 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastUpdate", "1342353836");
Deleted : user_pref("CT2849855.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13");
Deleted : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Thu May 31 2012 12:38:11 GMT+0200");
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Deleted : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2849855.UserID", "UN86369236285184345");
Deleted : user_pref("CT2849855.WeatherNetwork", "");
Deleted : user_pref("CT2849855.WeatherPollDate", "Thu May 31 2012 12:38:13 GMT+0200");
Deleted : user_pref("CT2849855.WeatherUnit", "C");
Deleted : user_pref("CT2849855.alertChannelId", "1241896");
Deleted : user_pref("CT2849855.autoDisableScopes", -1);
Deleted : user_pref("CT2849855.backendstorage./9b+7e+x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e,x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e-x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e.x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e/x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e06cg5el8:", "6E6D6E6A6F6E75706F6F");
Deleted : user_pref("CT2849855.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473747075747B767575242F4B4947[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7e0x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e1x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e2x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e3x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e4x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e5x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e6x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e7x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e8x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e9x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e:x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e;x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e<x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e=x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e>x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e?x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7e@x305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7eax305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2849855.backendstorage./9b+7ebx305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7ecx305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7edx305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b+7etx305", "2423");
Deleted : user_pref("CT2849855.backendstorage./9b-0?3g>d", "3E6D6F6C6A6E40457A42794472204A784C21254E2225202A52[...]
Deleted : user_pref("CT2849855.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2849855.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT2849855.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Deleted : user_pref("CT2849855.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Deleted : user_pref("CT2849855.backendstorage./9b5ba==9cjag", "6B676F403E6D416D7A46777272767D4D4C794B5150");
Deleted : user_pref("CT2849855.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6F706D6C6E7673707A76");
Deleted : user_pref("CT2849855.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2849855.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2849855.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2849855.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2849855.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2849855.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.initDone", true);
Deleted : user_pref("CT2849855.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2849855.myStuffEnabled", true);
Deleted : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2849855.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2849855.revertSettingsEnabled", true);
Deleted : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.testingCtid", "");
Deleted : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 21:16:22 GMT+0200");
Deleted : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Thu May 31 2012 12:38:13 GMT+0200");
Deleted : user_pref("CT2849855.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Cécile\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Deleted : user_pref("CommunityToolbar.globalUserId", "7059d2a7-24cb-4cc7-8d93-c67209841c73");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849855");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 31 2012 12:38:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 31 2012 12:38:12 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "7bce2f2b-a67d-4923-8c14-91f26be2c879");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=[...]
*************************
AdwCleaner[R1].txt - [17143 octets] - [03/08/2012 17:15:42]
AdwCleaner[S1].txt - [17256 octets] - [03/08/2012 17:55:12]
########## EOF - C:\AdwCleaner[S1].txt - [17385 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 8/3/2012 6:09:37 PM
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 8/3/2012 6:11:08 PM
Gescannt 639585
Gefunden 0
Scan Ende: 03.08.2012 19:13:08
Scan Zeit: 1:02:00
|
|
04.08.2012, 15:49
| #8 |
| /// Helfer-Team | GVU Trojaner Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
04.08.2012, 17:41
| #9 |
| | GVU Trojaner Log von Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7893d3760b5f2b4293fb2368c90eddc5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-04 04:27:00
# local_time=2012-08-04 06:27:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 49248250 49248250 0 0
# compatibility_mode=5893 16776573 100 94 57925 95722815 0 0
# compatibility_mode=8192 67108863 100 0 177 177 0 0
# scanned=219116
# found=2
# cleaned=2
# scan_time=4655
C:\Users\Cécile\Downloads\Fonts.rar BMP/Exploit.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08032012_153535\C_ProgramData\fdrvlcnbztbgwjt\main.html HTML/Ransom.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
04.08.2012, 18:01
| #10 |
| /// Helfer-Team | GVU Trojaner Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
04.08.2012, 18:34
| #11 |
| | GVU Trojaner Java ist nun wieder aktuell und die Temporären Dateien sind gelöscht. |
|
04.08.2012, 18:43
| #12 |
| /// Helfer-Team | GVU Trojaner Sehr gut! damit bist Du sauber und entlassen! Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
04.08.2012, 20:36
| #13 |
| | GVU Trojaner Ich danke dir viel mal für deine schnelle und kompetente Hilfe! |
|
| Themen zu GVU Trojaner |
| akamai, autorun, bho, bonjour, computer, error, fehler, firefox, flash player, focus, format, helper, helper.exe, home, install.exe, logfile, mozilla, nvidia update, nvpciflt.sys, office 2007, plug-in, programm, realtek, registry, rundll, security, senden, software, svchost.exe, teamspeak, trojaner, usb 2.0, wscript.exe |
Linear-Darstellung
