Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner heute eingefangen - LOG Files

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 08.09.2012, 23:08   #1
grainator
 
GVU Trojaner heute eingefangen - LOG Files - Standard

GVU Trojaner heute eingefangen - LOG Files



Hi
Ich habe mir heute den GVU Trojaner eingefangen.

Ich bin nach dieser Anleitung vorgegangen:

http://www.trojaner-board.de/117883-...er-webcam.html

Hier meine Log Files:
OTL:
Code:
ATTFilter
7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 87,89 Gb Total Space | 4,79 Gb Free Space | 5,46% Space Free | Partition Type: NTFS
Drive D: | 98,42 Gb Total Space | 36,10 Gb Free Space | 36,68% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOPPC | User Name: admin_new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\admin_new\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\FileServe Manager\FSStarter.exe (FileServe Limited)
PRC - D:\Autodesk_2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - D:\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Windows\SysWOW64\nutsrv4.exe (DataFocus, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - D:\FileServe Manager\FFChromeExtHelper.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll ()
MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll ()
MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll ()
MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll ()
MOD - C:\PROGRA~2\Vision\system\rifxx.dll ()
MOD - C:\PROGRA~2\COMMON~1\Vision\vwmuapi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (mi-raysat_3dsmax2012_64) -- D:\Autodesk_2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (mi-raysat_3dsmax2010_64) -- D:\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
SRV - (AAV UpdateService) -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe ()
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (NuTCRACKERService) -- C:\Windows\SysWOW64\nutsrv4.exe (DataFocus, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cmudax) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc)
DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (MODRC) -- C:\Windows\SysNative\drivers\modrc.sys (DiBcom S.A.)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\mod7700.sys (DiBcom)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (PORTIO) -- C:\Users\Sotizzle\Desktop\JungleFlasher v0.1.73 Beta (108)\portio64.sys ()
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (TPkd) -- C:\Windows\SysWow64\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (usbaudio) -- C:\Windows\SysWOW64\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-864713432-773561721-809381997-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: D:\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011.05.13 22:30:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Addobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.01.20 12:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.20 12:36:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Sotizzle\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012.01.26 23:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.18 22:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.06 20:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.15 17:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.10.23 23:32:43 | 000,000,000 | ---D | M]
 
[2012.07.29 12:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.06 20:08:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.19 05:58:26 | 000,067,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.07.30 21:35:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.30 21:35:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.30 21:35:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.30 21:35:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.30 21:35:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.30 21:35:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe Contribute CS5.1  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: vshare plugin = C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2011.05.28 10:39:19 | 000,000,485 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 1) Go into the hosts setup folder:
O1 - Hosts: C:\Windows\System32\drivers\etc
O1 - Hosts: (I use Notepad to open it)
O1 - Hosts: add the following lines, at the bottom of the file, to the host file:
O1 - Hosts: You can just do a copy and paste
O1 - Hosts: 127.0.0.1                   activate.adobe.com
O1 - Hosts: 127.0.0.1                   practivate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com   Blocking Adobe Activation
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - D:\FileServe Manager\FileServeBHO.dll (FileServe Limited)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Addobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Addobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TNOD UP] "C:\Users\Sotizzle\Desktop\TNod\TNODUP.exe" /i File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FileServe Manager Task] D:\FileServe Manager\FSStarter.exe (FileServe Limited)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NuTCSetupEnviron] C:\PROGRA~2\NUTCRA~1\bin\ncoeenv.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\nutafun4.dll (DataFocus, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\nutafun4.dll (DataFocus, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A52D424-DB35-4DD2-A80A-EE484C53C70F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {24A42960-A7F8-11CF-8121-0020AFB5213D} - C:\PROGRA~2\Vision\SYSTEM\zonehook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.01 23:34:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008.12.28 19:46:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.11.15 22:23:03 | 000,000,000 | ---- | M] () - C:\.autoreg -- [ NTFS ]
O32 - AutoRun File - [2011.07.01 22:04:58 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012.04.02 22:53:55 | 000,000,000 | ---D | M] - D:\Autodesk_2012 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.08 23:34:14 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Google
[2012.09.08 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Apple Computer
[2012.09.08 23:32:19 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Adobe
[2012.09.08 23:32:14 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\ESET
[2012.09.08 23:32:08 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Adobe
[2012.09.08 23:30:06 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.09.08 23:30:06 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Searches
[2012.09.08 23:30:06 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.09.08 23:29:51 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Identities
[2012.09.08 23:29:48 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Contacts
[2012.09.08 23:29:46 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\VirtualStore
[2012.09.08 23:29:39 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\WTablet
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Vorlagen
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Verlauf
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Temporary Internet Files
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Startmenü
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\SendTo
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Recent
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Netzwerkumgebung
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Lokale Einstellungen
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Videos
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Musik
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Eigene Dateien
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Bilder
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Druckumgebung
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Cookies
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Anwendungsdaten
[2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Anwendungsdaten
[2012.09.08 23:29:22 | 000,000,000 | --SD | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Videos
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Saved Games
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Pictures
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Music
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Links
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Favorites
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Downloads
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Documents
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop
[2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.09.08 23:29:22 | 000,000,000 | -H-D | C] -- C:\Users\admin_new\AppData
[2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Temp
[2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft Help
[2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft
[2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs
[2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Macromedia
[2012.08.16 00:12:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 00:12:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 00:12:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 00:12:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 00:12:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 00:12:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 00:12:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 00:12:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 00:12:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 00:12:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 00:12:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 00:12:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 00:12:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 21:25:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 21:25:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 21:25:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 21:25:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.08 23:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 23:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 23:29:39 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.08 23:29:38 | 000,000,496 | RHS- | M] () -- C:\Users\admin_new\ntuser.pol
[2012.09.08 23:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.08 23:28:49 | 3193,786,368 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.08 23:27:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.08 00:18:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 23:50:29 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.04 23:50:29 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.04 23:50:29 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.04 23:50:29 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.04 23:50:29 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.04 23:23:11 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.25 17:40:48 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.25 17:40:48 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.16 19:59:11 | 005,019,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.08 23:30:55 | 000,001,401 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.09.08 23:30:15 | 000,001,435 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.09.08 23:29:38 | 000,000,496 | RHS- | C] () -- C:\Users\admin_new\ntuser.pol
[2012.09.08 11:53:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.02.26 19:34:18 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2011.12.09 15:00:24 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2011.12.08 02:47:26 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011.12.02 02:59:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011.11.23 00:16:04 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.07.01 22:16:32 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2010.12.12 02:09:15 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.11.02 21:22:29 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\uuddc32.dll
[2010.09.16 00:52:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\uninst.dll
[2010.09.16 00:50:49 | 000,065,808 | ---- | C] () -- C:\Windows\SysWow64\nutsh4.DLL
[2010.09.16 00:49:56 | 000,221,184 | R--- | C] () -- C:\Windows\SysWow64\tiffdump.exe
[2010.09.16 00:49:56 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflapigen.exe
[2010.09.16 00:49:55 | 000,262,144 | R--- | C] () -- C:\Windows\SysWow64\iflTIFF0.dll
[2010.09.16 00:49:55 | 000,163,840 | R--- | C] () -- C:\Windows\SysWow64\ifl0.dll
[2010.09.16 00:49:55 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\iflPNG0.dll
[2010.09.16 00:49:55 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\iflJFIF0.dll
[2010.09.16 00:49:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\iflSGI0.dll
[2010.09.16 00:49:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\iflGIF0.dll
[2010.09.16 00:49:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\ifldbgen.exe
[2010.09.16 00:49:55 | 000,032,768 | R--- | C] () -- C:\Windows\SysWow64\iflBMP0.dll
[2010.09.16 00:49:55 | 000,032,768 | R--- | C] () -- C:\Windows\SysWow64\cifl0.dll
[2010.09.16 00:49:55 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflXPM0.dll
[2010.09.16 00:49:55 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflPPM0.dll
[2010.09.16 00:49:55 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflFIT0.dll
[2010.09.16 00:49:55 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\iflXBM0.dll
[2010.09.16 00:49:55 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\iflRaw0.dll
[2010.09.16 00:49:55 | 000,020,480 | R--- | C] () -- C:\Windows\SysWow64\iflstatus.exe
[2009.10.24 13:25:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.09.08 23:32:14 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\ESET
[2010.04.18 10:50:27 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\abgx360
[2011.09.14 23:41:15 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Apowersoft
[2011.07.01 23:12:12 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Autodesk
[2010.03.27 22:57:30 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\BlackBean
[2009.10.24 01:26:20 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Blitware
[2009.11.22 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\DAEMON Tools Lite
[2009.10.25 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\DAEMON Tools Pro
[2010.02.27 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\DigitalJuice
[2009.10.23 23:33:25 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ESET
[2009.11.10 23:10:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\FlashFXP
[2012.09.07 23:28:56 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\foobar2000
[2012.01.29 11:18:38 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\FreeStone Group
[2010.07.19 20:04:19 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\GrabPro
[2012.01.19 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\HDRsoft
[2010.04.06 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ImgBurn
[2011.01.11 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Leadertech
[2011.12.18 01:12:40 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Mael
[2010.10.21 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ManyCam
[2012.06.16 13:24:24 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\MediaMonkey
[2009.10.23 23:54:46 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\NetMeter
[2012.02.09 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Nik Software
[2010.07.21 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Notepad++
[2009.10.23 23:23:01 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Opera
[2011.09.02 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Orbit
[2012.05.03 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\PACE Anti-Piracy
[2010.07.19 20:05:08 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ProgSense
[2009.12.24 00:40:00 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Ringtone Expressions
[2011.06.27 22:45:43 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Samsung
[2012.02.11 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Software4u
[2012.04.09 23:40:56 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.31 23:53:40 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Stereoscopic Player
[2012.05.02 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\TeamViewer
[2012.05.23 23:05:17 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Temp
[2010.12.12 00:58:56 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ThumbGen
[2010.01.04 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\TrueCrypt
[2012.02.11 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\WindSolutions
[2012.06.12 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\XnView
[2010.12.12 03:59:00 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2012.05.25 08:38:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         


und EXTRAS:



Code:
ATTFilter
7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 87,89 Gb Total Space | 4,79 Gb Free Space | 5,46% Space Free | Partition Type: NTFS
Drive D: | 98,42 Gb Total Space | 36,10 Gb Free Space | 36,68% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOPPC | User Name: admin_new | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Addobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Addobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087EB1C8-74E9-4C76-B05A-D7327D5F3DCF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{10B19112-0139-49CF-B786-E45E45CE3E01}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1A1EA812-7FA5-4A07-90C8-4A8B1BAC7B74}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1A738346-5523-48A8-AE34-C3E96DE0175F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{211F3D3B-4789-4D99-B839-1E82C92E5D68}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
"{260A2589-9AEF-4090-A69D-775893A36424}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C952AE4-50A1-4B11-A47C-279A3FF5044F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{34C8DB82-B4E9-4BA3-A73D-66D9171E1065}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E109CB3-2BBE-4910-8B3C-3F5C3BA99F18}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3E448F29-C46B-40A3-98D1-84D3FE6534B6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{445F7016-3A40-4EF2-AE2E-935DB11E7B49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BDEB4E4-8EBE-4DA4-9163-096A35F82647}" = lport=138 | protocol=17 | dir=in | app=system | 
"{500853BA-FE37-4D74-9BB4-AC41BBCC96FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{52B28342-83F1-488F-B5AB-329F50B6E6DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56127733-FD7C-448E-8120-3C4D6DD49180}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{59368EBC-9100-4934-9091-20EFF3C5AACB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59CE7F75-0166-4CAA-8A69-814FB52F1A22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B31CE54-C7E5-4F6D-8886-B9E7BA43D1E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5F8EEE78-C7D1-4DA2-BA08-DBD57A55641E}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{6B86F1C9-FAF1-49F4-B0BB-829F982D47ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6B9BAFC2-63A1-494F-86EE-FAE4A535BF4E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{856D00AE-42ED-47EC-9129-1981A4D0F6D0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8770A5C3-F968-4806-B0CB-AD843759AD41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8E66DA02-8A6A-4DDD-A665-B681FAEEFE1C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{924FAD34-706D-4BF7-AA76-8FFB3CCD8736}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{9B856E00-F076-4A7A-9907-D0B4BC5DBEF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A66A9A45-52DC-424A-B45E-CF6EF42B8799}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB1C1A91-0777-4E38-B89D-2314D4A38140}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ACFCEE19-7669-4CE9-AA8B-A23FFF63C2D7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B53325C7-DB1D-415F-A25D-6C205CD6E519}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8FF5EFF-3565-4D86-AB90-20726BEDD8DF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BB36B90D-F208-4B29-B50A-0E3E474D2EA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB50E33C-6C14-4174-8F4F-3E662A71B194}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C4979756-E408-4795-BD38-0791E420A9D1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CBD7828D-4D47-411C-8CE8-735F99568FF0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD15A794-58A4-4591-9E53-37C2FC01D1B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6A1402F-CB67-4FED-BCDF-86BD8EF71D96}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D859C1FE-C3DB-4370-9071-62CD898274DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5E2EFA2-12C1-4684-9873-89E7CF1556CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EE5956C6-63CC-4187-857A-8E822332ACC6}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{F2864BAC-B88C-4BEF-A42D-FF27859744D8}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0353E5B9-1604-4D2C-9282-6575F9DF6314}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0F73E3D7-33FB-4FF8-944F-7A5120420C0A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0F7D782F-502F-4DB0-B416-44C00AD9B718}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{142C9473-58AA-41DE-A829-E5B66CF645B6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{145F1BD2-4D8C-431F-9D54-007E67B6087F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{1537F6DE-1066-4F83-AE4B-A3B9FE12E3B1}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{15BB6286-EC4F-40A8-A17C-A6E121B549BC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{15EB572D-630F-44EE-882C-0A86446160C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2006D16C-DAB5-40FA-A2E7-0EE379437DB4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2015B576-7411-4EBC-8850-5964CC2439BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2182EBCB-0DE3-45FE-B1D4-2058886200CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{236363E2-7C4D-48A0-90C7-AA90B527BFA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2418FC7D-4C61-440C-BF58-1DF0C6E4962D}" = protocol=17 | dir=in | app=d:\sega\vancouver 2010\vancouver.exe | 
"{259B4C18-B6AF-49CD-8867-60720F1DC425}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2643EAC0-F6F7-4782-81F2-6DFF3CB8DA58}" = protocol=17 | dir=in | app=d:\addobe\adobe flash builder 4.5\flashbuilder.exe | 
"{300BF7EC-DE15-4B18-AA1F-8BA9532B38A0}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{356B0E96-EBD1-4C5D-9F87-1668C3A21FA0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3ABD99F8-B6FC-4601-8248-9238D8E488BC}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{3CF146C4-7339-4C72-A4D5-6252D23FD356}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{45BC0C29-5A0B-4144-ACB9-C0117E343C2D}" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe | 
"{462056CA-23AD-47EE-91F2-4C5BE034CEBF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46CBFEF9-DDBD-4A5E-86A6-7C58FE4C8B03}" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | 
"{4CF0EB8D-4C93-493D-AC85-5B32384C0825}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{4D90CE29-D169-4B28-8A65-18CB0C4613F5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4E2737BC-639F-4C15-B773-8247BE6F643B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4E2B9E19-F169-49EE-9177-997BC9FBA584}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{50FB5D4B-75D3-40F7-AE09-5E242D26786C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57B75B98-72C1-4D89-AB25-1A415E6DC6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{5BE1FB3F-62C4-43E8-8B00-AC282F526A7B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{5F3DD7B0-CBA8-4960-8344-DD47F12BAF74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FDCB7AB-0188-4A76-86E8-A2CE913B3F9A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{61EC9600-7AAF-4C30-9DCD-72831A842FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{61F65346-9958-4E76-9C3E-82010B458283}" = protocol=6 | dir=in | app=d:\addobe\adobe flash builder 4.5\flashbuilder.exe | 
"{630791B3-E15D-45AF-8B4F-55D57CEF126A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{632C770F-E272-496A-BE64-357D05E848E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{68DA2DC1-CF01-434F-A9BC-64A5EAE04B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6C6CB253-1A9B-45E4-ABBE-F5FDB224958C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6D80EBAC-3B0D-4FF2-8833-EAAFE37B2CDA}" = protocol=6 | dir=in | app=d:\autodesk_2012\3ds max 2012\3dsmax.exe | 
"{726BB874-A3BB-49A1-ACB9-3135425E2134}" = protocol=6 | dir=in | app=d:\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{77CECDFF-EC14-4588-BB7D-23E7228B86FF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{78B651C5-3806-4DA7-9BDA-FE4EC6C1E92F}" = protocol=6 | dir=in | app=d:\sega\vancouver 2010\vancouver.exe | 
"{7B4E81B6-759A-4F42-BA03-7A4473D2C0AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7C3AC18A-30DD-472B-A2EB-3D285471C621}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7E6564A2-095E-4A19-8B85-B96DA696E1B8}" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64.exe | 
"{7E71DD46-FAA2-4E47-8C21-B4C720175A62}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{813FC762-9DCF-4C5D-9FCF-DD35BFB59D65}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{819D47E3-5C63-4CC8-90E0-6A1720AF0F23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85822126-1A9B-4F3D-BC40-912B3D352750}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{874A3BF7-5D92-469A-BFA9-E4E684B6CD1F}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{87EA2948-BFD4-496B-960D-5C8180DCB157}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B7D2A58-2330-4E59-83EF-CFA9DAC6A724}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{8BD3A9C3-B217-4191-A64B-1437E72C67AD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{9016BD49-0FFF-471E-BAE8-85B83376BDC7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{91872C4A-2CCE-442D-AF34-816530D6F5E5}" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe | 
"{918D770A-A15E-4A67-9943-D50E20F1B47A}" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | 
"{930F64EF-60E8-446B-B64E-B910B5C762AC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{94D9AB9F-2076-4AC5-BEA3-9D6C1ECC385B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{951A5F6E-CF40-4F45-A304-634C86C734E1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9930C656-0E8A-4076-A975-483B46E5AFF5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9ADB539C-0274-4F1D-AD3C-EB983EF6AD16}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9CE46CF1-B118-4BEE-AEB0-CD30908380E1}" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64.exe | 
"{9E3F06D9-E04B-45BA-8FE6-68DB68DE4DE8}" = protocol=17 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 
"{9E4840AF-DCE4-4BF8-B71F-273B4F2556BF}" = protocol=6 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 
"{A017A15A-494D-4044-B52E-E2D04F62FB3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AA1E2E66-7068-41EE-9175-CA22183E49A7}" = protocol=6 | dir=out | app=system | 
"{AF1690BB-EEDD-47E6-8D10-E41BA1A99B05}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AF800796-245E-4BAC-A0A9-158B43D968EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B416E33A-4F03-4A42-BBF0-AEDD016A3B56}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B4EDE0C7-7D59-49DD-B9AE-462FAA6008CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B6D560B5-81CE-4977-90FE-735705C09DB0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BAE0FD62-A011-4370-9412-769C44450E71}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BCBC5E83-F03B-40AE-84F8-3ADE2BFDA3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{BF337E3E-C201-40FF-9EDE-13FB72586E0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{BF78FC92-FAAB-494F-A735-E0FE3F56371A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{C0A603DD-4946-442C-AC40-035C0D49A8C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C305A0CC-10C4-4DDA-8777-BA7D5469E266}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{C3B3B9DC-4B5B-4671-B378-FC6EA7C6D776}" = protocol=17 | dir=in | app=d:\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{C78B3FF6-928D-4646-950E-ABC9240B8EB3}" = protocol=6 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 
"{C978FD1C-FD5E-4E34-8BBF-76FA34FC040E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9CB2DB1-440B-4DCC-9872-DE500561AD11}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CA10B524-E7ED-4C22-82FB-DB1C9B69426C}" = protocol=17 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 
"{CAB397E8-181E-4AEE-961F-B618D45AD6D7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{CF9BCDB4-D191-453A-BF7B-BFF3A661206E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D1AB25A8-1245-43F2-9BDC-7F3F9C91BAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{D6C6C643-56F7-4978-BE25-1EE098E43D4B}" = protocol=17 | dir=in | app=d:\autodesk_2012\3ds max 2012\3dsmax.exe | 
"{D9D2F801-3B06-47B7-94AE-CB278C77C631}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DA26F6EE-8FE7-41C6-9DCD-640401053CDA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DAA72676-C0DC-4B0E-A704-A867034333F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E132A5F6-1C85-402B-8D1F-9B84FCA0093C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E1C5E17A-BC26-4D54-BC71-B50ACD66F95F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9035740-84B7-440B-A007-A89F17325F7F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{EF5F88B5-0833-4939-AF6D-C72E9D09A73B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F6C7EA2B-2D11-4C45-A1E9-150215E46879}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{F8A9C8EB-846F-4119-B76E-F2D2CC844882}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB1C38F8-01B5-448D-A147-5293B99D93DC}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{FEAB9C32-45F5-4DB0-A0ED-B9BA5CDE566C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"TCP Query User{0C861752-A720-4FE9-9C84-9193FC9CC89B}D:\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=d:\maya2009\bin\maya.exe | 
"TCP Query User{1175F336-A227-4240-9C4D-A93337D41B7A}D:\autodesk\3ds max design 2010\3dsmax.exe" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | 
"TCP Query User{13D3A3AB-F1EC-417B-B7A4-6172C554C4B5}D:\appz\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=d:\appz\maya2009\bin\maya.exe | 
"TCP Query User{1E7EB4D7-CA29-4E09-8541-6DAC2602D1C7}D:\appz\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=d:\appz\maya2009\bin\maya.exe | 
"TCP Query User{2D83D84F-9D50-47F5-80EB-6EBF23AE27CB}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | 
"TCP Query User{56CD9539-84A5-4C84-BB2C-D01D5789D59B}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | 
"TCP Query User{7270421D-2BF4-4E56-9CA9-9151DB7A65B0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{72E50640-6B22-45C3-895D-71203844ABBF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{77977D7C-EACA-494E-8DF8-4EEB2AA3E15F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{7D4873B7-5365-4A88-859C-DFC78414AB9B}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | 
"TCP Query User{80BD0D39-EC16-41F3-96CE-042C0D0D2C8E}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | 
"TCP Query User{83376CBB-6A82-4D1D-B9F5-F1E97E956EFC}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{9439463B-65D4-42E9-8B59-77BB9DE03C75}E:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=6 | dir=in | app=e:\wd_windows_tools\wddiscovery\wddiscovery.exe | 
"TCP Query User{9496D9AF-A999-4516-ACAF-E745A16BEC78}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{959042D1-0104-4BB6-AFCA-0E41BEB1C30E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{9B4DE63E-9131-4A69-BE7A-31B6D9E85572}C:\program files\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | 
"TCP Query User{9EE33285-2460-4675-91EE-D7EE55297E4B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{9F3998B4-7AEC-420C-A654-05ABD0EF001A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{A136468D-5F37-4365-8109-50B7B1E3D89D}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | 
"TCP Query User{A89B9D87-D26A-4415-9402-776B966F39E2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{AED5E45D-6C8D-4D66-BBED-44DC13B32960}C:\program files (x86)\realvnc\vnc4\winvnc4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realvnc\vnc4\winvnc4.exe | 
"TCP Query User{C0A32D8C-C25C-416D-A03C-E4F36A3A4AB4}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"TCP Query User{C17E253E-49EC-4403-ADA4-8C8A4ACF1659}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{DA859BEF-3033-497E-9F78-C146DADED20D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{DB2A968B-12DF-472B-9CE9-D09C4247F48F}D:\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\trillian\trillian.exe | 
"TCP Query User{E6FFC7E6-D796-45C1-8B71-F438E4D85BA2}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{F4F71952-5D1B-476E-84D2-0E24F1A5E5F2}D:\autodesk_2012\maya2012\bin\maya.exe" = protocol=6 | dir=in | app=d:\autodesk_2012\maya2012\bin\maya.exe | 
"TCP Query User{F5BD0742-9D48-40BD-9813-4556A52127F1}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{11EF8F6B-36A1-4973-A83F-E95E61512817}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{1A394818-062A-4242-85AE-8F43A8DA2D61}C:\program files (x86)\realvnc\vnc4\winvnc4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realvnc\vnc4\winvnc4.exe | 
"UDP Query User{1EEB90B9-80F7-4539-9511-7D07B2E59899}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{23AA8B91-F2C2-4601-8D0F-798A0FC0AE9B}D:\appz\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=d:\appz\maya2009\bin\maya.exe | 
"UDP Query User{2F973F43-0C0D-44FF-BCAB-0CC8DEC55CC7}C:\program files\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | 
"UDP Query User{33BF1F88-CDE8-43DF-BD19-8BAF8432ADC7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{39867B2D-947A-4B8B-97AA-A2BA4EB78655}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | 
"UDP Query User{41B98232-FFCB-46DA-B32A-BD6DCBA2A670}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{453AEB16-0883-4086-9ED9-6872201A318B}D:\autodesk_2012\maya2012\bin\maya.exe" = protocol=17 | dir=in | app=d:\autodesk_2012\maya2012\bin\maya.exe | 
"UDP Query User{5EF0CF78-96E6-4F68-972A-21067E4EE8C0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{6BCA75C4-FEA1-481C-998E-E5F20C7D0227}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{7CA88000-C14B-4FCE-858A-29E6E93427A3}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | 
"UDP Query User{7E5AA13A-1011-4D65-96F8-6A7D7F33AF46}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{89258A8B-2C6F-4EC6-8AED-A1D95C68C853}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{9C2F263C-32F0-4A6B-A226-6DDB769076CE}D:\autodesk\3ds max design 2010\3dsmax.exe" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | 
"UDP Query User{A68C0236-E41B-449E-B1F8-22FE12E659C2}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{BFFEC455-6B1F-4192-9036-D38864EC426B}D:\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=d:\maya2009\bin\maya.exe | 
"UDP Query User{C3F8EC59-08F3-42D0-ADA2-0436B70F33BF}E:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=17 | dir=in | app=e:\wd_windows_tools\wddiscovery\wddiscovery.exe | 
"UDP Query User{C4D4C810-6091-48F7-987C-7AADAA37A8B6}D:\appz\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=d:\appz\maya2009\bin\maya.exe | 
"UDP Query User{C8CD7B08-1E16-421B-A393-723BBE730D82}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | 
"UDP Query User{CFEBAB19-2290-4086-AB0B-6E40A5378C0F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{D19BE430-3324-4A52-82A8-B5D7D2A23A8A}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{E29F3691-3E98-4178-A105-1CA01029BC94}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{E30AE8CA-6299-4D47-A5CE-6928B80B533E}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | 
"UDP Query User{E71E1090-3F50-4DB9-8A60-942532982374}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"UDP Query User{EEDA8D42-0F64-439D-9BCD-24929AE2FF24}D:\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\trillian\trillian.exe | 
"UDP Query User{EFAAA660-4D2D-4C3C-8346-1ACB140E1F57}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | 
"UDP Query User{F3F1325B-FAD0-4FDA-BEE2-D15EC2E5ABF1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{227B4E66-B95F-46B8-8E86-740D5CBFC65C}" = Maya 2009 (64-bit)
"{23A66953-369C-4d22-A189-C6E403D4A19F}" = Native Instruments Audio 2 DJ Driver
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{33EE1A55-D9DD-44AC-91E0-0D0AC75608D7}" = Maya 2009 Bonus Tools (64-bit)
"{420461EA-8522-0409-B836-C9BFC6137A6D}" = Autodesk 3ds Max Design 2010 64-bit Components
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6378ABCE-F816-4330-A7B1-FBEBCD50B746}" = ESET Smart Security
"{69F849EF-4918-4333-81C1-8D8FC07E62B1}" = Knoll Light Factory Photo 64 bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9E49EC1-F125-0409-A5D1-452B98A1530A}" = Autodesk 3ds Max Design 2010 64-bit
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D44BCDFB-817B-4C14-8551-915E8B9DDD8B}" = Maya 2009 (64-bit) Documentation (en_US)
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EC4EBC45-30AF-4F3C-B2B5-2FAF3FF9A1D1}" = Autodesk DirectConnect 2009 (64-bit)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"C-Media Audio Driver" = C-Media PCI Audio 64-bit Driver
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.7.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Pen Tablet Driver" = Bamboo
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.4
"ProgDVB" = ProgDVB
"Recuva" = Recuva
"TNod" = TNod User & Password Finder
"V-Ray for 3dsmax 2010 for x64" = V-Ray for 3dsmax 2010 for x64
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.80.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0976596E-2882-487D-8738-A32C3B3A3C7C}" = PJ Remix
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48EE4F71-8365-11D4-A82C-0000E85C4F70}" = 3D-Equalizer V3 R4b8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1" = FileServe Manager 1.0.0.2821
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6291FC10-FDF0-4022-A1A5-710C728D49C2}" = Vancouver 2010
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{640EAE56-81A2-49D4-9B8C-00DA3C0031AF}_is1" = Juicer 3.55a
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68E6762C-20CA-41B2-8720-1B178B2C6AED}" = DxO FilmPack 2.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A5B1D32-CC86-4689-B43C-AD52A9B8773B}" = DIYPhotoBits.com Camera Control 5.2
"{7021CBFE-9C50-4BE0-A299-8F173E751302}" = Autodesk 3ds Max Design 2010 Tutorials Files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC8C451E-A820-48C8-AE92-A0FF088969D8}" = Stereoscopic Player
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E299894D-5014-427C-8C4C-7AC4B1897495}" = Gigabyte U8000 TV Card Driver
"{E7D293C9-732D-4E22-905D-2615FED321A4}" = BILD-Steuer 2010
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5AEB5A7-D4EA-49A5-89F2-A799F1C620B9}" = TViXiE
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"7-Zip" = 7-Zip 4.65
"abgx360" = abgx360 v1.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autodesk 3ds Max 2012 64-bit - English SP1" = Autodesk 3ds Max 2012 64-bit - English SP1
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CloneCD" = CloneCD
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dfine 2.0 Stand-Alone" = Dfine 2.0
"DivX Setup" = DivX-Setup
"DVB Dream_is1" = DVB Dream version 1.5c
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EuroGrand Casino" = EuroGrand Casino
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.1111
"foobar2000" = foobar2000 v1.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Google Chrome" = Google Chrome
"GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0
"HDR Efex Pro" = HDR Efex Pro
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"Image Format Library 1.4" = Image Format Library
"ImgBurn" = ImgBurn
"InstallShield_{69F849EF-4918-4333-81C1-8D8FC07E62B1}" = Knoll Light Factory Photo 64 bit
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JDownloader" = JDownloader
"KaloMa_is1" = KaloMa 4.91
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.2.0
"Knoll Light Factory Photo" = Knoll Light Factory Photo
"MediaMonkey_is1" = MediaMonkey 4.0
"MKS Platform Components 7.x" = MKS Platform Components 7.x
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Audio 2 DJ Driver" = Native Instruments Audio 2 DJ Driver
"Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NetMeter_is1" = NetMeter 1.1.3
"Notepad++" = Notepad++
"Opera 11.52.1100" = Opera 11.52
"Pixelspeed_Layouter" = Pixelspeed Layouter 
"PixPlant2 App_is1" = PixPlant 2.0.43
"PokerStars.net" = PokerStars.net
"RealVNC_is1" = VNC Free Edition 4.1.3
"Ringtone Expressions" = Ringtone Expressions 1.5.0
"Sharpener Pro 3.0 Stand-Alone" = Sharpener Pro 3.0
"Silver Efex Pro 2" = Silver Efex Pro 2
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"Viveza 2" = Viveza 2
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.97
"XVision" = SCO XVision-Eclipse
"YouTubeGet_is1" = YouTubeGet 5.9.5
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2012 16:09:47 | Computer Name = desktopPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0,
 Zeitstempel: 0x4d90cf71  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0x448  Startzeit der fehlerhaften Anwendung: 0x01cd638954ff2419  Pfad der
 fehlerhaften Anwendung: D:\Addobe\Adobe Photoshop CS5.1\Photoshop.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 307b6c00-cf82-11e1-a476-002215c850af
 
Error - 17.07.2012 15:50:07 | Computer Name = desktopPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000174c  ID des fehlerhaften Prozesses:
 0x1b94  Startzeit der fehlerhaften Anwendung: 0x01cd645540b5efcd  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: 9bafe28c-d048-11e1-831a-002215c850af
 
Error - 21.07.2012 12:46:38 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.07.2012 12:39:05 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.07.2012 14:15:55 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.07.2012 06:30:37 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.07.2012 09:04:31 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.07.2012 08:24:15 | Computer Name = desktopPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000174c  ID des fehlerhaften Prozesses:
 0x20e0  Startzeit der fehlerhaften Anwendung: 0x01cd6d85012247af  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: 4f1d9f39-d978-11e1-97db-002215c850af
 
Error - 30.07.2012 06:53:10 | Computer Name = desktopPC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 20.0.1132.57 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1518    Startzeit:
 01cd6e2035ea3ecb    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 a48955c4-da34-11e1-a9b1-002215c850af  
 
Error - 30.07.2012 07:58:26 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.07.2012 13:30:33 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 17:42:12 | Computer Name = desktopPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000174c  ID des fehlerhaften Prozesses:
 0x1dd8  Startzeit der fehlerhaften Anwendung: 0x01cd6f653bb9d29c  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: 95c93adc-db58-11e1-9007-002215c850af
 
[ System Events ]
Error - 08.09.2012 05:56:41 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 05:56:41 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 05:56:41 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 05:59:03 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TPkd
 
Error - 08.09.2012 17:24:27 | Computer Name = desktopPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2012 um 11:59:36 unerwartet heruntergefahren.
 
Error - 08.09.2012 17:25:00 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TPkd
 
Error - 08.09.2012 17:28:57 | Computer Name = desktopPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2012 um 23:27:27 unerwartet heruntergefahren.
 
Error - 08.09.2012 17:29:29 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   TPkd
 
Error - 08.09.2012 17:50:59 | Computer Name = desktopPC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 08.09.2012 17:50:59 | Computer Name = desktopPC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
Ich hoffe ihr könnt mir helfen..

mfg

Alt 09.09.2012, 01:43   #2
t'john
/// Helfer-Team
 
GVU Trojaner heute eingefangen - LOG Files - Standard

GVU Trojaner heute eingefangen - LOG Files





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-864713432-773561721-809381997-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O4:64bit: - HKLM..\Run: [TNOD UP] "C:\Users\Sotizzle\Desktop\TNod\TNODUP.exe" /i File not found 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [NuTCSetupEnviron] C:\PROGRA~2\NUTCRA~1\bin\ncoeenv.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKU\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2008.12.28 19:46:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 
O32 - AutoRun File - [2008.11.15 22:23:03 | 000,000,000 | ---- | M] () - C:\.autoreg -- [ NTFS ] 
[2012.09.08 23:27:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 

[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\admin_new\AppData\Local\{*}
C:\Users\admin_new\AppData\Local\Temp\*.exe
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 09.09.2012, 16:54   #3
grainator
 
GVU Trojaner heute eingefangen - LOG Files - Standard

GVU Trojaner heute eingefangen - LOG Files



Hi!

Vielen Dank für die schnelle Antwort.
Kurze Frage vorab: ist dieser fix auf den User bezogen? weil ich hab diesen admin_new account extra im nachhinein neu generiert um die ganzen scans etc durchzuführen.

Ich habe den Fix jetzt auch in diesem Account gemacht.

Hier der OTL Log dazu:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-864713432-773561721-809381997-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TNOD UP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NuTCSetupEnviron deleted successfully.
C:\PROGRA~2\NUTCRA~1\bin\ncoeenv.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\.autoreg moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\admin_new\AppData\Local\{*} not found.
File\Folder C:\Users\admin_new\AppData\Local\Temp\*.exe not found.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\admin_new\Desktop\cmd.bat deleted successfully.
C:\Users\admin_new\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin_new
->Temp folder emptied: 304534 bytes
->Temporary Internet Files folder emptied: 64901 bytes
->Google Chrome cache emptied: 30265331 bytes
->Flash cache emptied: 56502 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sotizzle
->Temp folder emptied: 480505666 bytes
->Temporary Internet Files folder emptied: 174176578 bytes
->Java cache emptied: 35926375 bytes
->FireFox cache emptied: 77016472 bytes
->Google Chrome cache emptied: 258010822 bytes
->Opera cache emptied: 35160551 bytes
->Flash cache emptied: 44181 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 780774079 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.786,00 mb
 
 
OTL by OldTimer - Version 3.2.61.2 log created on 09092012_174229

Files\Folders moved on Reboot...
C:\Users\admin_new\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
vorab schon das Log file von AdwCleaner - hab bisher nur die suche durchgeführt und nicht das löschen.

Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/09/2012 um 17:52:16 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : admin_new - DESKTOPPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\Program Files (x86)\vShare.tv plugin
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Sotizzle\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Sotizzle\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Sotizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.15] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df",
Gefunden [l.1830] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df",

Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6580 octets] - [09/09/2012 17:52:16]

########## EOF - C:\AdwCleaner[R1].txt - [6640 octets] ##########
         

Der Vollscan mit Malwarebytes Anti-Malware läuft gerade... nur wird der wahrscheinlich etwas länger dauern;

Mfg

hier der Malwarebytes log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin_new :: DESKTOPPC [Administrator]

Schutz: Aktiviert

09.09.2012 17:55:11
1

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 839772
Laufzeit: 2 Stunde(n), 20 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\extensions.exe (Spyware.SpyEyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 14
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063947.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063948.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063949.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP168\A0067627.exe (PUP.Uusee) -> Keine Aktion durchgeführt.
C:\Users\Sotizzle\Desktop\TNod\TNod-1.4.1.0-final-setup.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
C:\Users\Sotizzle\Desktop\TNod\uninst-tnod.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
C:\Users\Sotizzle\Downloads\10FA.tmp (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\WINDOWS.0\AntiWPA\antiwpa.dll (PUP.Wpakill) -> Keine Aktion durchgeführt.
C:\WINDOWS.0\system32\antiwpa.dll (PUP.Wpakill) -> Keine Aktion durchgeführt.
C:\Windows.old\Users\Administrator\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ccproxysetup.exe (PUP.CCProxy) -> Keine Aktion durchgeführt.
D:\Autodesk\xf-a2010.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
D:\Trillian\loader.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\Users\Sotizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
und hier noch die log file von adwcleaner nach dem löschen:

Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/09/2012 um 20:19:35 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : admin_new - DESKTOPPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Sotizzle\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Sotizzle\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Sotizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.15] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df",
Gelöscht [l.1830] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df",

Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6693 octets] - [09/09/2012 17:52:16]
AdwCleaner[R2].txt - [6753 octets] - [09/09/2012 20:19:06]
AdwCleaner[R3].txt - [6813 octets] - [09/09/2012 20:19:23]
AdwCleaner[S1].txt - [7419 octets] - [09/09/2012 20:19:35]

########## EOF - C:\AdwCleaner[S1].txt - [7479 octets] ##########
         
__________________

Alt 09.09.2012, 22:21   #4
t'john
/// Helfer-Team
 
GVU Trojaner heute eingefangen - LOG Files - Standard

GVU Trojaner heute eingefangen - LOG Files



Zitat:
PUP.Wpakill
C:\WINDOWS.0\AntiWPA\antiwpa.dll
C:\WINDOWS.0\system32\antiwpa.dll
Trojan.Agent.CK
C:\Users\Sotizzle\Desktop\TNod\TNod-1.4.1.0-final-setup.exe
C:\Users\Sotizzle\Desktop\TNod\uninst-tnod.exe
D:\Autodesk\xf-a2010.exe
Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex.

Schon mal darueber nachgedacht, warum es Cracks gibt?
Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner.
Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:



2. Formatieren, Windows neu instalieren:



3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 10.09.2012, 19:28   #5
grainator
 
GVU Trojaner heute eingefangen - LOG Files - Standard

GVU Trojaner heute eingefangen - LOG Files



mal abgesehen davon... ist der GVu Trojaner damit jetzt komplett weg?!

ich habe mich in den account eingeloggt und es ist zumindest nichts mehr gekommen.


Alt 11.09.2012, 00:44   #6
t'john
/// Helfer-Team
 
GVU Trojaner heute eingefangen - LOG Files - Standard

GVU Trojaner heute eingefangen - LOG Files



der GVU Ransom ist die unbedeutendste Infektion deines Rechners:

Zitat:
Spyware.SpyEyes
C:\extensions.exe
Spyware.Passwords.XGen
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063947.exe
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063948.exe
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063949.exe
PUP.Uusee
C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP168\A0067627.exe
__________________
--> GVU Trojaner heute eingefangen - LOG Files

Antwort

Themen zu GVU Trojaner heute eingefangen - LOG Files
7-zip, adobe after effects, converter, downloader, eset smart security, flash player, google, google earth, hijack, homepage, iexplore.exe, install.exe, jdownloader, monitor.exe, ntdll.dll, office 2007, plug-in, pup.ccproxy, pup.hacktool.patcher, pup.uusee, pup.vshareredir, pup.wpakill, realtek, recuva, registry, safer networking, security, software, spyware.passwords.xgen, spyware.spyeyes, svchost.exe, third party, trojan.agent, trojan.agent.ck, trojan.ransom.gen, trojaner, windows




Ähnliche Themen: GVU Trojaner heute eingefangen - LOG Files


  1. Ich habe mir möglicherweise einen Trojaner eingefangen beim öffnen eines ZIP Files als Mail Anhang
    Log-Analyse und Auswertung - 22.09.2015 (5)
  2. Ich habe mir möglicherweise einen Trojaner eingefangen beim öffnen eines ZIP Files als Mail Anhang
    Log-Analyse und Auswertung - 16.09.2015 (6)
  3. Worm:Win32/Ramnit.A heute auf dem Pc eingefangen. Windows 8
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (7)
  4. Win 7: GVU heute eingefangen. Wie entfernen? Winunlocker geht nicht
    Log-Analyse und Auswertung - 12.11.2014 (27)
  5. Log Files Beurteilung: insb. Vorgehen bei Meldung in Log Files "Files to move or delete:..."
    Log-Analyse und Auswertung - 20.05.2014 (15)
  6. PC heute mit Trojaner infiziert PC geblockt
    Log-Analyse und Auswertung - 02.08.2013 (25)
  7. Bundestrojaner heute eingefangen
    Log-Analyse und Auswertung - 11.06.2013 (12)
  8. GVU Virus heute eingefangen und gleich entfernt - ist mein PC wirklich sauber? Wie checken?
    Log-Analyse und Auswertung - 19.01.2013 (11)
  9. GVU Trojaner heute auf Rechner Windows XP
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (17)
  10. GVU Trojaner 2.07 Win XP von heute
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (6)
  11. GVU Trojaner heute erhalten
    Log-Analyse und Auswertung - 14.07.2012 (1)
  12. O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSetting
    Mülltonne - 02.07.2012 (0)
  13. Bundestrojaner heute eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  14. MSN Trojaner TR/Vundo.Gen heute draufgezogen
    Plagegeister aller Art und deren Bekämpfung - 21.12.2008 (0)
  15. TR/Crypt.XPACK.Gen Heute eingefangen!
    Mülltonne - 05.11.2008 (0)
  16. Hab mir heute was eingefangen, brauch Hilfe :(
    Plagegeister aller Art und deren Bekämpfung - 31.12.2005 (10)
  17. Alles im Eimer?? Heute gleich FÜNF Würmer eingefangen!! *Help*
    Plagegeister aller Art und deren Bekämpfung - 29.10.2004 (13)

Zum Thema GVU Trojaner heute eingefangen - LOG Files - Hi Ich habe mir heute den GVU Trojaner eingefangen. Ich bin nach dieser Anleitung vorgegangen: http://www.trojaner-board.de/117883-...er-webcam.html Hier meine Log Files: OTL: Code: Alles auswählen Aufklappen ATTFilter 7,93 Gb Paging File - GVU Trojaner heute eingefangen - LOG Files...
Archiv
Du betrachtest: GVU Trojaner heute eingefangen - LOG Files auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.