|
Log-Analyse und Auswertung: GVU Trojaner heute eingefangen - LOG FilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.09.2012, 23:08 | #1 |
| GVU Trojaner heute eingefangen - LOG Files Hi Ich habe mir heute den GVU Trojaner eingefangen. Ich bin nach dieser Anleitung vorgegangen: http://www.trojaner-board.de/117883-...er-webcam.html Hier meine Log Files: OTL: Code:
ATTFilter 7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,89 Gb Total Space | 4,79 Gb Free Space | 5,46% Space Free | Partition Type: NTFS Drive D: | 98,42 Gb Total Space | 36,10 Gb Free Space | 36,68% Space Free | Partition Type: NTFS Computer Name: DESKTOPPC | User Name: admin_new | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\admin_new\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - D:\FileServe Manager\FSStarter.exe (FileServe Limited) PRC - D:\Autodesk_2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe () PRC - D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - D:\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\AAVUpdateManager\aavus.exe () PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) PRC - C:\Windows\SysWOW64\nutsrv4.exe (DataFocus, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - D:\FileServe Manager\FFChromeExtHelper.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll () MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll () MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll () MOD - C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll () MOD - C:\PROGRA~2\Vision\system\rifxx.dll () MOD - C:\PROGRA~2\COMMON~1\Vision\vwmuapi.dll () ========== Services (SafeList) ========== SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (mi-raysat_3dsmax2012_64) -- D:\Autodesk_2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe () SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EhttpSrv) -- C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV - (mi-raysat_3dsmax2010_64) -- D:\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe () SRV - (AAV UpdateService) -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe () SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (NuTCRACKERService) -- C:\Windows\SysWOW64\nutsrv4.exe (DataFocus, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (cmudax) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc) DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET) DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (MODRC) -- C:\Windows\SysNative\drivers\modrc.sys (DiBcom S.A.) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\mod7700.sys (DiBcom) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (PORTIO) -- C:\Users\Sotizzle\Desktop\JungleFlasher v0.1.73 Beta (108)\portio64.sys () DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (TPkd) -- C:\Windows\SysWow64\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (usbaudio) -- C:\Windows\SysWOW64\drivers\usbaudio.sys (Microsoft Corporation) DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-864713432-773561721-809381997-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: D:\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011.05.13 22:30:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Addobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.01.20 12:33:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.20 12:36:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1950@crossrider.com: C:\Users\Sotizzle\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012.01.26 23:33:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.18 22:32:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.06 20:08:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.15 17:17:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.10.23 23:32:43 | 000,000,000 | ---D | M] [2012.07.29 12:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.06 20:08:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.19 05:58:26 | 000,067,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012.07.30 21:35:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.30 21:35:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.30 21:35:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.30 21:35:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.30 21:35:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.30 21:35:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Adobe Contribute CS5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: vshare plugin = C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2011.05.28 10:39:19 | 000,000,485 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 1) Go into the hosts setup folder: O1 - Hosts: C:\Windows\System32\drivers\etc O1 - Hosts: (I use Notepad to open it) O1 - Hosts: add the following lines, at the bottom of the file, to the host file: O1 - Hosts: You can just do a copy and paste O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com Blocking Adobe Activation O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - D:\FileServe Manager\FileServeBHO.dll (FileServe Limited) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Addobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Addobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TNOD UP] "C:\Users\Sotizzle\Desktop\TNod\TNODUP.exe" /i File not found O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\PROGRA~1\C-Media\WIN_ME\Setup.exe /SPEAKER File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FileServe Manager Task] D:\FileServe Manager\FSStarter.exe (FileServe Limited) O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [NuTCSetupEnviron] C:\PROGRA~2\NUTCRA~1\bin\ncoeenv.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\nutafun4.dll (DataFocus, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\nutafun4.dll (DataFocus, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A52D424-DB35-4DD2-A80A-EE484C53C70F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {24A42960-A7F8-11CF-8121-0020AFB5213D} - C:\PROGRA~2\Vision\SYSTEM\zonehook.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.01 23:34:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2008.12.28 19:46:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.11.15 22:23:03 | 000,000,000 | ---- | M] () - C:\.autoreg -- [ NTFS ] O32 - AutoRun File - [2011.07.01 22:04:58 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012.04.02 22:53:55 | 000,000,000 | ---D | M] - D:\Autodesk_2012 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.08 23:34:14 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Google [2012.09.08 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Apple Computer [2012.09.08 23:32:19 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Adobe [2012.09.08 23:32:14 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\ESET [2012.09.08 23:32:08 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Adobe [2012.09.08 23:30:06 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.08 23:30:06 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Searches [2012.09.08 23:30:06 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.08 23:29:51 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Identities [2012.09.08 23:29:48 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Contacts [2012.09.08 23:29:46 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\VirtualStore [2012.09.08 23:29:39 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\WTablet [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Vorlagen [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Verlauf [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Temporary Internet Files [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Startmenü [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\SendTo [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Recent [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Netzwerkumgebung [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Lokale Einstellungen [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Videos [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Musik [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Eigene Dateien [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Documents\Eigene Bilder [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Druckumgebung [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Cookies [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\AppData\Local\Anwendungsdaten [2012.09.08 23:29:23 | 000,000,000 | -HSD | C] -- C:\Users\admin_new\Anwendungsdaten [2012.09.08 23:29:22 | 000,000,000 | --SD | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Videos [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Saved Games [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Pictures [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Music [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Links [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Favorites [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Downloads [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Documents [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\Desktop [2012.09.08 23:29:22 | 000,000,000 | R--D | C] -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.08 23:29:22 | 000,000,000 | -H-D | C] -- C:\Users\admin_new\AppData [2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Temp [2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft Help [2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Local\Microsoft [2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Media Center Programs [2012.09.08 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\admin_new\AppData\Roaming\Macromedia [2012.08.16 00:12:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 00:12:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 00:12:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 00:12:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 00:12:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 00:12:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 00:12:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 00:12:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 00:12:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 00:12:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 00:12:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 00:12:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.16 00:12:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 21:25:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 21:25:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 21:25:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 21:25:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll ========== Files - Modified Within 30 Days ========== [2012.09.08 23:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 23:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 23:29:39 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.08 23:29:38 | 000,000,496 | RHS- | M] () -- C:\Users\admin_new\ntuser.pol [2012.09.08 23:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.08 23:28:49 | 3193,786,368 | -HS- | M] () -- C:\hiberfil.sys [2012.09.08 23:27:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.08 00:18:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.04 23:50:29 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.04 23:50:29 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.04 23:50:29 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.04 23:50:29 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.04 23:50:29 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.04 23:23:11 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.25 17:40:48 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.25 17:40:48 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.16 19:59:11 | 005,019,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.08 23:30:55 | 000,001,401 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.09.08 23:30:15 | 000,001,435 | ---- | C] () -- C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.09.08 23:29:38 | 000,000,496 | RHS- | C] () -- C:\Users\admin_new\ntuser.pol [2012.09.08 11:53:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.02.26 19:34:18 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll [2011.12.09 15:00:24 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll [2011.12.08 02:47:26 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll [2011.12.02 02:59:04 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll [2011.11.23 00:16:04 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.07.01 22:16:32 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2010.12.12 02:09:15 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2010.11.02 21:22:29 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\uuddc32.dll [2010.09.16 00:52:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\uninst.dll [2010.09.16 00:50:49 | 000,065,808 | ---- | C] () -- C:\Windows\SysWow64\nutsh4.DLL [2010.09.16 00:49:56 | 000,221,184 | R--- | C] () -- C:\Windows\SysWow64\tiffdump.exe [2010.09.16 00:49:56 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflapigen.exe [2010.09.16 00:49:55 | 000,262,144 | R--- | C] () -- C:\Windows\SysWow64\iflTIFF0.dll [2010.09.16 00:49:55 | 000,163,840 | R--- | C] () -- C:\Windows\SysWow64\ifl0.dll [2010.09.16 00:49:55 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\iflPNG0.dll [2010.09.16 00:49:55 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\iflJFIF0.dll [2010.09.16 00:49:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\iflSGI0.dll [2010.09.16 00:49:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\iflGIF0.dll [2010.09.16 00:49:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\ifldbgen.exe [2010.09.16 00:49:55 | 000,032,768 | R--- | C] () -- C:\Windows\SysWow64\iflBMP0.dll [2010.09.16 00:49:55 | 000,032,768 | R--- | C] () -- C:\Windows\SysWow64\cifl0.dll [2010.09.16 00:49:55 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflXPM0.dll [2010.09.16 00:49:55 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflPPM0.dll [2010.09.16 00:49:55 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\iflFIT0.dll [2010.09.16 00:49:55 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\iflXBM0.dll [2010.09.16 00:49:55 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\iflRaw0.dll [2010.09.16 00:49:55 | 000,020,480 | R--- | C] () -- C:\Windows\SysWow64\iflstatus.exe [2009.10.24 13:25:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2012.09.08 23:32:14 | 000,000,000 | ---D | M] -- C:\Users\admin_new\AppData\Roaming\ESET [2010.04.18 10:50:27 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\abgx360 [2011.09.14 23:41:15 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Apowersoft [2011.07.01 23:12:12 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Autodesk [2010.03.27 22:57:30 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\BlackBean [2009.10.24 01:26:20 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Blitware [2009.11.22 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\DAEMON Tools Lite [2009.10.25 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\DAEMON Tools Pro [2010.02.27 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\DigitalJuice [2009.10.23 23:33:25 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ESET [2009.11.10 23:10:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\FlashFXP [2012.09.07 23:28:56 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\foobar2000 [2012.01.29 11:18:38 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\FreeStone Group [2010.07.19 20:04:19 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\GrabPro [2012.01.19 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\HDRsoft [2010.04.06 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ImgBurn [2011.01.11 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Leadertech [2011.12.18 01:12:40 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Mael [2010.10.21 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ManyCam [2012.06.16 13:24:24 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\MediaMonkey [2009.10.23 23:54:46 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\NetMeter [2012.02.09 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Nik Software [2010.07.21 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Notepad++ [2009.10.23 23:23:01 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Opera [2011.09.02 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Orbit [2012.05.03 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\PACE Anti-Piracy [2010.07.19 20:05:08 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ProgSense [2009.12.24 00:40:00 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Ringtone Expressions [2011.06.27 22:45:43 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Samsung [2012.02.11 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Software4u [2012.04.09 23:40:56 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.31 23:53:40 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Stereoscopic Player [2012.05.02 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\TeamViewer [2012.05.23 23:05:17 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\Temp [2010.12.12 00:58:56 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\ThumbGen [2010.01.04 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\TrueCrypt [2012.02.11 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\WindSolutions [2012.06.12 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Sotizzle\AppData\Roaming\XnView [2010.12.12 03:59:00 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2012.05.25 08:38:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und EXTRAS: Code:
ATTFilter 7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 87,89 Gb Total Space | 4,79 Gb Free Space | 5,46% Space Free | Partition Type: NTFS Drive D: | 98,42 Gb Total Space | 36,10 Gb Free Space | 36,68% Space Free | Partition Type: NTFS Computer Name: DESKTOPPC | User Name: admin_new | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- D:\Addobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- D:\Addobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) "C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{087EB1C8-74E9-4C76-B05A-D7327D5F3DCF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{10B19112-0139-49CF-B786-E45E45CE3E01}" = lport=10243 | protocol=6 | dir=in | app=system | "{1A1EA812-7FA5-4A07-90C8-4A8B1BAC7B74}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1A738346-5523-48A8-AE34-C3E96DE0175F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{211F3D3B-4789-4D99-B839-1E82C92E5D68}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | "{260A2589-9AEF-4090-A69D-775893A36424}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2C952AE4-50A1-4B11-A47C-279A3FF5044F}" = lport=2869 | protocol=6 | dir=in | app=system | "{34C8DB82-B4E9-4BA3-A73D-66D9171E1065}" = lport=139 | protocol=6 | dir=in | app=system | "{3E109CB3-2BBE-4910-8B3C-3F5C3BA99F18}" = rport=445 | protocol=6 | dir=out | app=system | "{3E448F29-C46B-40A3-98D1-84D3FE6534B6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{445F7016-3A40-4EF2-AE2E-935DB11E7B49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BDEB4E4-8EBE-4DA4-9163-096A35F82647}" = lport=138 | protocol=17 | dir=in | app=system | "{500853BA-FE37-4D74-9BB4-AC41BBCC96FD}" = lport=445 | protocol=6 | dir=in | app=system | "{52B28342-83F1-488F-B5AB-329F50B6E6DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{56127733-FD7C-448E-8120-3C4D6DD49180}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{59368EBC-9100-4934-9091-20EFF3C5AACB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{59CE7F75-0166-4CAA-8A69-814FB52F1A22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5B31CE54-C7E5-4F6D-8886-B9E7BA43D1E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5F8EEE78-C7D1-4DA2-BA08-DBD57A55641E}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{6B86F1C9-FAF1-49F4-B0BB-829F982D47ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B9BAFC2-63A1-494F-86EE-FAE4A535BF4E}" = lport=137 | protocol=17 | dir=in | app=system | "{856D00AE-42ED-47EC-9129-1981A4D0F6D0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{8770A5C3-F968-4806-B0CB-AD843759AD41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8E66DA02-8A6A-4DDD-A665-B681FAEEFE1C}" = rport=137 | protocol=17 | dir=out | app=system | "{924FAD34-706D-4BF7-AA76-8FFB3CCD8736}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{9B856E00-F076-4A7A-9907-D0B4BC5DBEF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A66A9A45-52DC-424A-B45E-CF6EF42B8799}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AB1C1A91-0777-4E38-B89D-2314D4A38140}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ACFCEE19-7669-4CE9-AA8B-A23FFF63C2D7}" = rport=138 | protocol=17 | dir=out | app=system | "{B53325C7-DB1D-415F-A25D-6C205CD6E519}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8FF5EFF-3565-4D86-AB90-20726BEDD8DF}" = rport=10243 | protocol=6 | dir=out | app=system | "{BB36B90D-F208-4B29-B50A-0E3E474D2EA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BB50E33C-6C14-4174-8F4F-3E662A71B194}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C4979756-E408-4795-BD38-0791E420A9D1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CBD7828D-4D47-411C-8CE8-735F99568FF0}" = lport=2869 | protocol=6 | dir=in | app=system | "{CD15A794-58A4-4591-9E53-37C2FC01D1B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6A1402F-CB67-4FED-BCDF-86BD8EF71D96}" = rport=139 | protocol=6 | dir=out | app=system | "{D859C1FE-C3DB-4370-9071-62CD898274DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E5E2EFA2-12C1-4684-9873-89E7CF1556CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EE5956C6-63CC-4187-857A-8E822332ACC6}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{F2864BAC-B88C-4BEF-A42D-FF27859744D8}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0353E5B9-1604-4D2C-9282-6575F9DF6314}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0F73E3D7-33FB-4FF8-944F-7A5120420C0A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0F7D782F-502F-4DB0-B416-44C00AD9B718}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{142C9473-58AA-41DE-A829-E5B66CF645B6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{145F1BD2-4D8C-431F-9D54-007E67B6087F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{1537F6DE-1066-4F83-AE4B-A3B9FE12E3B1}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{15BB6286-EC4F-40A8-A17C-A6E121B549BC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{15EB572D-630F-44EE-882C-0A86446160C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2006D16C-DAB5-40FA-A2E7-0EE379437DB4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2015B576-7411-4EBC-8850-5964CC2439BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2182EBCB-0DE3-45FE-B1D4-2058886200CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{236363E2-7C4D-48A0-90C7-AA90B527BFA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2418FC7D-4C61-440C-BF58-1DF0C6E4962D}" = protocol=17 | dir=in | app=d:\sega\vancouver 2010\vancouver.exe | "{259B4C18-B6AF-49CD-8867-60720F1DC425}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2643EAC0-F6F7-4782-81F2-6DFF3CB8DA58}" = protocol=17 | dir=in | app=d:\addobe\adobe flash builder 4.5\flashbuilder.exe | "{300BF7EC-DE15-4B18-AA1F-8BA9532B38A0}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{356B0E96-EBD1-4C5D-9F87-1668C3A21FA0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3ABD99F8-B6FC-4601-8248-9238D8E488BC}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{3CF146C4-7339-4C72-A4D5-6252D23FD356}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{45BC0C29-5A0B-4144-ACB9-C0117E343C2D}" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe | "{462056CA-23AD-47EE-91F2-4C5BE034CEBF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{46CBFEF9-DDBD-4A5E-86A6-7C58FE4C8B03}" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | "{4CF0EB8D-4C93-493D-AC85-5B32384C0825}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{4D90CE29-D169-4B28-8A65-18CB0C4613F5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4E2737BC-639F-4C15-B773-8247BE6F643B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4E2B9E19-F169-49EE-9177-997BC9FBA584}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{50FB5D4B-75D3-40F7-AE09-5E242D26786C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{57B75B98-72C1-4D89-AB25-1A415E6DC6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{5BE1FB3F-62C4-43E8-8B00-AC282F526A7B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{5F3DD7B0-CBA8-4960-8344-DD47F12BAF74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5FDCB7AB-0188-4A76-86E8-A2CE913B3F9A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{61EC9600-7AAF-4C30-9DCD-72831A842FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{61F65346-9958-4E76-9C3E-82010B458283}" = protocol=6 | dir=in | app=d:\addobe\adobe flash builder 4.5\flashbuilder.exe | "{630791B3-E15D-45AF-8B4F-55D57CEF126A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{632C770F-E272-496A-BE64-357D05E848E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{68DA2DC1-CF01-434F-A9BC-64A5EAE04B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6C6CB253-1A9B-45E4-ABBE-F5FDB224958C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6D80EBAC-3B0D-4FF2-8833-EAAFE37B2CDA}" = protocol=6 | dir=in | app=d:\autodesk_2012\3ds max 2012\3dsmax.exe | "{726BB874-A3BB-49A1-ACB9-3135425E2134}" = protocol=6 | dir=in | app=d:\adobe\adobe flash builder 4.5\flashbuilder.exe | "{77CECDFF-EC14-4588-BB7D-23E7228B86FF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{78B651C5-3806-4DA7-9BDA-FE4EC6C1E92F}" = protocol=6 | dir=in | app=d:\sega\vancouver 2010\vancouver.exe | "{7B4E81B6-759A-4F42-BA03-7A4473D2C0AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7C3AC18A-30DD-472B-A2EB-3D285471C621}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7E6564A2-095E-4A19-8B85-B96DA696E1B8}" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64.exe | "{7E71DD46-FAA2-4E47-8C21-B4C720175A62}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{813FC762-9DCF-4C5D-9FCF-DD35BFB59D65}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{819D47E3-5C63-4CC8-90E0-6A1720AF0F23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{85822126-1A9B-4F3D-BC40-912B3D352750}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{874A3BF7-5D92-469A-BFA9-E4E684B6CD1F}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{87EA2948-BFD4-496B-960D-5C8180DCB157}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8B7D2A58-2330-4E59-83EF-CFA9DAC6A724}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{8BD3A9C3-B217-4191-A64B-1437E72C67AD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{9016BD49-0FFF-471E-BAE8-85B83376BDC7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{91872C4A-2CCE-442D-AF34-816530D6F5E5}" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe | "{918D770A-A15E-4A67-9943-D50E20F1B47A}" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | "{930F64EF-60E8-446B-B64E-B910B5C762AC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{94D9AB9F-2076-4AC5-BEA3-9D6C1ECC385B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{951A5F6E-CF40-4F45-A304-634C86C734E1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9930C656-0E8A-4076-A975-483B46E5AFF5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9ADB539C-0274-4F1D-AD3C-EB983EF6AD16}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{9CE46CF1-B118-4BEE-AEB0-CD30908380E1}" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_64.exe | "{9E3F06D9-E04B-45BA-8FE6-68DB68DE4DE8}" = protocol=17 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | "{9E4840AF-DCE4-4BF8-B71F-273B4F2556BF}" = protocol=6 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | "{A017A15A-494D-4044-B52E-E2D04F62FB3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AA1E2E66-7068-41EE-9175-CA22183E49A7}" = protocol=6 | dir=out | app=system | "{AF1690BB-EEDD-47E6-8D10-E41BA1A99B05}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{AF800796-245E-4BAC-A0A9-158B43D968EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{B416E33A-4F03-4A42-BBF0-AEDD016A3B56}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B4EDE0C7-7D59-49DD-B9AE-462FAA6008CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B6D560B5-81CE-4977-90FE-735705C09DB0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{BAE0FD62-A011-4370-9412-769C44450E71}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BCBC5E83-F03B-40AE-84F8-3ADE2BFDA3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{BF337E3E-C201-40FF-9EDE-13FB72586E0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{BF78FC92-FAAB-494F-A735-E0FE3F56371A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{C0A603DD-4946-442C-AC40-035C0D49A8C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C305A0CC-10C4-4DDA-8777-BA7D5469E266}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{C3B3B9DC-4B5B-4671-B378-FC6EA7C6D776}" = protocol=17 | dir=in | app=d:\adobe\adobe flash builder 4.5\flashbuilder.exe | "{C78B3FF6-928D-4646-950E-ABC9240B8EB3}" = protocol=6 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | "{C978FD1C-FD5E-4E34-8BBF-76FA34FC040E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C9CB2DB1-440B-4DCC-9872-DE500561AD11}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CA10B524-E7ED-4C22-82FB-DB1C9B69426C}" = protocol=17 | dir=in | app=d:\autodesk_2012\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | "{CAB397E8-181E-4AEE-961F-B618D45AD6D7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{CF9BCDB4-D191-453A-BF7B-BFF3A661206E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D1AB25A8-1245-43F2-9BDC-7F3F9C91BAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{D6C6C643-56F7-4978-BE25-1EE098E43D4B}" = protocol=17 | dir=in | app=d:\autodesk_2012\3ds max 2012\3dsmax.exe | "{D9D2F801-3B06-47B7-94AE-CB278C77C631}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DA26F6EE-8FE7-41C6-9DCD-640401053CDA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DAA72676-C0DC-4B0E-A704-A867034333F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E132A5F6-1C85-402B-8D1F-9B84FCA0093C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E1C5E17A-BC26-4D54-BC71-B50ACD66F95F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E9035740-84B7-440B-A007-A89F17325F7F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{EF5F88B5-0833-4939-AF6D-C72E9D09A73B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F6C7EA2B-2D11-4C45-A1E9-150215E46879}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F8A9C8EB-846F-4119-B76E-F2D2CC844882}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FB1C38F8-01B5-448D-A147-5293B99D93DC}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{FEAB9C32-45F5-4DB0-A0ED-B9BA5CDE566C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "TCP Query User{0C861752-A720-4FE9-9C84-9193FC9CC89B}D:\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=d:\maya2009\bin\maya.exe | "TCP Query User{1175F336-A227-4240-9C4D-A93337D41B7A}D:\autodesk\3ds max design 2010\3dsmax.exe" = protocol=6 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | "TCP Query User{13D3A3AB-F1EC-417B-B7A4-6172C554C4B5}D:\appz\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=d:\appz\maya2009\bin\maya.exe | "TCP Query User{1E7EB4D7-CA29-4E09-8541-6DAC2602D1C7}D:\appz\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=d:\appz\maya2009\bin\maya.exe | "TCP Query User{2D83D84F-9D50-47F5-80EB-6EBF23AE27CB}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | "TCP Query User{56CD9539-84A5-4C84-BB2C-D01D5789D59B}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | "TCP Query User{7270421D-2BF4-4E56-9CA9-9151DB7A65B0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{72E50640-6B22-45C3-895D-71203844ABBF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{77977D7C-EACA-494E-8DF8-4EEB2AA3E15F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{7D4873B7-5365-4A88-859C-DFC78414AB9B}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "TCP Query User{80BD0D39-EC16-41F3-96CE-042C0D0D2C8E}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | "TCP Query User{83376CBB-6A82-4D1D-B9F5-F1E97E956EFC}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{9439463B-65D4-42E9-8B59-77BB9DE03C75}E:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=6 | dir=in | app=e:\wd_windows_tools\wddiscovery\wddiscovery.exe | "TCP Query User{9496D9AF-A999-4516-ACAF-E745A16BEC78}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{959042D1-0104-4BB6-AFCA-0E41BEB1C30E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{9B4DE63E-9131-4A69-BE7A-31B6D9E85572}C:\program files\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | "TCP Query User{9EE33285-2460-4675-91EE-D7EE55297E4B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{9F3998B4-7AEC-420C-A654-05ABD0EF001A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{A136468D-5F37-4365-8109-50B7B1E3D89D}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=6 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | "TCP Query User{A89B9D87-D26A-4415-9402-776B966F39E2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{AED5E45D-6C8D-4D66-BBED-44DC13B32960}C:\program files (x86)\realvnc\vnc4\winvnc4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realvnc\vnc4\winvnc4.exe | "TCP Query User{C0A32D8C-C25C-416D-A03C-E4F36A3A4AB4}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | "TCP Query User{C17E253E-49EC-4403-ADA4-8C8A4ACF1659}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{DA859BEF-3033-497E-9F78-C146DADED20D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{DB2A968B-12DF-472B-9CE9-D09C4247F48F}D:\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\trillian\trillian.exe | "TCP Query User{E6FFC7E6-D796-45C1-8B71-F438E4D85BA2}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "TCP Query User{F4F71952-5D1B-476E-84D2-0E24F1A5E5F2}D:\autodesk_2012\maya2012\bin\maya.exe" = protocol=6 | dir=in | app=d:\autodesk_2012\maya2012\bin\maya.exe | "TCP Query User{F5BD0742-9D48-40BD-9813-4556A52127F1}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "UDP Query User{11EF8F6B-36A1-4973-A83F-E95E61512817}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{1A394818-062A-4242-85AE-8F43A8DA2D61}C:\program files (x86)\realvnc\vnc4\winvnc4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realvnc\vnc4\winvnc4.exe | "UDP Query User{1EEB90B9-80F7-4539-9511-7D07B2E59899}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{23AA8B91-F2C2-4601-8D0F-798A0FC0AE9B}D:\appz\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=d:\appz\maya2009\bin\maya.exe | "UDP Query User{2F973F43-0C0D-44FF-BCAB-0CC8DEC55CC7}C:\program files\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | "UDP Query User{33BF1F88-CDE8-43DF-BD19-8BAF8432ADC7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{39867B2D-947A-4B8B-97AA-A2BA4EB78655}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "UDP Query User{41B98232-FFCB-46DA-B32A-BD6DCBA2A670}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{453AEB16-0883-4086-9ED9-6872201A318B}D:\autodesk_2012\maya2012\bin\maya.exe" = protocol=17 | dir=in | app=d:\autodesk_2012\maya2012\bin\maya.exe | "UDP Query User{5EF0CF78-96E6-4F68-972A-21067E4EE8C0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{6BCA75C4-FEA1-481C-998E-E5F20C7D0227}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{7CA88000-C14B-4FCE-858A-29E6E93427A3}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | "UDP Query User{7E5AA13A-1011-4D65-96F8-6A7D7F33AF46}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{89258A8B-2C6F-4EC6-8AED-A1D95C68C853}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{9C2F263C-32F0-4A6B-A226-6DDB769076CE}D:\autodesk\3ds max design 2010\3dsmax.exe" = protocol=17 | dir=in | app=d:\autodesk\3ds max design 2010\3dsmax.exe | "UDP Query User{A68C0236-E41B-449E-B1F8-22FE12E659C2}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "UDP Query User{BFFEC455-6B1F-4192-9036-D38864EC426B}D:\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=d:\maya2009\bin\maya.exe | "UDP Query User{C3F8EC59-08F3-42D0-ADA2-0436B70F33BF}E:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=17 | dir=in | app=e:\wd_windows_tools\wddiscovery\wddiscovery.exe | "UDP Query User{C4D4C810-6091-48F7-987C-7AADAA37A8B6}D:\appz\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=d:\appz\maya2009\bin\maya.exe | "UDP Query User{C8CD7B08-1E16-421B-A393-723BBE730D82}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | "UDP Query User{CFEBAB19-2290-4086-AB0B-6E40A5378C0F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{D19BE430-3324-4A52-82A8-B5D7D2A23A8A}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{E29F3691-3E98-4178-A105-1CA01029BC94}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "UDP Query User{E30AE8CA-6299-4D47-A5CE-6928B80B533E}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe | "UDP Query User{E71E1090-3F50-4DB9-8A60-942532982374}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | "UDP Query User{EEDA8D42-0F64-439D-9BCD-24929AE2FF24}D:\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\trillian\trillian.exe | "UDP Query User{EFAAA660-4D2D-4C3C-8346-1ACB140E1F57}C:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe" = protocol=17 | dir=in | app=c:\users\sotizzle\appdata\local\xenocode\sandbox\3ds max\13.0.0.94\2010.08.29t06.43\virtual\stubexe\8.0.1135\@programfiles@\autodesk\3ds max design 2011\3dsmax.exe | "UDP Query User{F3F1325B-FAD0-4FDA-BEE2-D15EC2E5ABF1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2 "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{227B4E66-B95F-46B8-8E86-740D5CBFC65C}" = Maya 2009 (64-bit) "{23A66953-369C-4d22-A189-C6E403D4A19F}" = Native Instruments Audio 2 DJ Driver "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor "{33EE1A55-D9DD-44AC-91E0-0D0AC75608D7}" = Maya 2009 Bonus Tools (64-bit) "{420461EA-8522-0409-B836-C9BFC6137A6D}" = Autodesk 3ds Max Design 2010 64-bit Components "{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6378ABCE-F816-4330-A7B1-FBEBCD50B746}" = ESET Smart Security "{69F849EF-4918-4333-81C1-8D8FC07E62B1}" = Knoll Light Factory Photo 64 bit "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{C9E49EC1-F125-0409-A5D1-452B98A1530A}" = Autodesk 3ds Max Design 2010 64-bit "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D44BCDFB-817B-4C14-8551-915E8B9DDD8B}" = Maya 2009 (64-bit) Documentation (en_US) "{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit "{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit "{EC4EBC45-30AF-4F3C-B2B5-2FAF3FF9A1D1}" = Autodesk DirectConnect 2009 (64-bit) "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit "Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English "Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit "Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit "Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit "Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit "C-Media Audio Driver" = C-Media PCI Audio 64-bit Driver "C-Media PCI Audio Driver" = C-Media PCI Audio Device "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.7.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Pen Tablet Driver" = Bamboo "PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.4 "ProgDVB" = ProgDVB "Recuva" = Recuva "TNod" = TNod User & Password Finder "V-Ray for 3dsmax 2010 for x64" = V-Ray for 3dsmax 2010 for x64 "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.80.0 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0976596E-2882-487D-8738-A32C3B3A3C7C}" = PJ Remix "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{48EE4F71-8365-11D4-A82C-0000E85C4F70}" = 3D-Equalizer V3 R4b8 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1" = FileServe Manager 1.0.0.2821 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{6291FC10-FDF0-4022-A1A5-710C728D49C2}" = Vancouver 2010 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{640EAE56-81A2-49D4-9B8C-00DA3C0031AF}_is1" = Juicer 3.55a "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{68E6762C-20CA-41B2-8720-1B178B2C6AED}" = DxO FilmPack 2.0 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A5B1D32-CC86-4689-B43C-AD52A9B8773B}" = DIYPhotoBits.com Camera Control 5.2 "{7021CBFE-9C50-4BE0-A299-8F173E751302}" = Autodesk 3ds Max Design 2010 Tutorials Files "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series "{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CC8C451E-A820-48C8-AE92-A0FF088969D8}" = Stereoscopic Player "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager "{E299894D-5014-427C-8C4C-7AC4B1897495}" = Gigabyte U8000 TV Card Driver "{E7D293C9-732D-4E22-905D-2615FED321A4}" = BILD-Steuer 2010 "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5AEB5A7-D4EA-49A5-89F2-A799F1C620B9}" = TViXiE "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "7-Zip" = 7-Zip 4.65 "abgx360" = abgx360 v1.0.2 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Autodesk 3ds Max 2012 64-bit - English SP1" = Autodesk 3ds Max 2012 64-bit - English SP1 "BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.1.8 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "Cheat Engine 6.1_is1" = Cheat Engine 6.1 "CloneCD" = CloneCD "Color Efex Pro 4" = Color Efex Pro 4 "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Dfine 2.0 Stand-Alone" = Dfine 2.0 "DivX Setup" = DivX-Setup "DVB Dream_is1" = DVB Dream version 1.5c "ENTERPRISE" = Microsoft Office Enterprise 2007 "EuroGrand Casino" = EuroGrand Casino "FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager "FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.1111 "foobar2000" = foobar2000 v1.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Google Chrome" = Google Chrome "GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0 "HDR Efex Pro" = HDR Efex Pro "HijackThis" = HijackThis 2.0.2 "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "Image Format Library 1.4" = Image Format Library "ImgBurn" = ImgBurn "InstallShield_{69F849EF-4918-4333-81C1-8D8FC07E62B1}" = Knoll Light Factory Photo 64 bit "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "JDownloader" = JDownloader "KaloMa_is1" = KaloMa 4.91 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.2.0 "Knoll Light Factory Photo" = Knoll Light Factory Photo "MediaMonkey_is1" = MediaMonkey 4.0 "MKS Platform Components 7.x" = MKS Platform Components 7.x "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Native Instruments Audio 2 DJ Driver" = Native Instruments Audio 2 DJ Driver "Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver "Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor" = Native Instruments Traktor "NetMeter_is1" = NetMeter 1.1.3 "Notepad++" = Notepad++ "Opera 11.52.1100" = Opera 11.52 "Pixelspeed_Layouter" = Pixelspeed Layouter "PixPlant2 App_is1" = PixPlant 2.0.43 "PokerStars.net" = PokerStars.net "RealVNC_is1" = VNC Free Edition 4.1.3 "Ringtone Expressions" = Ringtone Expressions 1.5.0 "Sharpener Pro 3.0 Stand-Alone" = Sharpener Pro 3.0 "Silver Efex Pro 2" = Silver Efex Pro 2 "TeamViewer 7" = TeamViewer 7 "TrueCrypt" = TrueCrypt "UltraISO_is1" = UltraISO Premium V9.36 "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "Viveza 2" = Viveza 2 "VLC media player" = VLC media player 1.1.11 "vShare.tv plugin" = vShare.tv plugin 1.3 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WinLiveSuite_Wave3" = Windows Live Essentials "XnView_is1" = XnView 1.97 "XVision" = SCO XVision-Eclipse "YouTubeGet_is1" = YouTubeGet 5.9.5 "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.07.2012 16:09:47 | Computer Name = desktopPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.1.0.0, Zeitstempel: 0x4d90cf71 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses: 0x448 Startzeit der fehlerhaften Anwendung: 0x01cd638954ff2419 Pfad der fehlerhaften Anwendung: D:\Addobe\Adobe Photoshop CS5.1\Photoshop.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 307b6c00-cf82-11e1-a476-002215c850af Error - 17.07.2012 15:50:07 | Computer Name = desktopPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel: 0x4e1edf37 Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.11.0, Zeitstempel: 0x4e1edf37 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000174c ID des fehlerhaften Prozesses: 0x1b94 Startzeit der fehlerhaften Anwendung: 0x01cd645540b5efcd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: 9bafe28c-d048-11e1-831a-002215c850af Error - 21.07.2012 12:46:38 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 22.07.2012 12:39:05 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 24.07.2012 14:15:55 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 28.07.2012 06:30:37 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 28.07.2012 09:04:31 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 29.07.2012 08:24:15 | Computer Name = desktopPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel: 0x4e1edf37 Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.11.0, Zeitstempel: 0x4e1edf37 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000174c ID des fehlerhaften Prozesses: 0x20e0 Startzeit der fehlerhaften Anwendung: 0x01cd6d85012247af Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: 4f1d9f39-d978-11e1-97db-002215c850af Error - 30.07.2012 06:53:10 | Computer Name = desktopPC | Source = Application Hang | ID = 1002 Description = Programm chrome.exe, Version 20.0.1132.57 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1518 Startzeit: 01cd6e2035ea3ecb Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Berichts-ID: a48955c4-da34-11e1-a9b1-002215c850af Error - 30.07.2012 07:58:26 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.07.2012 13:30:33 | Computer Name = desktopPC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Autodesk_2012\Composite 2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 31.07.2012 17:42:12 | Computer Name = desktopPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel: 0x4e1edf37 Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.11.0, Zeitstempel: 0x4e1edf37 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000174c ID des fehlerhaften Prozesses: 0x1dd8 Startzeit der fehlerhaften Anwendung: 0x01cd6f653bb9d29c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: 95c93adc-db58-11e1-9007-002215c850af [ System Events ] Error - 08.09.2012 05:56:41 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.09.2012 05:56:41 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.09.2012 05:56:41 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.09.2012 05:59:03 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: TPkd Error - 08.09.2012 17:24:27 | Computer Name = desktopPC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?08.?09.?2012 um 11:59:36 unerwartet heruntergefahren. Error - 08.09.2012 17:25:00 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: TPkd Error - 08.09.2012 17:28:57 | Computer Name = desktopPC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?08.?09.?2012 um 23:27:27 unerwartet heruntergefahren. Error - 08.09.2012 17:29:29 | Computer Name = desktopPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: TPkd Error - 08.09.2012 17:50:59 | Computer Name = desktopPC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 08.09.2012 17:50:59 | Computer Name = desktopPC | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > mfg |
09.09.2012, 01:43 | #2 |
/// Helfer-Team | GVU Trojaner heute eingefangen - LOG FilesDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-864713432-773561721-809381997-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [TNOD UP] "C:\Users\Sotizzle\Desktop\TNod\TNODUP.exe" /i File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NuTCSetupEnviron] C:\PROGRA~2\NUTCRA~1\bin\ncoeenv.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.28 19:46:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.11.15 22:23:03 | 000,000,000 | ---- | M] () - C:\.autoreg -- [ NTFS ] [2012.09.08 23:27:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe :Files C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\admin_new\AppData\Local\{*} C:\Users\admin_new\AppData\Local\Temp\*.exe C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
09.09.2012, 16:54 | #3 |
| GVU Trojaner heute eingefangen - LOG Files Hi!
__________________Vielen Dank für die schnelle Antwort. Kurze Frage vorab: ist dieser fix auf den User bezogen? weil ich hab diesen admin_new account extra im nachhinein neu generiert um die ganzen scans etc durchzuführen. Ich habe den Fix jetzt auch in diesem Account gemacht. Hier der OTL Log dazu: Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-864713432-773561721-809381997-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TNOD UP deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NuTCSetupEnviron deleted successfully. C:\PROGRA~2\NUTCRA~1\bin\ncoeenv.exe moved successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_USERS\S-1-5-21-864713432-773561721-809381997-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. C:\.autoreg moved successfully. C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. C:\Windows\MusiccityDownload.exe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\admin_new\AppData\Local\{*} not found. File\Folder C:\Users\admin_new\AppData\Local\Temp\*.exe not found. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\admin_new\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\admin_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\admin_new\Desktop\cmd.bat deleted successfully. C:\Users\admin_new\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: admin_new ->Temp folder emptied: 304534 bytes ->Temporary Internet Files folder emptied: 64901 bytes ->Google Chrome cache emptied: 30265331 bytes ->Flash cache emptied: 56502 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sotizzle ->Temp folder emptied: 480505666 bytes ->Temporary Internet Files folder emptied: 174176578 bytes ->Java cache emptied: 35926375 bytes ->FireFox cache emptied: 77016472 bytes ->Google Chrome cache emptied: 258010822 bytes ->Opera cache emptied: 35160551 bytes ->Flash cache emptied: 44181 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 780774079 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.786,00 mb OTL by OldTimer - Version 3.2.61.2 log created on 09092012_174229 Files\Folders moved on Reboot... C:\Users\admin_new\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/09/2012 um 17:52:16 erstellt # Aktualisiert am 09/09/2012 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : admin_new - DESKTOPPC # Bootmodus : Normal # Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll Ordner Gefunden : C:\Program Files (x86)\Ask.com Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar Ordner Gefunden : C:\Program Files (x86)\vShare.tv plugin Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\Users\admin_new\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Sotizzle\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Sotizzle\AppData\LocalLow\boost_interprocess Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Schlüssel Gefunden : HKLM\Software\Freeze.com Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Sotizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.15] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df", Gefunden [l.1830] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df", Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [6580 octets] - [09/09/2012 17:52:16] ########## EOF - C:\AdwCleaner[R1].txt - [6640 octets] ########## Der Vollscan mit Malwarebytes Anti-Malware läuft gerade... nur wird der wahrscheinlich etwas länger dauern; Mfg hier der Malwarebytes log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.08.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 admin_new :: DESKTOPPC [Administrator] Schutz: Aktiviert 09.09.2012 17:55:11 1 Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 839772 Laufzeit: 2 Stunde(n), 20 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 11 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\extensions.exe (Spyware.SpyEyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 14 C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063947.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063948.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP131\A0063949.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{ED3F6B71-DF9D-471F-BAAB-3E7E24A2C8DA}\RP168\A0067627.exe (PUP.Uusee) -> Keine Aktion durchgeführt. C:\Users\Sotizzle\Desktop\TNod\TNod-1.4.1.0-final-setup.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt. C:\Users\Sotizzle\Desktop\TNod\uninst-tnod.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt. C:\Users\Sotizzle\Downloads\10FA.tmp (Trojan.Agent) -> Keine Aktion durchgeführt. C:\WINDOWS.0\AntiWPA\antiwpa.dll (PUP.Wpakill) -> Keine Aktion durchgeführt. C:\WINDOWS.0\system32\antiwpa.dll (PUP.Wpakill) -> Keine Aktion durchgeführt. C:\Windows.old\Users\Administrator\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ccproxysetup.exe (PUP.CCProxy) -> Keine Aktion durchgeführt. D:\Autodesk\xf-a2010.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt. D:\Trillian\loader.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt. C:\Users\Sotizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/09/2012 um 20:19:35 erstellt # Aktualisiert am 09/09/2012 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : admin_new - DESKTOPPC # Bootmodus : Normal # Ausgeführt unter : C:\Users\admin_new\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\admin_new\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Sotizzle\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Sotizzle\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Schlüssel Gelöscht : HKLM\Software\Freeze.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Sotizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.15] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df", Gelöscht [l.1830] : homepage = "hxxp://vshare.toolbarhome.com/?hp=df", Datei : C:\Users\admin_new\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [6693 octets] - [09/09/2012 17:52:16] AdwCleaner[R2].txt - [6753 octets] - [09/09/2012 20:19:06] AdwCleaner[R3].txt - [6813 octets] - [09/09/2012 20:19:23] AdwCleaner[S1].txt - [7419 octets] - [09/09/2012 20:19:35] ########## EOF - C:\AdwCleaner[S1].txt - [7479 octets] ########## |
09.09.2012, 22:21 | #4 | |
/// Helfer-Team | GVU Trojaner heute eingefangen - LOG FilesZitat:
Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
10.09.2012, 19:28 | #5 |
| GVU Trojaner heute eingefangen - LOG Files mal abgesehen davon... ist der GVu Trojaner damit jetzt komplett weg?! ich habe mich in den account eingeloggt und es ist zumindest nichts mehr gekommen. |
11.09.2012, 00:44 | #6 | |
/// Helfer-Team | GVU Trojaner heute eingefangen - LOG Files der GVU Ransom ist die unbedeutendste Infektion deines Rechners: Zitat:
__________________ --> GVU Trojaner heute eingefangen - LOG Files |
Themen zu GVU Trojaner heute eingefangen - LOG Files |
7-zip, adobe after effects, converter, downloader, eset smart security, flash player, google, google earth, hijack, homepage, iexplore.exe, install.exe, jdownloader, monitor.exe, ntdll.dll, office 2007, plug-in, pup.ccproxy, pup.hacktool.patcher, pup.uusee, pup.vshareredir, pup.wpakill, realtek, recuva, registry, safer networking, security, software, spyware.passwords.xgen, spyware.spyeyes, svchost.exe, third party, trojan.agent, trojan.agent.ck, trojan.ransom.gen, trojaner, windows |