|
Plagegeister aller Art und deren Bekämpfung: GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.12.2012, 09:38 | #1 |
| GVU Trojaner Hallo zusammen, ich habe mir am Montag Abend den GVU Trojaner mit Webcam gefangen. Seither habe ich einen Neustart gemacht, die Verbindung zum Internet unterbrochen und mit OTL gescannt. Könnt ihr mir weiterhelfen? Hier das OTL Log: Code:
ATTFilter OTL logfile created on: 05.12.2012 19:34:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 60,51% Memory free 5,71 Gb Paging File | 4,57 Gb Available in Paging File | 79,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,89 Gb Total Space | 13,15 Gb Free Space | 8,83% Space Free | Partition Type: NTFS Drive D: | 1,87 Gb Total Space | 0,49 Gb Free Space | 26,01% Space Free | Partition Type: FAT Drive E: | 147,73 Gb Total Space | 133,90 Gb Free Space | 90,63% Space Free | Partition Type: NTFS Computer Name: HEINZ-PC | User Name: Heinz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - [2012.12.04 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012.11.26 19:09:27 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.26 19:09:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.26 19:09:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 17:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.04.24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008.04.24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2008.04.24 09:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe PRC - [2008.04.24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.04.16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008.04.16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2008.04.10 23:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.04.08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.19 12:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2008.01.25 12:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2008.01.17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2005.09.09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 05:52:14 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll MOD - [2012.11.17 01:23:45 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll MOD - [2012.11.17 00:21:05 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll MOD - [2012.11.17 00:20:58 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll MOD - [2012.11.17 00:20:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 00:20:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll MOD - [2012.11.16 23:06:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll MOD - [2012.11.16 23:06:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll MOD - [2012.11.16 23:05:50 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll MOD - [2012.11.16 23:04:36 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09ab834223f9c860f08de8d58688b1a3\PresentationCore.ni.dll MOD - [2012.11.16 23:04:18 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0e3cff5f58a9a75de7fcac112c8bbca0\WindowsBase.ni.dll MOD - [2012.11.16 23:04:12 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll MOD - [2012.11.16 23:03:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.05.27 12:35:02 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3034.36909__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.05.27 12:35:02 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3034.36868__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3034.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.05.27 12:35:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3034.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3034.37066__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3034.36901__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.05.27 12:35:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3034.36888__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.05.27 12:35:00 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3034.37132__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.05.27 12:34:45 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3034.37074__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:45 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3034.37138__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:45 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3034.37080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.05.27 12:34:45 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3034.36881__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:44 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3034.37131__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3034.37073__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.05.27 12:34:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3034.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3034.36935__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3034.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3034.36889__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3034.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.05.27 12:34:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3034.37059__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.05.27 12:34:43 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3034.36928__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3034.37045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3034.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3034.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.05.27 12:34:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.05.27 12:34:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.05.27 12:34:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.05.27 12:34:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.05.27 12:34:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.05.27 12:34:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.05.27 12:34:42 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.05.27 12:34:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.05.27 12:34:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.05.27 12:34:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.05.27 12:34:36 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3034.36876__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.05.27 12:34:36 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3034.36895__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.05.27 12:34:36 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.05.27 12:34:36 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3034.36861__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.05.27 12:34:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.05.27 12:34:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.05.27 12:34:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3034.37150__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.05.27 12:34:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.05.27 12:34:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.05.27 12:34:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.05.27 12:34:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3034.36860__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.05.27 12:34:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3034.36861__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.05.27 12:34:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3034.36859__90ba9c70f846762e\APM.Server.dll MOD - [2008.05.27 12:34:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3034.36860__90ba9c70f846762e\AEM.Server.dll MOD - [2008.05.27 12:34:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3034.37123__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.05.27 12:34:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.05.27 12:34:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.04.22 21:05:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2007.12.25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2007.12.14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.12.01 16:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - [2012.11.26 19:09:27 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.26 19:09:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.22 21:46:06 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.16 10:20:06 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.02.26 17:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.04.24 17:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008.04.24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.04.10 23:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.09.09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.11.14 18:15:16 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.14 18:15:16 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.14 18:15:16 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.06.07 16:25:20 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012.06.07 16:24:23 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux) DRV - [2012.06.07 16:24:23 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint) DRV - [2010.03.25 21:17:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.12.20 10:53:32 | 000,234,016 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.16 10:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.01.13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.08.28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.04.22 23:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.10 20:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.02.27 18:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2007.12.26 09:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.05.21 08:30:48 | 000,248,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187) DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.10.30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\..\SearchScopes,DefaultScope = {2F910EC5-899F-4081-8FD2-D915D4E1B4BE} IE - HKLM\..\SearchScopes\{2F910EC5-899F-4081-8FD2-D915D4E1B4BE}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp:/// IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {2F910EC5-899F-4081-8FD2-D915D4E1B4BE} IE - HKCU\..\SearchScopes\{2F910EC5-899F-4081-8FD2-D915D4E1B4BE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.de-consult.de:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.14 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.http: "proxy.de-consult.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 19:56:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.22 21:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.22 21:45:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.22 21:32:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.22 21:32:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.22 21:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.22 21:45:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.22 21:32:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.22 21:32:04 | 000,000,000 | ---D | M] [2009.12.27 23:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinz\AppData\Roaming\mozilla\Extensions [2009.12.27 23:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.29 10:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinz\AppData\Roaming\mozilla\Firefox\Profiles\7sadp2dn.default\extensions [2012.11.16 22:08:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Heinz\AppData\Roaming\mozilla\Firefox\Profiles\7sadp2dn.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.11.29 10:43:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Heinz\AppData\Roaming\mozilla\Firefox\Profiles\7sadp2dn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.11.11 19:59:14 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Heinz\AppData\Roaming\mozilla\Firefox\Profiles\7sadp2dn.default\extensions\moveplayer@movenetworks.com [2011.09.24 16:15:11 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Heinz\AppData\Roaming\mozilla\firefox\profiles\7sadp2dn.default\extensions\finder@meingutscheincode.de.xpi [2011.07.19 08:16:10 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Heinz\AppData\Roaming\mozilla\firefox\profiles\7sadp2dn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.11.22 21:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.22 21:45:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.11.22 21:46:07 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.08.23 10:49:10 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.07.11 11:40:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 13:56:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.11 11:40:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.11 11:40:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.11 11:40:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.11 11:40:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~2\IR_SERVER.exe File not found O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heinz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AD5438F-C227-4709-AA1C-6502E81DBA06}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0cb56667-37ec-11df-bd9d-001e3369d676}\Shell\AutoRun\command - "" = H:\wubi.exe --cdmenu O33 - MountPoints2\{14ee7ef7-384c-11df-9964-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{14ee7ef7-384c-11df-9964-001e3369d676}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{3ab85de6-7312-11de-b1a9-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{3ab85de6-7312-11de-b1a9-001e3369d676}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{54aa407b-73af-11de-9b15-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{54aa407b-73af-11de-9b15-001e3369d676}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{54aa407d-73af-11de-9b15-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{54aa407d-73af-11de-9b15-001e3369d676}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{54aa407f-73af-11de-9b15-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{54aa407f-73af-11de-9b15-001e3369d676}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7e4cc2b5-7548-11de-970e-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{7e4cc2b5-7548-11de-970e-001e3369d676}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7e4cc2b7-7548-11de-970e-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{7e4cc2b7-7548-11de-970e-001e3369d676}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7e4cc2ea-7548-11de-970e-001e3369d676}\Shell - "" = AutoRun O33 - MountPoints2\{7e4cc2ea-7548-11de-970e-001e3369d676}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a3596863-731e-11de-8d38-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a3596863-731e-11de-8d38-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 7 Days ========== [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 7 Days ========== [2012.12.05 19:33:38 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.05 19:33:27 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.05 19:33:27 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.05 19:33:27 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.05 19:33:27 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.05 19:32:28 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.12.05 19:32:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.05 19:32:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.04 21:19:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.04 21:19:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 21:24:15 | 2948,448,256 | -HS- | M] () -- C:\hiberfil.sys [2012.12.03 21:22:49 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.12.03 21:22:15 | 000,000,680 | ---- | M] () -- C:\Users\Heinz\AppData\Local\d3d9caps.dat [2012.12.03 21:18:30 | 000,000,911 | ---- | M] () -- C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.01 19:55:48 | 292,961,072 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.29 10:45:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.29 10:45:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.28 20:29:32 | 000,017,408 | ---- | M] () -- C:\Users\Heinz\AppData\Local\WebpageIcons.db [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.03 21:18:30 | 000,000,911 | ---- | C] () -- C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.03 21:18:26 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.08.25 13:32:28 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.08.12 20:48:03 | 000,017,408 | ---- | C] () -- C:\Users\Heinz\AppData\Local\WebpageIcons.db [2009.10.29 15:57:59 | 000,006,634 | ---- | C] () -- C:\Users\Heinz\AppData\Roaming\PrimoPDFSet.xml [2009.10.15 18:53:26 | 000,012,548 | ---- | C] () -- C:\Users\Heinz\AppData\Roaming\wklnhst.dat [2009.10.09 19:04:53 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.10.09 19:04:48 | 000,000,016 | -H-- | C] () -- C:\Users\Heinz\AppData\Local\mxfilerelatedcache.mxc2 [2009.10.09 19:04:45 | 000,000,016 | -H-- | C] () -- C:\Users\Heinz\AppData\Roaming\mxfilerelatedcache.mxc2 [2009.10.06 22:43:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.21 23:22:12 | 001,512,442 | ---- | C] () -- C:\Users\Heinz\aircrack-ng-1.0-rc3.tar.gz [2009.07.21 19:32:13 | 000,000,016 | -H-- | C] () -- C:\Users\Heinz\mxfilerelatedcache.mxc2 [2009.07.17 23:13:44 | 000,000,680 | ---- | C] () -- C:\Users\Heinz\AppData\Local\d3d9caps.dat [2009.07.17 19:13:12 | 000,048,128 | ---- | C] () -- C:\Users\Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.12.2012 19:34:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 60,51% Memory free 5,71 Gb Paging File | 4,57 Gb Available in Paging File | 79,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,89 Gb Total Space | 13,15 Gb Free Space | 8,83% Space Free | Partition Type: NTFS Drive D: | 1,87 Gb Total Space | 0,49 Gb Free Space | 26,01% Space Free | Partition Type: FAT Drive E: | 147,73 Gb Total Space | 133,90 Gb Free Space | 90,63% Space Free | Partition Type: NTFS Computer Name: HEINZ-PC | User Name: Heinz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1138EC66-BA7B-4B82-817B-099BCB66571D}" = rport=139 | protocol=6 | dir=out | app=system | "{1F7F2BAF-BE36-4249-929B-C2702B68AE47}" = lport=139 | protocol=6 | dir=in | app=system | "{4F30E184-18D8-48B7-9543-51CF22EAB418}" = rport=445 | protocol=6 | dir=out | app=system | "{5497B072-043C-49E1-85F4-5BE4D18A6795}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9183C3E4-3D55-4CC5-838E-E59FFD3DE8E1}" = rport=137 | protocol=17 | dir=out | app=system | "{93F672F5-5493-40A9-AC80-0FD718C6511A}" = rport=138 | protocol=17 | dir=out | app=system | "{9C6CE718-6AE5-46B1-A304-CE2F2F0C0DD9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{9FAB3600-B232-40D1-87E8-1EC1DD3BD8E8}" = lport=445 | protocol=6 | dir=in | app=system | "{B729D83A-89AD-4E6F-BA13-2BFBC0AB516C}" = lport=138 | protocol=17 | dir=in | app=system | "{CA311169-CCA3-44EE-ADB7-6470BF99961F}" = lport=137 | protocol=17 | dir=in | app=system | "{D3386401-CAD9-4AA4-913B-5005BB600205}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D9C35AC0-D2C8-4F1D-B458-A4913DA87B77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E77E02A2-8725-45FF-8E05-AFD45E833D96}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{22B08FEB-1DE2-4578-AB90-32FD7C95D920}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2E7DFC6D-17A0-425F-A547-7C4F8454BAD4}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | "{3B6A2437-CFBC-46E9-8C93-918CC148229D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3BDCB6C1-EBB9-49B0-91BE-C95DBDDB977E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{444EBC4C-40A5-42A4-AB6D-D9371B53E4DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{4DFA2834-7B51-4559-B271-A49CFFC9042D}" = protocol=17 | dir=in | app=c:\users\heinz\appdata\roaming\dropbox\bin\dropbox.exe | "{5B78290F-B3C2-465D-8FB9-513445E231B7}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{744A3D81-3BE5-42F2-A97C-BD2A876E0DCD}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{7D72BFE9-082F-488B-A4F2-BBA261419855}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{9D9F7F33-640A-4E34-B540-12D270B71967}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A4C022D4-F381-4408-AE12-41F3F2D07A54}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B5653CA9-B185-4EDC-9309-6FF7B25FC7EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BC8FAD9E-0505-4CBA-B3CC-B420AC9ABE49}" = protocol=6 | dir=in | app=c:\users\heinz\appdata\roaming\dropbox\bin\dropbox.exe | "{D2391087-4BC9-4FD4-B902-31FE0A4DC50E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E2CFAF81-FD5F-4E7F-89FF-3E4AB6EE7DD1}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | "{E5FAFD14-C90B-415C-9DEE-3A581F27106B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E917A521-8A65-44A7-AD49-997AA3C939F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9CF6C8D-8792-4A1A-A1C1-E150AFC01D6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{EF566759-7772-4D14-BBCF-927EBC4924FB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{F57466B9-7854-40B3-83C0-768B468C4E21}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{047A4872-167C-4CF7-9D70-C20DEDBA120C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{05A7BEFA-B794-421D-AA01-59AB812CD989}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{1499059F-D36E-4B75-A871-E969D7A9D064}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{2FA7C358-0F29-4B86-84D4-A726CB4E83F9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{42A5F0DA-B929-4C3E-ABDB-A80EA07401B7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{42D33279-E35D-4EA9-BE00-C863DD798ED3}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "TCP Query User{628AA389-FB12-4655-A812-7875AA3B60DD}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | "TCP Query User{9512A57F-8671-45E3-9593-C750AB6EDA5E}C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe | "TCP Query User{B30B5612-FC56-4C4E-848D-10AAFE282603}C:\sierra\half-life\hl.exe" = protocol=6 | dir=in | app=c:\sierra\half-life\hl.exe | "TCP Query User{BCB507F4-2C87-45B7-A8B0-310DE09C4F6E}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | "TCP Query User{BE467A51-E7EA-4573-BB02-A877AA9EFE4F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{CA50AB62-9B18-4573-B4D0-058DFE4C3D6D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E271FD60-A9D5-4B4C-B4B7-252480EF83A3}C:\program files\ut2003\system\ut2003.exe" = protocol=6 | dir=in | app=c:\program files\ut2003\system\ut2003.exe | "TCP Query User{E73C4B3A-41E6-4729-8BBB-0A057F0AC98D}C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe | "TCP Query User{F19B21C9-C478-41CE-8ACD-85DB33EB1B87}C:\program files\ut2003\system\ut2003.exe" = protocol=6 | dir=in | app=c:\program files\ut2003\system\ut2003.exe | "UDP Query User{185572F7-1053-4A29-9F20-184B9221CF12}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{19A8DC00-9BF5-413A-B181-23590381B33D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{1FF2CD93-E111-47A0-AFFA-BDA3A14DEA24}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{29648712-1A8E-4471-9958-F746D7E1AA3A}C:\program files\ut2003\system\ut2003.exe" = protocol=17 | dir=in | app=c:\program files\ut2003\system\ut2003.exe | "UDP Query User{2AE1884C-0DC2-4E59-A09B-2F86B3274012}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{2AE475C7-572E-44E6-85A4-6B68D49BF010}C:\sierra\half-life\hl.exe" = protocol=17 | dir=in | app=c:\sierra\half-life\hl.exe | "UDP Query User{4250A5B5-A2B1-4558-B594-894BB54A346C}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | "UDP Query User{4AD4C689-BD0C-4941-9027-91ED86C0D0FB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{52571E3A-089D-4E7D-8CD5-C6E090B19E18}C:\program files\ut2003\system\ut2003.exe" = protocol=17 | dir=in | app=c:\program files\ut2003\system\ut2003.exe | "UDP Query User{5C9CAFF2-043D-4563-90A4-8365FA029861}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | "UDP Query User{5E7C7231-1D5E-4102-B31E-5909E83CF1E4}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "UDP Query User{AD0F264D-BE0F-441E-AE53-AC851AAB4426}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{CC4233DE-86E0-4674-9811-A0DAB7F83413}C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe | "UDP Query User{E518AB85-0C7D-4D42-B4CF-5889DEF6280B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F22150B6-D927-468F-8417-5F372EEE8E1E}C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29 "{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek "{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility "{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian "{5726781E-09D4-4C1B-86D4-1663AD5D5CB2}" = Lotus Notes 7.0.2 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional "{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English "{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light "{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard "{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish "{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese "{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional "{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish "{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch "{8E55813F-2FA3-47E8-9AF9-31DC0B4AE3ED}" = Mindjet MindManager Viewer 7 "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish "{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese "{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client "{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian "{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch "{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE "{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese "{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean "{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish "{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French "{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Applian FLV Player2.0.24" = Applian FLV Player "Avira AntiVir Desktop" = Avira Free Antivirus "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Foxit Reader" = Foxit Reader "FreePDF_XP" = FreePDF (Remove only) "Google Updater" = Google Updater "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "Grand Theft Auto" = Grand Theft Auto "Half-Life" = Half-Life "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D) "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Webclient für Win32 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de) "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "myphotobook" = myphotobook 3.5 "OpenVPN" = OpenVPN 2.1_rc19 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Sierra Utilities" = Sierra Utilities "Sweet Home 3D_is1" = Sweet Home 3D version 3.6 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TOSHIBA Software Modem" = TOSHIBA Software Modem "UT2003" = Unreal Tournament 2003 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = WinRAR "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.02.2012 19:05:00 | Computer Name = Heinz-PC | Source = WinMgmt | ID = 10 Description = Error - 04.03.2012 18:28:23 | Computer Name = Heinz-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel 0x4d76255d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x570, Anwendungsstartzeit 01ccfa5617e440e0. Error - 12.03.2012 18:29:55 | Computer Name = Heinz-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: b4c Anfangszeit: 01ccffd5622061a0 Zeitpunkt der Beendigung: 201 Error - 13.03.2012 17:30:55 | Computer Name = Heinz-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1168 Anfangszeit: 01cd009fa63dcb00 Zeitpunkt der Beendigung: 480 Error - 26.03.2012 05:53:05 | Computer Name = Heinz-PC | Source = WinMgmt | ID = 10 Description = Error - 27.03.2012 16:45:29 | Computer Name = Heinz-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1638 Anfangszeit: 01cd0b7161248e00 Zeitpunkt der Beendigung: 261 Error - 28.03.2012 20:30:26 | Computer Name = Heinz-PC | Source = WinMgmt | ID = 10 Description = Error - 01.04.2012 14:42:09 | Computer Name = Heinz-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung plugin-container.exe, Version 11.0.0.4454, Zeitstempel 0x4f5ecbd4, fehlerhaftes Modul FOXITR~1.OCX, Version 1.0.1.224, Zeitstempel 0x4b849404, Ausnahmecode 0xc0000005, Fehleroffset 0x00002dce, Prozess-ID 0xe7c, Anwendungsstartzeit 01cd10371e9d6690. Error - 04.04.2012 06:43:38 | Computer Name = Heinz-PC | Source = EventSystem | ID = 4621 Description = Error - 04.04.2012 06:46:36 | Computer Name = Heinz-PC | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect Secure Mobility Client Events ] Error - 03.12.2012 16:20:03 | Computer Name = Heinz-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 03.12.2012 16:20:03 | Computer Name = Heinz-PC | Source = acvpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 03.12.2012 16:21:56 | Computer Name = Heinz-PC | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 03.12.2012 16:21:57 | Computer Name = Heinz-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1086 NULL object. Cannot establish a connection at this time. Error - 03.12.2012 16:23:20 | Computer Name = Heinz-PC | Source = acvpnagent | ID = 67110873 Description = Termination reason code 9: Client PC is shutting down. Error - 03.12.2012 16:26:26 | Computer Name = Heinz-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 03.12.2012 16:27:28 | Computer Name = Heinz-PC | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 03.12.2012 16:27:31 | Computer Name = Heinz-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1086 NULL object. Cannot establish a connection at this time. Error - 03.12.2012 16:49:28 | Computer Name = Heinz-PC | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 03.12.2012 16:49:28 | Computer Name = Heinz-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1086 NULL object. Cannot establish a connection at this time. [ OSession Events ] Error - 27.12.2010 14:21:29 | Computer Name = Heinz-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 214 seconds with 60 seconds of active time. This session ended with a crash. Error - 28.09.2011 10:03:04 | Computer Name = Heinz-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1396 seconds with 1020 seconds of active time. This session ended with a crash. Error - 27.10.2012 16:55:08 | Computer Name = Heinz-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139110 seconds with 2160 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.11.2012 15:02:45 | Computer Name = Heinz-PC | Source = bowser | ID = 8003 Description = Error - 29.11.2012 18:03:00 | Computer Name = Heinz-PC | Source = bowser | ID = 8003 Description = Error - 29.11.2012 23:24:00 | Computer Name = Heinz-PC | Source = DCOM | ID = 10010 Description = Error - 29.11.2012 23:27:30 | Computer Name = Heinz-PC | Source = bowser | ID = 8003 Description = Error - 30.11.2012 08:43:22 | Computer Name = Heinz-PC | Source = bowser | ID = 8003 Description = Error - 30.11.2012 12:46:45 | Computer Name = Heinz-PC | Source = bowser | ID = 8003 Description = Error - 01.12.2012 14:56:22 | Computer Name = Heinz-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.12.2012 um 19:43:32 unerwartet heruntergefahren. Error - 01.12.2012 17:56:53 | Computer Name = Heinz-PC | Source = DCOM | ID = 10010 Description = Error - 03.12.2012 07:07:57 | Computer Name = Heinz-PC | Source = bowser | ID = 8003 Description = Error - 03.12.2012 11:53:25 | Computer Name = Heinz-PC | Source = bowser | ID = 8003 Description = < End of report > |
07.12.2012, 19:07 | #2 |
/// Helfer-Team | GVU TrojanerDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found [2012.12.03 21:18:30 | 000,000,911 | ---- | M] () -- C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.03 21:22:49 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Heinz\*.tmp C:\Users\Heinz\AppData\Local\Temp\*.exe C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
21.12.2012, 21:20 | #3 |
| GVU Trojaner Hallo t'John!
__________________vielen vielen Dank für deine Hilfe! Ich kann jetzt meinen Rechner wieder normal bedienen. Die letzten zwei Wochen war ich viel unterwegs und wenig zuhause, sodass ich erst jetzt dazugekommen bin alles ganz abzuarbeiten. Hier sind die Logs: OTL Log: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully. C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully. C:\ProgramData\0tbpw.pad moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Heinz\*.tmp not found. C:\Users\Heinz\AppData\Local\Temp\AdobeUpdater12345.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\c7jiwemvtne2.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\DelayInst.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\DivXSetup.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\FlashPlayerUpdate01.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\FlashPlayerUpdate02.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\FlashPlayerUpdate03.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\installservice.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\instmsi.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\instmsiw.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw_13974002.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\lj1018-HB-pd-win32-enp.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\lj1018-HB-pd-win32-gep.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\lj1018-HB-pnp-win32-gep.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\msg5255.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\SkypeSetup.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\vpnclient_setup.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\wlsetup-cvr.exe moved successfully. C:\Users\Heinz\AppData\Local\Temp\ytb.exe moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-5f035f3c-n folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-1575a887-n folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Heinz\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Heinz\Desktop\cmd.bat deleted successfully. C:\Users\Heinz\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Heinz ->Temp folder emptied: 7029564947 bytes ->FireFox cache emptied: 422829945 bytes ->Flash cache emptied: 5878 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 628534478 bytes RecycleBin emptied: 12194943 bytes Total Files Cleaned = 7.718,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12112012_213917 Files\Folders moved on Reboot... C:\Users\Heinz\AppData\Local\Temp\wpbt0.dll moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.11.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Heinz :: HEINZ-PC [Administrator] 11.12.2012 21:58:41 mbam-log-2012-12-21 (20-43-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 419925 Laufzeit: 4 Stunde(n), 22 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Heinz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J4N7Z8RJ\myfile[1].dll (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\12112012_213917\C_Users\Heinz\AppData\Local\Temp\c7jiwemvtne2.exe (Trojan.Agent.RNDGen) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\12112012_213917\C_Users\Heinz\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt. (Ende) Adwcleander Log: Code:
ATTFilter # AdwCleaner v2.101 - Datei am 21/12/2012 um 20:55:30 erstellt # Aktualisiert am 16/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Heinz - HEINZ-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Heinz\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\Heinz\AppData\LocalLow\boost_interprocess ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\Software\Freeze.com Schlüssel Gelöscht : HKLM\SOFTWARE\Software ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v17.0 (de) Profilname : default Datei : C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\7sadp2dn.default\prefs.js C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\7sadp2dn.default\user.js ... Gelöscht ! Gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n"); Gelöscht : user_pref("surfcanyon.last_checked_ts", "1266957106765"); ************************* AdwCleaner[S1].txt - [1120 octets] - [21/12/2012 20:55:30] ########## EOF - C:\AdwCleaner[S1].txt - [1180 octets] ########## |
22.12.2012, 14:16 | #4 |
/// Helfer-Team | GVU Trojaner Sehr gut! Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
28.12.2012, 01:54 | #5 |
| GVU Trojaner Der Rechner läuft wieder ganz hervorragend, vielen Dank! Hier das Logfile von Emsisoft Anti-Malware: Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0 Letztes Update: 27.12.2012 22:08:45 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 27.12.2012 22:13:12 Gescannt 534015 Gefunden 0 Scan Ende: 28.12.2012 01:43:43 Scan Zeit: 3:30:31 |
28.12.2012, 09:42 | #6 |
/// Helfer-Team | GVU Trojaner Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ --> GVU Trojaner |
24.02.2013, 11:19 | #7 |
/// Helfer-Team | GVU Trojaner Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu GVU Trojaner |
antivir, avira, bho, browser, desktop, downloader, error, excel, failed, firefox, flash player, grand theft auto, gvu trojaner, home, install.exe, installation, internet, logfile, mozilla, office 2007, plug-in, realtek, registry, security, senden, software, svchost.exe, teamspeak, trojaner, usb 2.0, vista |