| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RunDLL Dateien fehlen nach Entfernen von GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2012, 13:54
| #1 |
 |  RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Hallo liebe Foren Benutzer, ich kann mir nicht wirklich vorstellen, dass ich der erste mit diesem Problem bin. Daher tut es mir leid, falls ich unfähig sein sollte die Suchfunktion korrekt zu benutzen. Ich habe mit hilfe von 'Hijack This' den GVU-Trojaner von meiner Festplatte entfernt. Dafür musste ich Dateien löschen. Nun kommen bei jedem Start von Windows zwei Fehlermeldungen: 1. 'RunDLL - Problem beim Starten von C:\Windows\system32\NvCpl.dll Das angegebene Modul wurde nicht gefunden.' 2. 'RunDLL - Problem beim Starten von C:\Users\Name\AppData\Local\Temp\rty0_7z.exe Das angegebene Modul wurde nicht gefunden.' Zusätzlich kommen beim 'Hardware sicher entfernen' dazu: 3.'RunDLL - Problem beim Starten von C:\Windows\system32\hotplug.dll Das angegebene Modul wurde nicht gefunden.' 4. 'RunDLL - Problem beim Starten von C:\Windows\system32\WerConCpl.dll Das angegebene Modul wurde nicht gefunden.' Könnte mir vielleicht jemand sagen, was ich tun muss, um die fehlenden Module wieder zu bekommen? Vielen vielen Dank, Max |
|
28.12.2012, 13:55
| #2 |
| /// Helfer-Team  | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
28.12.2012, 17:17
| #3 |
| | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Hier die drei Logs. (leider nur eine Datei im Anhang, da zu groß).
__________________Code:
ATTFilter OTL logfile created on: 28.12.2012 14:05:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nofluc\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 52,50% Memory free 4,82 Gb Paging File | 2,61 Gb Available in Paging File | 54,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 3,90 Gb Free Space | 0,85% Space Free | Partition Type: NTFS Computer Name: NOFLUC-LAB | User Name: Nofluc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nofluc\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe () PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation) PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\OneClickInternet\WTGService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\QtGui4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\QxtGui.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\QxtCore.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\imageformats\qtiff4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\imageformats\qsvg4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\QtCore4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\QtNetwork4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\QtXml4.dll () MOD - C:\Program Files (x86)\Wacom\Inkling Sketch Manager\QtSvg4.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () ========== Services (SafeList) ========== SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe File not found SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Internet Manager. RunOuc) -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe () SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe () SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (QDLService2kSony) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe (QUALCOMM, Inc.) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (WTGService) -- C:\Program Files (x86)\OneClickInternet\WTGService.exe () SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology) DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (qcusbnetsny2k) -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys (QUALCOMM Incorporated) DRV:64bit: - (qcusbsersny2k) -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys (QUALCOMM Incorporated) DRV:64bit: - (qcfilterSny2k) -- C:\Windows\SysNative\drivers\qcfilterSny2k.sys (QUALCOMM Incorporated) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (shpf) -- C:\Windows\SysNative\drivers\shpf.sys (Sony Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\..\SearchScopes,DefaultScope = {50A622CB-7679-46A6-B60C-612329848CCB} IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\..\SearchScopes\{091F6CBA-AB08-4FBE-8F49-B64AAD002D84}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\..\SearchScopes\{097FF13A-6942-4D99-82A9-E42E53D1D320}: "URL" = hhxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\..\SearchScopes\{50A622CB-7679-46A6-B60C-612329848CCB}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\..\SearchScopes\{F7EB6EC9-E91D-4AFE-9F6D-269CB3DB44C2}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-256449650-2887231433-326794205-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191 FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.12 11:34:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 09:34:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.16 15:05:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.16 15:05:38 | 000,000,000 | ---D | M] [2010.03.16 19:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nofluc\AppData\Roaming\mozilla\Extensions [2012.12.16 15:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nofluc\AppData\Roaming\mozilla\Firefox\Profiles\32kgbn6x.default\extensions [2010.12.13 14:16:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Nofluc\AppData\Roaming\mozilla\Firefox\Profiles\32kgbn6x.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.10.09 19:57:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Nofluc\AppData\Roaming\mozilla\Firefox\Profiles\32kgbn6x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.12.16 15:10:12 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Nofluc\AppData\Roaming\mozilla\firefox\profiles\32kgbn6x.default\extensions\firebug@software.joehewitt.com.xpi [2012.12.16 15:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.09.12 11:40:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.16 15:05:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.12.16 15:05:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.16 15:05:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.16 15:05:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.16 15:05:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.16 15:05:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.16 15:05:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: No name found = C:\Users\Nofluc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\ O1 HOSTS File: ([2010.03.20 19:56:01 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKU\S-1-5-21-256449650-2887231433-326794205-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-256449650-2887231433-326794205-1003..\Run: [AdobeBridge] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801}: DhcpNameServer = 192.168.123.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5698BBCF-AC45-4319-A1DF-05F2BBED671E}: NameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60F9DA29-E583-4FFD-8238-A474DBE77809}: NameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA007901-32EB-4E4B-990E-770E142A21D9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9321920-A43D-44A4-9201-F99903E24A9B}: NameServer = 10.74.210.210 10.74.210.211 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.03 23:34:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{9b5d4539-fd74-11e1-97e2-0024be668b8e}\Shell - "" = AutoRun O33 - MountPoints2\{9b5d4539-fd74-11e1-97e2-0024be668b8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9b5d454a-fd74-11e1-97e2-0024be668b8e}\Shell - "" = AutoRun O33 - MountPoints2\{9b5d454a-fd74-11e1-97e2-0024be668b8e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{9b5d4567-fd74-11e1-97e2-0024be668b8e}\Shell - "" = AutoRun O33 - MountPoints2\{9b5d4567-fd74-11e1-97e2-0024be668b8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9b5d45a4-fd74-11e1-97e2-0024be668b8e}\Shell - "" = AutoRun O33 - MountPoints2\{9b5d45a4-fd74-11e1-97e2-0024be668b8e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.28 14:01:45 | 000,000,000 | ---D | C] -- C:\Users\Nofluc\AppData\Roaming\Malwarebytes [2012.12.28 14:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.28 14:01:34 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.28 14:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.28 14:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.28 14:01:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nofluc\Desktop\OTL.exe [2012.12.27 13:57:29 | 000,000,000 | ---D | C] -- C:\Users\Nofluc\Documents\SKizzeNBucH [2012.12.27 13:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Inkling [2012.12.27 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Nofluc\AppData\Local\Inkling [2012.12.27 13:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wacom [2012.12.27 13:05:58 | 000,000,000 | ---D | C] -- C:\Users\Nofluc\Documents\My Sketches [2012.12.23 18:59:31 | 000,000,000 | R--D | C] -- C:\Users\Nofluc\Desktop\MiniDisc Sessions [2012.12.23 00:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\naturalsoft [2012.12.23 00:05:14 | 000,000,000 | ---D | C] -- C:\Users\Nofluc\AppData\Roaming\Naturalsoft [2012.12.23 00:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\naturalsoft [2012.12.23 00:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalSoft [2012.12.16 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.12.16 15:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.12.16 13:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2012.12.16 13:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder [2012.12.16 13:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No23 Recorder [2012.12.12 12:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.12 12:21:46 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.12 12:20:52 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.12 12:20:51 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.12 12:20:51 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.05 13:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy [2012.12.05 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simfy [2004.04.23 17:06:25 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp71.dll [2004.04.23 17:06:25 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr71.dll [2003.09.08 09:09:54 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp70.dll [2003.09.08 09:09:54 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr70.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.28 14:01:35 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 14:01:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nofluc\Desktop\OTL.exe [2012.12.28 13:50:50 | 001,768,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.28 13:50:50 | 000,757,286 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.28 13:50:50 | 000,701,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.28 13:50:50 | 000,172,606 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.28 13:50:50 | 000,139,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.28 13:45:42 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 13:45:42 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 13:36:52 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 13:36:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 13:36:42 | 3113,398,272 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 13:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 13:13:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.28 10:10:56 | 104,464,394 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2012.12.27 16:17:32 | 000,000,053 | ---- | M] () -- C:\Users\Nofluc\temppics.adob [2012.12.27 13:06:06 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Inkling Sketch Manager.lnk [2012.12.23 00:05:23 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Free NaturalReader.lnk [2012.12.16 13:37:50 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 18:04:23 | 000,398,164 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjg.avm [2012.12.12 16:23:17 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 16:23:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.12 12:20:24 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.12 12:20:23 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.12.12 12:20:23 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.12 12:20:23 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.12 12:20:23 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.12 12:20:23 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.28 14:01:35 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 16:28:45 | 002,138,941 | ---- | C] () -- C:\Users\Nofluc\Desktop\Inkling_Manual_DE.pdf [2012.12.27 16:17:32 | 000,000,053 | ---- | C] () -- C:\Users\Nofluc\temppics.adob [2012.12.27 13:06:06 | 000,002,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkling Sketch Manager.lnk [2012.12.27 13:06:06 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Inkling Sketch Manager.lnk [2012.12.23 00:05:23 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Free NaturalReader.lnk [2012.12.16 15:05:42 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.12.16 13:37:50 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk [2012.11.14 23:12:22 | 000,027,520 | ---- | C] () -- C:\Users\Nofluc\AppData\Local\dt.dat [2012.10.03 08:48:20 | 000,000,032 | ---- | C] () -- C:\Users\Nofluc\.simfy [2012.09.02 09:46:41 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT [2012.07.24 12:46:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad [2012.04.12 20:47:07 | 000,000,126 | -H-- | C] () -- C:\Users\Nofluc\.picasa.ini [2012.04.04 17:03:15 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2012.04.04 17:03:15 | 000,000,058 | ---- | C] () -- C:\Users\Nofluc\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2012.01.04 00:34:55 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.09 14:58:57 | 000,005,875 | ---- | C] () -- C:\Users\Nofluc\index.html [2011.04.15 10:58:43 | 000,323,181 | ---- | C] () -- C:\Users\Nofluc\ignator.jpg [2010.03.17 23:42:54 | 000,004,608 | ---- | C] () -- C:\Users\Nofluc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.16 19:30:41 | 000,007,605 | ---- | C] () -- C:\Users\Nofluc\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
28.12.2012, 17:19
| #4 |
| | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner und noch das: Code:
ATTFilter OTL Extras logfile created on: 28.12.2012 14:05:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nofluc\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 52,50% Memory free
4,82 Gb Paging File | 2,61 Gb Available in Paging File | 54,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 3,90 Gb Free Space | 0,85% Space Free | Partition Type: NTFS
Computer Name: NOFLUC-LAB | User Name: Nofluc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058ABF3E-B18F-4D9F-BABA-EADA3D541A68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FC880A7-2920-43EC-AB5B-C2B6BBD51447}" = lport=2869 | protocol=6 | dir=in | app=system |
"{83CA1A43-F0BB-4D3B-AD65-3B45D03E0286}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E941698-2C8E-4A4A-8129-1BFEC72D0D3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A02AFF76-B00C-4969-9359-F63B20A80A75}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A05557CB-8BD9-4A7E-98C0-90F040E53C37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B11D0569-2B15-411F-8CDE-A403B363B33B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B36C78FB-8A72-497B-A28B-798217B26F7E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B3F35B9B-1258-4BA2-9BAD-622CCDE93366}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE19BB01-C3A0-49A9-A4D8-83B98070B12C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFF0E32E-3741-4590-85B8-6EB7DBD283B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2F2D0F8-109A-4EBF-BA6D-059D9D002D44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5B2EFB6-777F-4244-B87B-5A685E6C11B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001F9421-A480-4196-8020-5545ADCEA704}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{012549AD-3746-49AF-8C1F-6F36228A218E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{01B1B33A-06BB-4288-BBBF-D26A2A8478DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{022F63BA-C1F0-4433-9013-494C80935A2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04994145-05C5-4D28-9D83-F34EB76E9638}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{061A7EB1-C1EC-4D25-AB45-87D7EA757848}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0689F07B-57EB-4505-8B2A-436B63B57B6F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{074DD385-EAE2-4EDD-AD2C-97EDE034C207}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07797F63-DE7E-4FF9-897E-EDC7B9CAE32C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{093719F9-22DB-4B67-90BD-80BF3E192A86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A655E8F-001B-4277-B77F-A000E7192FC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B641D35-3AEC-4FCE-B189-E42E850F45C2}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avadmin.exe |
"{0BEC1F58-AE85-43A4-8ED1-D9286DB1CF8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C20FE60-3039-468C-BFD3-2E59459B85E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0EB15D7F-4EB8-4E25-BBAA-674CFFC2978D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{119FBFE1-9A4C-46E3-A561-47E185701B07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11A61FFE-3AD5-41E9-911A-EF0F303EE5E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11EC3299-E32A-4890-AC07-1441A0D09B6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13A93CCF-CAA0-4296-A303-D760C6611987}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{149C7F34-B892-4501-ABA1-DD0CCCAECD09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{159135AD-0338-43B3-B005-C205FFBF7A55}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\sched.exe |
"{182C1EF3-492C-4411-AF22-C96026D9298D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19A080F0-27AB-48CB-AA7E-B65BEBDFB271}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B68922B-D4D2-4F16-BF79-5D275AFD67CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B88D135-531A-4EAC-97E7-A88C6F1B6BED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D4690C0-94FB-4AC5-B990-3C90BC691E6C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1F2C90CC-03B2-44B3-8763-45B7EADBD395}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{20A29F4E-53DB-4B84-A708-292E7A31C6F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{227DD7AC-59E0-452F-8340-2340AAE1FFC3}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\updfix.exe |
"{2588D51B-030A-428D-B832-EF997E3A30F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A0593D2-9187-4584-A967-7A757E836B3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2AFB4A47-8A3B-4CD9-97AF-548837C9FFE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2BA3AF27-7A96-474D-825E-7293750EFED4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CB52A66-0F3B-43A4-85BD-2A72CAF01EFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D18C1B4-0210-40A1-8984-01AF1A67686A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D2FC3B7-B029-4860-951C-1BFEFC9B77B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D64652C-39A9-4CA9-8AB8-F1539564BBBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E1AEF21-B795-4AA6-A1F7-21105CAB968F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E1BD3B7-C8D8-4A57-A05C-504F919A554B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EFBBA78-7891-4970-B908-FBDEEF98D584}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F32207C-5BCC-4368-9262-2794A7DC2875}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{300F82B9-7D80-414C-8287-A2F1685B4F8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30A6D92B-68CD-46F2-8690-9442EAFBCCB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{328F1854-DB22-4D84-A11C-E2489BEEE33D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33EFFFC1-82B0-4ADB-8F2C-AC5ED66412D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3474EFC2-F842-4B76-B6C5-7A2FC539061F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34DC40DB-A20E-4533-9E1B-8A117465C943}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{34F4CCDF-B85F-46DF-BE61-40D423D5F18D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36953730-8972-45B3-ADD6-E17D47767332}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36B69D15-15AA-4481-94AB-E555984BEAA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3ADBA1E2-574F-420C-A749-E69CC20011B3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3B83C49B-BF10-4BA6-95FC-6A5145F372B4}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio transfer support\vaiotransfer.exe |
"{3C43BE05-86D7-4B25-BAA4-FB8066A35AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{3C667DCE-9A60-4152-BE57-FBC996553C35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41483BA6-8147-4EF3-B96F-1087EC12F5BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{434562A0-E229-4A43-AE2E-BA2B8B2F046D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{46611D25-4C76-4ACD-93A5-9C15071D5293}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{498AEB5F-DF58-4C68-AB94-FE7C1A1680A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\guardgui.exe |
"{4A6C5D85-74C3-4D95-B01A-80F6DCA85FAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F045D5F-D480-4789-B6E0-7B7D279CA61A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4F1F7CE6-90D3-4A3D-8DA6-D793D3EF7215}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F756B6B-01B0-4DD9-BF19-84DAE78EF867}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{505EB0AB-DE50-42DB-9CCE-5815C2337A7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{512189F9-83A1-489D-AE94-C7A7FDDA61BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{52F86D32-C132-4AC5-9988-BEF376C4CBC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{53B06513-7525-41F1-B745-8722EFFF28D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{53ED7077-7095-4D06-A00F-DCFF28C04938}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54871726-4460-4D33-870B-D2C18D96EA66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{576A2595-63B9-4044-B65E-1F7263E87134}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57C7E1C8-0F16-4CA6-AAAB-A129AA66EC5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57E615A3-5EB2-4800-8747-1446660C8A28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{583D156F-55F4-4555-AC92-2E7C380FFEEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{596C1617-54C3-4248-85E9-943D6DEF1DB0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{5B8D4D1B-CD43-4829-B46C-4E4D9C8801D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5BE5DD14-E80E-4BAD-9FB4-A006F6DF9015}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{5BEFE447-A18D-4999-897B-276CBE10010D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DF187B4-F2CF-4A76-8A8B-B60E27F5CAD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EA0724D-C9C7-48F6-88BD-FFF5EBEA5029}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5FB38416-30E6-4F49-AB56-0408867345BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6047A33F-B98F-4D9F-B3C8-079575868F50}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{61698809-EB97-4F56-BBA9-1D7C58D797F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{64552EF5-6923-40B7-99D8-86CCDEB60A52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64FBA301-6246-4915-B681-6F142C44C348}" = protocol=6 | dir=out | app=system |
"{6590E3F2-7025-4393-B783-88C524F9E419}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{65D365C9-3889-4021-B2A9-9CAFCAF0623A}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio transfer support\vaiotransfer.exe |
"{665BAE8A-E97C-452B-ADFD-A37ECAF21EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{66994E76-2658-41B0-89EA-A73F64F3EB21}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{670107AE-C473-484A-9A27-8BCB4714DA8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67665C2C-FD0D-4A7C-A291-3657ACA08967}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67F529AF-312E-48A2-9A6C-83BE7690538B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69F27216-5019-40AE-9E97-4E20A2612B73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BAFAF14-4320-4A6D-98A5-AB51FFA5247A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BE68C36-CC35-4BE0-9FBD-7A2C3F2D6FBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70AF4069-F635-420A-AB6D-1B4820B6887E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{713B7903-6E50-496C-B58F-E35ED7E081FC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{72C086F4-D177-4727-ABBE-2A9352C6B81B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{7468848A-A4FE-404E-858F-49DD365E519B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74C17541-D818-4B71-A6D7-CE5422F5C7FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74EAA12D-5898-411C-BC27-12C86ABE474B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76F895FB-B4DD-4C3A-9CD6-6C902FC66297}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{785FDC1A-EFF4-46F6-9DE8-532ED3232BF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79E96C26-445F-409E-B8B6-6EA3E1261A98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AF1A3B6-6986-4A1B-992D-CC0D248E6EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7BA063C1-9145-4659-8ABD-436B99ECDA8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C943349-F26F-473A-BFE0-4DCA0D35FC42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D3758D6-D6A2-4338-B8E6-92ABBD3B1980}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{7D761BCA-967D-43F0-8980-C22576E4B0B1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{7DB0EB12-46A4-4CD8-BD6A-F86BD1317357}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{805C35CF-D5DA-4049-BDE6-BB683DEFB064}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8091896D-2103-4F21-8F5E-0FBAAA65CC5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81310DC9-BB59-4A29-8132-9136D9D8A412}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8468DD87-DE55-4444-8D5B-D314C26E0436}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8621D1A8-4882-44CD-AC36-B7B52382CCA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89354472-1BF7-4AF0-8B69-D3E5521F1DE6}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\licmgr.exe |
"{896626C3-57E3-4A60-98D0-44F280D171DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89E79916-44D8-4C94-B468-5F1B675EEB07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B23E956-F529-4346-A147-50DD47444512}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8EA9647F-727C-4278-A1E6-949909B40EBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9001A5F9-61C8-4D56-A0FE-0D9AEA9146E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{904100C6-A735-4D84-A5E0-EFB201741E0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{935D69F7-BE28-4B47-A369-FE81D14679AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{977235AD-89C3-45D7-962A-2B52E0E4A30D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{977858C1-F1BE-4CFC-9F77-F04E3B2EC21B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9847907A-ECD4-4C09-88A0-008CD9000C58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{98B98F1A-06F2-4A20-BFEB-4C40EA8817BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99B0B9DF-D960-4F80-ABE6-D5D2D95B610D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B0E318B-EC14-491B-9D47-2314815A8EC0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{9B859F9B-E4CF-4EAE-BA30-DAFD6A20B3E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C0C0D3A-779E-42CB-934D-5A0B9C2E3006}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CE4C6BE-571B-47C4-8C9A-C5AD61FEA348}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9CF3EF55-4B30-46CF-AEC8-FD4EB89F4CE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E9C0CE1-FDB6-436E-AE80-0A8D07E65F9E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F0452A2-07F2-41B3-B018-65652CB8CCBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0140616-D800-4B19-9C7C-AE65B0073A43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1964987-24A9-4B82-AF10-FE83B3727209}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3564212-964A-4698-98BA-89A8ACD3AD06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3EFD198-B614-4E35-A944-D3E133A3D2B0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A5F23ADA-8CEB-4892-A3D9-B93C9B3194CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9F8DE77-D502-40A2-BEF8-333CA94645B0}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avguard.exe |
"{AAF7D5A8-2C0A-4E61-A9FB-0A85F4672E68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB45CB2C-008A-4AA8-BB29-B7A89E61552A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC55CF3C-57EE-4976-9F9D-358DDDDBFF52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD595B01-0341-429C-9B78-13F1FC8275BB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{ADC7F68C-03F3-4EB1-853F-46330AE3BB76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE6C5A04-0216-4D3C-B302-F267977F7865}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B000BDB1-E8D2-46C3-9F74-B65D17AE24EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{B2F78482-6CA9-4848-A583-6ED383AF8284}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B35A08C5-4026-48F0-B7D8-6AE7EAB3D8CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B431FEF1-78A5-4955-ACCC-9F492B6767A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4EA9AF7-0233-4E39-B296-56B299B15ABF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B51B82C2-04B1-4711-98DB-2F8E5707F1B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6761FDC-4645-4CE5-9CE1-DB854FDF5E5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B681D73F-6B64-4172-9706-14FDA8A54045}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7D4D82D-19D9-4471-9C70-CAC8A4B085FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8098E53-2246-4B74-84AB-9F13B26FD44B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAC81D7C-B6CC-4FF3-BEB0-0C25B779C5AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAF6D11D-1179-43B5-9992-8CD79C665544}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC542DE5-4472-407B-A0BA-F0308DF24F17}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDDE018F-3C68-415B-8C69-882318F908A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BFF8A97E-BFFD-49DB-A534-11EBB14211F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BFFBBA4F-A17A-4065-97F1-D9F2904519B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C115F840-48FA-4428-9B07-D227FC7216FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C18E53D0-00BA-4BFE-86BA-E210D15E6954}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1E5A024-05B6-45A2-92CB-999F7A79A412}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C237F9E3-5AFB-4F19-A0DC-86145926285A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C23BD866-9BD9-42B7-AC73-F07A4012B00F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3493F43-F5BD-4738-AC5E-7C2E5E57D5FA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C484ABB8-0633-46D0-80DE-699D389EB6FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C501A35A-2EA1-487D-ABE9-DC99961D7E7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C57E7CE1-88F8-498D-9FD1-5C77D5DB3C12}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C76F7150-02F5-485B-90B4-AA9798283223}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7FA8CC7-FDD6-4BB4-B044-4B9275413983}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C90A2385-4C5E-4E2F-9AEF-3B4E0ADCE5C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C991A587-6245-4684-8D08-66ACB9CA31D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{CBDEE6BD-0F80-47E3-80F4-5E66702918EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CC094D39-A859-4079-9ECC-16CFEBA3B628}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CCB97E26-49F4-4F15-B018-622436B889B8}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avguard.exe |
"{CDFAE820-EBDD-4FE3-8348-0B14F39E70CC}" = dir=out | app=%programfiles% (x86)\winamp\winamp.exe |
"{CFD1790F-4DAF-4180-B860-CAC8A622EA21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D0BEA9FA-F7D4-4F89-B9AD-D0138E1E95B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1E55D57-5D99-4907-835E-8BAED759E412}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2636533-6CC7-4571-BAD7-455F39AEB77E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2C271CE-8A6E-4E65-BA4F-BC0D6097FDD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D60371A3-66B2-499F-9C37-FDED8658E549}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\sched.exe |
"{D6AD3A8B-881A-46B0-A105-02B74CFBAC3F}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{D6AEA72D-34DC-4398-BC41-37759904017D}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\licmgr.exe |
"{D782E8A2-2815-44EF-8A76-48AB7EFA75A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7DEAA62-E989-4690-8BDF-9DEA47C94DE2}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{D8060276-C771-4FF2-9137-4E6D2A4A7758}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA510256-5DB8-4B2B-BF9D-C2785EE95F36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA8DE626-0E71-4A1B-BD27-F0C0801892EC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{DC94E24D-F7B0-4C96-9758-662B8085A014}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF0874EC-0934-4463-98DA-6E9270DE5B54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2149311-9A26-4FBA-AE07-F48DC041D9ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E24E082D-A12B-41A8-B414-B734D488A919}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E576B834-242F-4227-A1C3-3A7097B1B6D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6E55E76-53BA-4738-A63D-011A8516208E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7365BAC-7F17-4FDE-AB88-6B4EA7CE8DCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8B62E27-4330-44BA-AA09-4C5536AAB1F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA4C5D8B-E070-496F-A5A9-73857DD8A167}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avadmin.exe |
"{EA710009-FB02-46AC-B1D0-391B4C3CA400}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAFC88DE-85B4-4EC3-9914-56D25F7AAE6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBE08E2D-C6F8-49E0-BAC5-720C2EE49B7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECD34EB1-D0EC-4839-A84E-5F2C85FB9EAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE28E8B0-CAF5-421C-AE4C-35BAFBD5A38C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EEEE8DC6-A1CC-437A-9DE9-5AA4AA432D09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F016FAB8-E1E0-4124-891D-C71CE9C1BD1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2759E83-9CEE-4AE6-A40D-21CAE7E62DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\guardgui.exe |
"{F4C82521-E394-489D-A5EE-059A3EBA9241}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6909A3F-84FC-4DAF-84A4-DAEAB149FFAC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6983FF7-8C85-47E8-96BB-7FC4AD6F1160}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F69FE92A-B667-465A-A531-FEC2603A7993}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F7112086-B91A-456F-881C-974EE6720445}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7BA5DC6-F04E-40B8-AE21-8CDFEC3CEE3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8E8796B-C197-4623-8010-070029321AA4}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\updfix.exe |
"{FAC30232-3046-484F-9677-20102B528E45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FBDC8DDD-A2D6-434C-A0AB-F1601DC0E66D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC8D5607-3254-4C13-8F4A-90CF45943DA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE80CF0C-DBAC-41C5-90CC-664B97F78228}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{05F0CA6D-503D-4DE1-B96D-23F0B87E119C}C:\program files\graphisoft\archicad 15\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 15\archicad.exe |
"TCP Query User{2512748B-D665-46EA-96B5-BCD4169EE165}C:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe |
"TCP Query User{51542936-D500-4751-8077-348BF4EB7771}C:\program files\graphisoft\archicad 15\gsreport.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 15\gsreport.exe |
"TCP Query User{562021F7-9FE8-4775-BCBF-89BE8F0D1148}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{5698123B-009E-415F-A73D-32B595E902FF}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{5761F438-2A45-4704-9B71-58983454F147}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{5E50BCA1-1477-494B-BF74-38B6B0D9F39C}C:\program files\graphisoft\archicad 15\licensefilegenerator.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 15\licensefilegenerator.exe |
"TCP Query User{7E090525-B6ED-46ED-AA39-01F14FC99EF3}C:\program files (x86)\rhinoceros 4.0\system\rhino4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rhinoceros 4.0\system\rhino4.exe |
"TCP Query User{8B0D254B-B41D-4680-A42A-6F6FF492E6C4}C:\program files\graphisoft\archicad 15\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 15\archicad.exe |
"TCP Query User{A7972AE5-4DA3-4261-BCAD-ABB7A4F7F8CC}C:\users\nofluc\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\nofluc\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"TCP Query User{A821A48F-B917-4B9A-A241-68BB2BE876BF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A846AE30-32B5-447A-8E84-76662587E688}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B1B78FEF-C395-49C5-A351-FEA28AE36820}C:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe |
"UDP Query User{12FDCED8-9975-42C1-ADBC-F2B46C233219}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{36FA26A6-6EBF-4CF8-8E94-163B9A652B46}C:\users\nofluc\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\nofluc\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{4B3AD51D-47BC-4ED7-A09C-590EC249C6A4}C:\program files (x86)\rhinoceros 4.0\system\rhino4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rhinoceros 4.0\system\rhino4.exe |
"UDP Query User{542BC6EC-A53C-48AF-8FF0-B900D01825DB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{800D346F-21CF-44C4-AEAC-D0E91AE4D1D6}C:\program files\graphisoft\archicad 15\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 15\archicad.exe |
"UDP Query User{805A53A5-630F-4F7E-9204-9E789CB8A163}C:\program files\graphisoft\archicad 15\licensefilegenerator.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 15\licensefilegenerator.exe |
"UDP Query User{81FA10E2-FB05-4324-8DB4-BF7ACA98EBE2}C:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe |
"UDP Query User{8A71946A-2D2C-4223-865C-66D728D2BA21}C:\program files\graphisoft\archicad 15\gsreport.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 15\gsreport.exe |
"UDP Query User{97DD1828-B4BC-4E01-839E-573B235EFFB5}C:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 15\gsquicktimeserver\gsqtserver.exe |
"UDP Query User{AB6C1CA7-AF4F-4076-B27C-2A0EFFB1E567}C:\program files\graphisoft\archicad 15\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 15\archicad.exe |
"UDP Query User{AC19CA31-8BEB-4199-A177-2D368E75C726}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F8E4134F-1D0A-490D-930A-781C147C30CA}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{FBF08D11-1F12-4FF4-AB13-1DC6106D2306}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq4809" = CanoScan LiDE 210 Scanner Driver
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D9D2CAB2-C726-4372-9F05-51B906C802B5}" = AVG 2012
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F857B02C-B22C-42BC-9C78-F18BB7C6A55A}" = InklingSketchManager
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"001FFF2FFF15FF00FF0201F01F02F000-R1" = ArchiCAD 15 R1 GER
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom Tablet Driver" = Wacom Tablett
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C02693A-EF4F-42D1-9036-664B6C0D647E}" = Google SketchUp Pro 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30B1CCDB-209B-4E94-8311-379F2E6B6B59}" = RAW FILE CONVERTER EX powered by SILKYPIX
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{50A76A32-8D75-4839-815C-93054CFD436B}" = V-Ray for Rhinoceros
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{579F16AF-AFA0-488C-BE83-71F4C92EC216}" = V-Ray for Rhinoceros
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{671DC096-9262-4943-A3D8-ED8A757B60D5}_is1" = ID3 Tag Editor 1.0
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7ED89AE0-5832-4ED3-B29A-099F65295E82}" = Qualcomm Gobi 2000 Package for Sony
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{8058F9B8-68C6-4769-A1F2-994C4529B2C6}" = V-Ray for Rhinoceros
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{874B6438-7DEC-4FC3-A5E9-0E7FBED138D0}" = KeyShot From Rhino
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{99284958-43A1-E44A-B9CE-BB2E3D460617}" = simfy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE2DB46C-EA1A-434E-AABD-50EAF626EBEE}" = ASGvis Material Studio
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Arasan_is1" = Arasan 12.0
"Artlantis Studio 3" = Artlantis Studio 3.0.6
"AudibleManager" = AudibleManager
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ClassicPro" = ClassicPro© v1.15
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crimson Editor SVN263" = Crimson Editor SVN263
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.2.7.1
"Found Screensaver 2" = Found Screensaver 2 Screensaver
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.13.426
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}" = RAW FILE CONVERTER EX powered by SILKYPIX
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Internet Manager" = Internet Manager
"KeyShot From Rhino" = KeyShot From Rhino
"KeyShot2" = KeyShot2 2.0 32 bit
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Live 8.2.6" = Live 8.2.6
"Magic Bullet Editors 2.0 Premiere" = Magic Bullet Editors 2.0 Premiere
"Magic Bullet Looks PPro" = Magic Bullet Looks PPro
"Magic Bullet Suite 2.0" = Magic Bullet Suite 2.0
"Magic Bullet Suite 2.1" = Magic Bullet Suite 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No23 Recorder" = No23 Recorder
"OneClickInternet" = OneClick Internet
"Opera 12.12.1707" = Opera 12.12
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RarZilla Free Unrar" = RarZilla Free Unrar
"Rhino RDK" = Rhino RDK
"ScreenshotCaptor_is1" = Screenshot Captor 2.102.01
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Simfy" = simfy
"Stellarium_is1" = Stellarium 0.10.6.1
"TIMELOOK" = TIMELOOK Screen Saver
"T-Splines for Rhino" = T-Splines for Rhino
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"VLC media player" = VLC media player 1.0.3
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Word Clock_is1" = Word Clock
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-256449650-2887231433-326794205-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.09.2012 16:15:19 | Computer Name = Nofluc-LAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.09.2012 14:29:46 | Computer Name = Nofluc-LAB | Source = Application Hang | ID = 1002
Description = Programm Internet Manager.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1340 Startzeit: 01cd97fa8fdd0feb Endzeit: 3 Anwendungspfad:
C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe Berichts-ID:
44cdc824-041a-11e2-97e2-0024be668b8e
Error - 28.09.2012 09:44:01 | Computer Name = Nofluc-LAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be02b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000003202d
ID
des fehlerhaften Prozesses: 0x1ae4 Startzeit der fehlerhaften Anwendung: 0x01cd9b14f5002824
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8f43b04a-0972-11e2-b950-0024be668b8e
Error - 28.09.2012 09:44:15 | Computer Name = Nofluc-LAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be02b Ausnahmecode: 0xc015000f Fehleroffset: 0x000000000006edda
ID
des fehlerhaften Prozesses: 0x1ae4 Startzeit der fehlerhaften Anwendung: 0x01cd9b14f5002824
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 972d4192-0972-11e2-b950-0024be668b8e
Error - 29.09.2012 12:38:52 | Computer Name = Nofluc-LAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.8.2985,
Zeitstempel: 0x4c3b43ea Name des fehlerhaften Moduls: in_wm.dll, Version: 0.0.0.0,
Zeitstempel: 0x4c3b4403 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006187 ID des fehlerhaften
Prozesses: 0xd24 Startzeit der fehlerhaften Anwendung: 0x01cd9e5d12052d4d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Winamp\Plugins\in_wm.dll Berichtskennung: 26b98ffc-0a54-11e2-b950-0024be668b8e
Error - 01.10.2012 17:01:44 | Computer Name = Nofluc-LAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x00000000000045ec
ID
des fehlerhaften Prozesses: 0x1ca0 Startzeit der fehlerhaften Anwendung: 0x01cd9d7f5f845a35
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 34110455-0c0b-11e2-b950-0024be668b8e
Error - 02.10.2012 04:40:26 | Computer Name = Nofluc-LAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be02b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000051da0
ID
des fehlerhaften Prozesses: 0x1d98 Startzeit der fehlerhaften Anwendung: 0x01cda01801537e38
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: cfe347ad-0c6c-11e2-b950-0024be668b8e
Error - 12.10.2012 08:39:25 | Computer Name = Nofluc-LAB | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.64.1403.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fec Startzeit:
01cda60ba66aeb5f Endzeit: 293 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
d3ab6623-1469-11e2-b0cb-0024be668b8e
Error - 25.10.2012 08:22:26 | Computer Name = Nofluc-LAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4448,
Zeitstempel: 0x4f563b00 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset:
0x63698ce3 ID des fehlerhaften Prozesses: 0x33b4 Startzeit der fehlerhaften Anwendung:
0x01cdb2ab4f74c4ca Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll Berichtskennung:
a23e0a16-1e9e-11e2-882b-0024be668b8e
Error - 14.11.2012 18:08:05 | Computer Name = Nofluc-LAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be02b Ausnahmecode: 0xc000041d Fehleroffset: 0x0000000000051da0
ID
des fehlerhaften Prozesses: 0xb0c Startzeit der fehlerhaften Anwendung: 0x01cdbf6dc82cfe0f
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c38316f2-2ea7-11e2-a7b3-0024be668b8e
Error - 21.11.2012 18:42:40 | Computer Name = Nofluc-LAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::writeIpc File: .\IPC\IPCDepot.cpp Line: 574 Invoked
Function: CIpcTransport::writeIpc Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::reportStates File: .\MainThread.cpp Line: 7055
Invoked
Function: CMainThread::reportStates Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4910
Invoked
Function: CMainThread::reportStates Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::internalReadSocket File: .\IPC\SocketTransport.cpp
Line:
1731 Invoked Function: WSARecv Return Code: 10053 (0x00002745) Description: Eine bestehende
Verbindung wurde softwaregesteuert durch den Hostcomputer abgebrochen.
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::readSocket File: .\IPC\SocketTransport.cpp
Line:
853 Invoked Function: CSocketTransport::internalReadSocket Return Code: -31522806
(0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
1226 Invoked Function: CSocketTransport::readSocket Return Code: -31522806 (0xFE1F000A)
Description:
SOCKETTRANSPORT_ERROR_READ
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522806
(0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10053 (0x00002745) Description: Eine bestehende
Verbindung wurde softwaregesteuert durch den Hostcomputer abgebrochen.
Error - 28.12.2012 08:38:42 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 28.12.2012 08:38:46 | Computer Name = Nofluc-LAB | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 28.12.2012 08:10:38 | Computer Name = Nofluc-LAB | Source = DCOM | ID = 10010
Description =
Error - 28.12.2012 08:37:19 | Computer Name = Nofluc-LAB | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst vpnagent erreicht.
Error - 28.12.2012 08:37:33 | Computer Name = Nofluc-LAB | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Internet Manager. OUC erreicht.
Error - 28.12.2012 08:37:33 | Computer Name = Nofluc-LAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 28.12.2012 08:37:38 | Computer Name = Nofluc-LAB | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 28.12.2012 08:38:40 | Computer Name = Nofluc-LAB | Source = DCOM | ID = 10005
Description =
Error - 28.12.2012 08:38:40 | Computer Name = Nofluc-LAB | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom PxHlpa64
Error - 28.12.2012 08:38:40 | Computer Name = Nofluc-LAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 28.12.2012 08:40:00 | Computer Name = Nofluc-LAB | Source = DCOM | ID = 10010
Description =
Error - 28.12.2012 09:18:47 | Computer Name = Nofluc-LAB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
< End of report >
|
|
28.12.2012, 20:35
| #5 |
| /// Helfer-Team | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-21-256449650-2887231433-326794205-1003..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
[2012.07.24 12:46:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Nofluc\*.tmp
C:\Users\Nofluc\AppData\Local\Temp\*.exe
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
29.12.2012, 18:00
| #6 |
| | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Hallo, also hier das OTL log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-256449650-2887231433-326794205-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
C:\ProgramData\z7_0ytr.pad moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Nofluc\*.tmp not found.
C:\Users\Nofluc\AppData\Local\Temp\AcDeltree.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\InstallerMessageBox.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\instmsia.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\instmsiw.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\NPSInstallerProxy.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\ose00001.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\rhrdk_20080527.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\setup.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\vcredist_x86_2005_SP1.exe moved successfully.
C:\Users\Nofluc\AppData\Local\Temp\WZCPlugin_VISTA.exe moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-41bb44d8-n folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-2b3ebcf0-n folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Nofluc\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Nofluc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nofluc\Desktop\cmd.bat deleted successfully.
C:\Users\Nofluc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Nofluc
->Temp folder emptied: 40041743915 bytes
->Temporary Internet Files folder emptied: 149563943 bytes
->FireFox cache emptied: 80763543 bytes
->Google Chrome cache emptied: 6337645 bytes
->Opera cache emptied: 74119943 bytes
->Flash cache emptied: 3074038 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302819969 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84895 bytes
RecycleBin emptied: 542170344 bytes
Total Files Cleaned = 39.292,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12292012_153556
Files\Folders moved on Reboot...
C:\Users\Nofluc\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DF08CDABBB5DD46EEB.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DF0DDCEB6A98D2F601.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DF3164B8111B8F14CE.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DF7116B98336D6D887.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DF71A9E0F22975585B.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DF78F8B0BAD2E21461.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DFA7059A8A90408AE2.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DFBDCB69869DEE6F69.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DFC3B2928A1B4FC3D5.TMP not found!
File\Folder C:\Users\Nofluc\AppData\Local\Temp\~DFDD22918D152CE3D0.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.29.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Nofluc :: NOFLUC-LAB [administrator]
29.12.2012 17:05:20
mbar-log-2012-12-29 (17-05-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 34454
Time elapsed: 24 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.103 - Datei am 29/12/2012 um 17:48:35 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzer : Nofluc - NOFLUC-LAB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nofluc\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\Plasmoo
Gelöscht mit Neustart : C:\ProgramData\Partner
Gelöscht mit Neustart : C:\Users\Nofluc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Gelöscht mit Neustart : C:\Users\Nofluc\AppData\Local\TempDir
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_b2d6abde968e6f277ddbfd501383e02
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v12.0 (de)
Datei : C:\Users\Nofluc\AppData\Roaming\Mozilla\Firefox\Profiles\32kgbn6x.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Nofluc\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\Nofluc\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gelöscht : application/x-winampx-1.0.0.1=,0
*************************
AdwCleaner[S1].txt - [2358 octets] - [29/12/2012 17:48:35]
########## EOF - C:\AdwCleaner[S1].txt - [2418 octets] ##########
|
|
30.12.2012, 09:39
| #7 |
| /// Helfer-Team | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Sehr gut!  ESET Online Scanner Vorbereitung
|
|
30.12.2012, 19:48
| #8 |
| | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Danke dir schonmal soweit! Die RunDLL Fehlermeldungen sind immernoch da (weißt du wahrscheinlich eh). Mir wird mehr freier Speicherplatz auf der Festplatte angezeigt. Kann das was damit zu tun haben? Hier die Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=792936794a8e884487a50561e62c505b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-30 06:31:46
# local_time=2012-12-30 07:31:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1035 16777213 100 97 20575 46552716 0 0
# compatibility_mode=5893 16776574 100 94 66823539 108522156 0 0
# scanned=604979
# found=1
# cleaned=1
# scan_time=14710
C:\Users\Nofluc\AppData\Local\9b6a69cb\U\80000000.@ Win64/Sirefef.V trojan (cleaned by deleting - quarantined) 04BBEF871D932AC496AB22726F67BFB8820AA537 C
|
|
31.12.2012, 09:17
| #9 |
| /// Helfer-Team | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
31.12.2012, 15:49
| #10 |
| | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Hallo, ich kann leider AVG nicht deaktivieren: 'Beim Speichern der Datei ist ein Fehler aufgetreten. Die angegebene Datei wurde nicht gefunden.' Soll ich ComboFix trotzdem ausführen? Danke |
|
31.12.2012, 17:01
| #11 |
| /// Helfer-Team | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Deinstalliere AVG und mache mit Combofix weiter. |
|
01.01.2013, 18:53
| #12 |
| | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Hallo, wenn ich ComboFix starten möchte kommt leider folgende Fehlermeldung: ''PFAD' konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.' |
|
01.01.2013, 19:07
| #13 |
| /// Helfer-Team | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Bitte mal ein Screenshot machen. Liegt CF auf dem Desktop? |
|
01.01.2013, 20:10
| #14 |
| | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Hallo, ich habe CF nochmal geladen. Jetzt hat es funktioniert. Hier die beiden LogDatein: Code:
ATTFilter ComboFix 13-01-01.02 - Nofluc 01.01.2013 19:41:04.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3959.2564 [GMT 1:00]
ausgeführt von:: c:\users\Nofluc\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Nofluc\AppData\Roaming\.#
c:\users\Nofluc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-01 bis 2013-01-01 ))))))))))))))))))))))))))))))
.
.
2013-01-01 18:54 . 2013-01-01 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 17:47 . 2013-01-01 17:47 -------- d-----w- c:\users\Nofluc\AppData\Roaming\AVG2013
2013-01-01 17:46 . 2013-01-01 17:46 -------- d-----w- c:\users\Nofluc\AppData\Roaming\TuneUp Software
2013-01-01 17:45 . 2013-01-01 18:34 -------- d-----w- c:\programdata\AVG2013
2013-01-01 17:42 . 2013-01-01 17:42 -------- d-----w- c:\users\Nofluc\AppData\Local\MFAData
2013-01-01 17:42 . 2013-01-01 17:42 -------- d-----w- c:\users\Nofluc\AppData\Local\Avg2013
2012-12-31 18:04 . 2012-12-31 18:04 -------- d-----w- c:\users\Nofluc\AppData\Local\Diagnostics
2012-12-29 14:35 . 2012-12-29 14:35 -------- d-----w- C:\_OTL
2012-12-28 13:01 . 2012-12-28 13:01 -------- d-----w- c:\users\Nofluc\AppData\Roaming\Malwarebytes
2012-12-28 13:01 . 2012-12-28 13:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 13:01 . 2012-12-28 13:01 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 13:01 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-27 12:05 . 2012-12-27 12:05 -------- d-----w- c:\users\Nofluc\AppData\Local\Inkling
2012-12-27 12:05 . 2012-12-27 12:05 -------- d-----w- c:\program files (x86)\Wacom
2012-12-22 23:05 . 2012-12-22 23:05 -------- d-----w- c:\users\Nofluc\AppData\Roaming\Naturalsoft
2012-12-22 23:05 . 2012-12-22 23:05 -------- d-----w- c:\program files (x86)\naturalsoft
2012-12-22 23:04 . 2012-12-22 23:04 -------- d-----w- c:\programdata\NaturalSoft
2012-12-16 12:37 . 2012-12-16 12:37 -------- d-----w- c:\programdata\Caphyon
2012-12-16 12:37 . 2012-12-24 15:01 -------- d-----w- c:\program files (x86)\No23 Recorder
2012-12-12 11:21 . 2012-12-12 11:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-12 11:20 . 2012-12-12 11:20 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-05 12:45 . 2012-12-05 12:45 -------- d-----w- c:\program files (x86)\simfy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 15:23 . 2012-09-25 08:05 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 15:23 . 2011-12-01 14:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 11:20 . 2012-09-12 10:39 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-12 11:20 . 2010-05-14 07:20 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2003-11-03 16:07 . 2004-04-23 16:06 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-11-03 16:07 . 2004-04-23 16:06 348160 ----a-w- c:\program files (x86)\msvcr71.dll
2003-05-30 08:22 . 2003-09-08 08:09 344064 ----a-r- c:\program files (x86)\msvcr70.dll
2002-01-05 02:40 . 2003-09-08 08:09 487424 ----a-w- c:\program files (x86)\msvcp70.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-17 26624]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-02-15 417792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"sketchmanager"="c:\program files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe" [2012-10-17 3662336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-30 18:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-09-14 224096]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-09-14 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-09-14 13952]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-03 1431888]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 13688]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-09-14 98816]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-09-14 28672]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-09-14 212992]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-24 244736]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [2009-12-03 6400]
R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [2009-12-03 240640]
R3 qcusbsersny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [2009-12-03 121216]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-12 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-12 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-12 159208]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 65912]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 15736]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-09-14 16512]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 25120]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-01-28 344928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-03 330488]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-10-29 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-10-29 76800]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2009-10-29 312784]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-09-09 106408]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-09-14 86016]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-11 151936]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-10-08 62464]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 15:23]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-17 08:23]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-17 08:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-20 13:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-20 13:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-07 9636896]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-17 171520]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 163552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5698BBCF-AC45-4319-A1DF-05F2BBED671E}: NameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{60F9DA29-E583-4FFD-8238-A474DBE77809}: NameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{D9321920-A43D-44A4-9201-F99903E24A9B}: NameServer = 10.74.210.210 10.74.210.211
FF - ProfilePath - c:\users\Nofluc\AppData\Roaming\Mozilla\Firefox\Profiles\32kgbn6x.default\
FF - ExtSQL: 2012-12-30 19:54; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-VAIO screensaver - c:\program files (x86)\VAIO screensavers\VAIO_generic_screensaver.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-01 19:58:16
ComboFix-quarantined-files.txt 2013-01-01 18:58
.
Vor Suchlauf: 13 Verzeichnis(se), 47.799.058.432 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 47.512.682.496 Bytes frei
.
- - End Of File - - BCDCF1D66C3929F48CDC557010600ABB
Code:
ATTFilter Acrobat.com Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Recommended Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Extra Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Contribute CS4 Adobe Creative Suite 4 Master Collection Adobe CS4 American English Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI others Adobe Flash CS4 STI-other Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Reader 9.2 - Deutsch Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Soundbooth CS4 Adobe Soundbooth CS4 Codecs Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Apple Application Support Arasan 12.0 ArcSoft WebCam Companion 3 Artlantis Studio 3.0.6 ASGvis Material Studio AudibleManager Autodesk Content Service Autodesk Material Library 2012 Autodesk Material Library Base Resolution Image Library 2012 Business Contact Manager für Outlook 2007 Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client ClassicPro© v1.15 Connect Crimson Editor SVN263 DivX-Setup FARO LS 1.1.406.58 FileZilla Client 3.2.7.1 Found Screensaver 2 Screensaver Free DVD Video Converter version 1.5.13.426 Free YouTube to MP3 Converter version 3.11.32.918 Google Earth Google SketchUp Pro 8 Google Update Helper ID3 Tag Editor 1.0 Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Intel(R) Turbo Boost Technology Driver Internet Manager Java 7 Update 10 Java Auto Updater Java(TM) 6 Update 38 Junk Mail filter update K-Lite Mega Codec Pack 6.2.0 KeyShot From Rhino KeyShot2 2.0 32 bit kuler Live 8.2.6 Magic Bullet Editors 2.0 Premiere Magic Bullet Looks PPro Magic Bullet Suite 2.0 Magic Bullet Suite 2.1 Malwarebytes Anti-Malware Version 1.70.0.1100 Microsoft Choice Guard Microsoft Office Access MUI (German) 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft VC80 Support DLLs Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 12.0 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NaturalReaderFree No23 Recorder OneClick Internet Opera 12.12 PDF Settings CS4 Photoshop Camera Raw Picasa 3 Pixel Bender Toolkit Qualcomm Gobi 2000 Package for Sony QuickTime RAF RarZilla Free Unrar RAW FILE CONVERTER EX powered by SILKYPIX Realtek High Definition Audio Driver Rhino RDK Rhinoceros 4.0 Rhinoceros 4.0 SR3 Rhinoceros 4.0 SR4 Rhinoceros 4.0 SR4b Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Samsung New PC Studio Screenshot Captor 2.102.01 SecureW2 EAP Suite 1.1.3 for Windows Setting Utility Series simfy Skype™ 4.2 Stellarium 0.10.6.1 Suite Shared Configuration CS4 T-Splines for Rhino TIMELOOK Screen Saver Uninstall 1.0.0.1 Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) V-Ray for Rhinoceros VAIO-Support für Übertragungen VAIO Care VAIO Control Center VAIO Data Restore Tool VAIO Energie Verwaltung VAIO Event Service VAIO Gate VAIO Gate Default VAIO Hardware Diagnostics VAIO Marketing Tools VAIO Premium Partners VAIO screensaver VAIO Smart Network VAIO Update 5 VAIO Wallpaper Contents VC80CRTRedist - 8.0.50727.4053 Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables VLC media player 1.0.3 WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin Winamp Winamp Detector Plug-in Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Sync Windows Live Writer Word Clock Xvid 1.2.2 final uninstall |
|
02.01.2013, 08:51
| #15 |
| /// Helfer-Team | RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
| Themen zu RunDLL Dateien fehlen nach Entfernen von GVU-Trojaner |
| appdata, beim starten, c:\windows, dateien, dll -, entfernen, fehlermeldungen, festplatte, foren, gen, gvu trojaner, hardware, hijack, hijack this, modul, platte, problem, problem beim starten von c, rundll, start, start von windows, starten, system, system32, temp, win64/sirefef.v, windows |
Linear-Darstellung
